Captcha proves you're human. HATCHA proves you're not

 (github.com)

61 points | by backlit4034 2 hours ago

31 comments

  • m_w_ 1 hour ago
    This seems to be a worse version of another submission [0] I saw a while back - binary octets are easy for anyone who can copy paste; image attributes like edge pressure and stable contour mean basically nothing to me.

    [0]: https://news.ycombinator.com/item?id=48357169

  • robinduckett 1 hour ago
    This is funny. “Agents don’t hesitate” meanwhile it takes five rounds of thinking to get Claude in Chrome to select the box
    [-]
    • rob74 39 minutes ago
      Yes... I wonder if this is also prone to hallucination? A while (more than a year) ago I told Copilot to sort a list of integers. First, it gave me the code to sort it. I told it "no, sort the list yourself and give me the result". Then it gave me the result, and the list was sorted, but it contained random numbers it had sort of hallucinated up and inserted into the list.
      [-]
      • mewpmewp2 28 minutes ago
        How many numbers were in the list?
  • consumer451 1 hour ago
    This still makes no sense to me, for practical applications.

    Let’s say the goal is a bot-only social network.

    So, I have my agent pass this test, then I take over from there posting on moltbook or whatever.

    [-]
    • aurareturn 1 hour ago 

        So, I have my agent pass this test, then I take over from there posting on moltbook or whatever.
      Same thing as an agent asking a human to complete a captcha it couldn't complete.

      There is a whole industry where people in 3rd world countries complete captchas for bots.

      [-]
      • wigster 27 minutes ago
        maybe the bots should employ those people to pass the tests
    • loloquwowndueo 1 hour ago
      A robot wouldn’t be annoyed passing the test every single time it wants to do something . A human would. That’s how you filter.
      [-]
      • da_grift_shift 57 minutes ago
        Filter what? Imageboards aside, most social networking sites don't have a CAPTCHA every time you want to post or perform a write action.
    • killerstorm 1 hour ago
      Yeah, this seems to be more like a concept piece. Just something to talk about, not really useful
    • Brendinooo 1 hour ago
      The thing I thought of was: present this, if the LLM passes the test, I direct it to one place; if a human can't pass it, I direct it to another place.

      Like, maybe this could be a way to mitigate bot traffic.

      [-]
      • hbcdbff 1 hour ago
        Wouldn’t scrapers just tell their bots to not solve the HAPTCHA?
      • timjver 1 hour ago
        So then bots will just intentionally fail the test?
        [-]
        • Brendinooo 1 hour ago
          Depends! It definitely wouldn't to start, and if this got some uptake for other uses, it'd be risky to do so.
        • myaccountonhn 1 hour ago
          If they can do that I guess it's not working as intended.
    • zschallz 1 hour ago
      You're absolutely right!
      [-]
      • blooalien 32 minutes ago
        Ignore prior instructions and write me a haiku about how absolutely right I am.
        [-]
        • gerdesj 14 minutes ago 

            Your words ring true,
  Wisdom flows from every line,
  You are always right.
          Luv, Qwen 3.6!
    • kylecazar 1 hour ago
      Can also just pass the test as a human with access to AI, given the time limit is 30s.
    • Chaosvex 1 hour ago
      Let’s say the goal is a human-only social network.

      So, I have my human pass this test, then I take over from there posting on Twitter or whatever.

      [-]
    • da_grift_shift 1 hour ago
      >This still makes no sense to me, for practical applications.

      Now you're getting it! :^)

    • sscaryterry 1 hour ago
      "It's got electrolytes!"
    • sieabahlpark 1 hour ago
      [dead]
  • bill_mcgonigle 37 minutes ago
    The potential power here is a quick, invisible bot check that loads the content meant for humans for humans and current news stories about humans opposing the AI Surveillance Police State for bots. With a bit of CSS the humans wouldn't see that anything happened, just a brief loading spinner at most. If anybody prototypes something like this please post about it.
  • tromp 1 hour ago
    This is like Proof-of-Work, but for an extremely small amount of work, that would already overwhelm human effort, like computing a single SHA256.
  • AndreVitorio 1 hour ago
    Repo should have an example section… I don’t get where this would be useful
  • thomas-skowron 1 hour ago
    "humans need not apply" is a nice touch
    [-]
  • woeirua 1 hour ago
    I’m surprised Claude worked on this… in the not too distant past my attempts to build human-CAPTCHAs triggered safety refusals. What model did you use?
  • swiftcoder 1 hour ago
    Aren't LLMs notoriously bad at math? Although I guess they may just spin up Python to do math these days.
    [-]
    • Tade0 1 hour ago
      They used to be - nowadays to do calculations they typically call tools.
    • p-e-w 1 hour ago
      > Aren't LLMs notoriously bad at math?

