yeah, a sufficiently motivated attacker can deploy some countermeasures to bypass it, but only really worth it for targeted attacks. Anyone who has a form on the internet knows that without any sort of captcha, you get lots of stupid bots just typing in jumbo. Likely you could tone back the captchas and still get a similar result in stopping the dumb bots[0]
[0] on my contact page my email is protected via a custom cypher. if the bots execute javascript and wait 0.5s they can read it, but most don't. It’s the dumbest PoW imaginable, but it works
> Anyone who has a form on the internet knows that without any sort of captcha, you get lots of stupid bots just typing in jumbo.
I recall a form of "CAPTCHA" that involved a text input which was hidden via CSS, but which bots would fill in anyway. Any text in the input caused the entire form to be rejected. I wonder if that style still works today.
I've had an issue with this approach -- many browsers (via autofill/autocomplete) and many password managers (when filling in password, e-mail, etc.) tend to also get trapped in this honeypot... The spam does still get stopped though.
Nice one! I guess you mainly need to get above a certain novelty
threshold, because all ML is based on what has already been
seen/learned rather than actually outsmarting the defence.
[0] on my contact page my email is protected via a custom cypher. if the bots execute javascript and wait 0.5s they can read it, but most don't. It’s the dumbest PoW imaginable, but it works