The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.
That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.
All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.
It checks user agent to see if you are using something generic in a user agent switcher. It gives me fits sometimes if I leave it on chrome from Firefox too long.
The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.
That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.
All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.
It checks user agent to see if you are using something generic in a user agent switcher. It gives me fits sometimes if I leave it on chrome from Firefox too long.