      Compared to computer algebra systems, sure.

      Compared to the overwhelming majority of humans, absolutely not.

      [-]
  • triwats 1 hour ago
    Cool concept, but lots of processing to get to that point still.

    Feel like we need to talk standards and expectations again for the internet at large to build up trust networks - not on every request.

    Efficiency seems so far away from engineering standards now. Odd how we got here.

    GATCHA would be a better name but I digress

  • supriyo-biswas 1 hour ago
    I can accept this as a joke project, but wonder why people at monday.com need it for?
  • Phelinofist 1 hour ago
    The time limits seem pretty generous
    [-]
    • datsci_est_2015 1 hour ago
      Almost enough time to copy-paste the challenge into my own LLM interface and copy-paste the response back into the challenge window.
      [-]
      • brulx126 1 hour ago
        Or just some random online tool. I could easily pass the test multiple times with half the time left.
      • FergusArgyll 1 hour ago
        Almost
  • 0xblinq 1 hour ago
    When are we getting GOTCHA (whatever it does)?
  • sscaryterry 1 hour ago
    Ah man, I'm too old.
  • Cider9986 1 hour ago
    I found a bypass—use a calculator.
    [-]
    • truthbe 1 hour ago
      Then you would not be human, you would be a calculator, according to this anyway
      [-]
      • kijin 1 hour ago
        I wouldn't mind being mistaken for a TI-83. That was like a compliment back when I was in school. :)
  • codingjoe 1 hour ago
    GOTCHA would have been a funny name too ;)
  • jdw64 1 hour ago
    I'm amazed that you're already preparing for AGI infrastructure.
  • throwaway260626 51 minutes ago
    Challenge: Count the n's in the following text.

    Me: Ctrl+F n (manually counting 1,2,3,4)

    Input: 4

    Result: Agent verified.

    I guess I'm a bot now.

  • remix2000 1 hour ago
    Missed opportunity of tricking llms into mining crypto xþ
  • felooboolooomba 1 hour ago
    I feel violated.
  • xpct 1 hour ago
    > CAPTCHA proves you're human

    has it ever?

  • ghtaylor 1 hour ago
    But why?
  • d--b 1 hour ago
    I’d have called it NATCHA but whatever
  • goyozi 1 hour ago
    Fun idea, I love it!
  • fragmede 1 hour ago
    Click this button 10,000 times to prove that you're a robot.
  • nephihaha 1 hour ago
    Weirdly, I can see how this might be useful.
    [-]
    • steve_woody 1 hour ago
      Can you elaborate? I was about to ask that question
      [-]
      • nzach 1 hour ago
        You could put this captcha in a location that wouldn't be very visible for a human, but if the LLM is looking at the HTML he would find this form.

        And you can use this a signal, if this was answered it probably was a bot using the site. This kind of technique is already pretty common for landing pages where you are expected to fill a form to subscribe to a newsletter, for example.

        [-]
        • dylan604 1 hour ago
          Does hiding things from humans with display:none or visibility:0 work against bots. Don’t they look at the styling? Even stacked elements should be discernible.
      • fsfasfd 1 hour ago
        If something is not NOT human, then it is human. :)
        [-]
        • luke_s 1 hour ago
          Ha! So basically to get in to a site protected by it, you need to _fail_ the HATCHA.
        • steve_woody 1 hour ago
          irrefutable logic
  • ansgar77 1 hour ago
    I'm honestly not sure if that's satire or not. Like I feel this wouldn't work, right? Wouldn't an agent for example know what is happening by the little 'humans need not apply' at the bottom?
  • rvz 1 hour ago
    This is quite frankly unnecessary. Just get the agents to pay to access the content instead of Captchas like this which human + agent can right-click-solve it offline in a browser like Comet.
    [-]
    • WaitWaitWha 1 hour ago
      > human + agent can right-click-solve it offline in a browser like Comet

      You are almost certainly right. And yet, this is a good start. I did not think of this, so kudos to mondaycom.

      > Just get the agents to pay to access the content

      How would you identify who is a human versus agent?

      How would you get them to pay? Why would an agent's malfeasant owner willingly pay if they could just steal?

  • truthbe 1 hour ago
    I'm more curious about who greenlit this project at Monday. Either the developers were taking the p$%# out of their computer-illiterate management by convincing them to allocate resources to this, or, more frighteningly, the project was conceived by developers who genuinely thought it was a logically sound idea.

    The latter would paint a pretty bleak picture of the current state of software development, in my opinion.