So now spammers will use botnets… Oh wait, they already do.
They already have the botnets. Now they need to use those end-user machines as proxies, using the credentials already on the machine. They just need to figure out the other parameters: maybe it's running js code ? Then you can use a browser engine/selenium). Maybe it's the click pattern ? Just generate the json data and send it. They can even apply the same machine learning techniques to figure out the best way to circumvent the captchas.
Yeah, I feel like it won't be too long before spammers start finding ways to emulate users without having to solve any CAPTCHAs. Google is likely going to need to switch their 98%/2% to something more like 80%/20% (that is, 20% of users will still need to enter CAPTCHAs).
I am using a small tool that I wrote to integrate Google Keep and other Google stuff with KRunner and so on, and this tool (essentially being a dumb bot) also passes all the Captchas.
I’d say malicious authors would have it really easy now.
They already have the botnets. Now they need to use those end-user machines as proxies, using the credentials already on the machine. They just need to figure out the other parameters: maybe it's running js code ? Then you can use a browser engine/selenium). Maybe it's the click pattern ? Just generate the json data and send it. They can even apply the same machine learning techniques to figure out the best way to circumvent the captchas.
And the escalation continues.