– with captchas, multi factor authentication, email verifications and so much more at disposal how are the biggest social platforms still riddled with bots in high percentages ?


– with captchas, multi factor authentication, email verifications and so much more at disposal how are the biggest social platforms still riddled with bots in high percentages ?

In: Technology

A lot of these processes can be done programmatically. Often times its more of an annoying hindrance than an impassable boundary.

Bots can be written to handle multi factor authentication and email verifications. And it is possible to hire people who solves captchas for bots all day. But a lot of social media platforms will actually promote the use of bots as they do add functionality and integration to their site which makes people want to use it more. For example look at the bots which will post a link to your blog whenever you post a new blog post. If the platforms disabled these bots then it is unlikely that you would post a link manually to all your social media platforms and you would only post it to a couple of them. This would make people move to those platforms instead. So the social media platforms risks loosing users if they disable good bots. However it is very hard to distinguish a bot posting links to new blog posts or status updates and bots posting misinformation. This is something which requires intelligent people who have time to sift through these posts and their contexts. There is no way for a computer algorithm to distinguish good and bad bots.

All those technologies are an attempt to verify if a request is from a human. They can be solved by an AI trained for this purpose, or maybe even easier, there are services which you can hire to complete them for you. Usually around 1000 requests for a dollar.

Modern Captchas are part trying to filter out bots, and part trying to train the next generation of smarter bots. Have you noticed that you’re often asked to identify street signs or check all the boxes with cars? These are exactly the challenges currently facing automated driving cars.

If doing those tasks was so easy anyone with a botnet could do it, automated driving would be cheap. Since it currently isn’t a trivial task, coming up with a bot net capable of picking out where cars are in a photo is prohibitively expensive for most but not all bot nets. Anyone with a neural network trained well enough to do those tasks will charge a premium for such, and creating one from scratch would require a whole lot of people clicking where the cars are on an image.

When companies like google set their captchas on the bleeding edge of what challenges AI are currently trying to solve, they not only filter out low funded bot nets, but improve their own AI by training it to do better. It is only a matter of time before technology catches up with the bar set though, at which point the bar will have to be moved higher.

The ‘defending side’ is always at a disadvantage. The bot maker only has to find one vulnerability that lets them circumvent the defenses. The defender has to find and block all vulnerabilities.

Multi-factor authentication doesn’t stop a bot and isn’t meant to.

Email verification is even less likely to stop a bot and isn’t meant to.

For captchas, the old captchas like writing the text of an image are now next to useless. Google’s newer Recaptcha isn’t perfect, if 1% of a bot’s attempts get through and it tries to create a million accounts, that’s still 10,000 accounts. Not to mention, if the captcha is used only rarely, then a team of humans can be called upon to solve the captchas when they show up.