The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.

That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.

All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.

During a high school English class, we had a section on fairytales and their origins in old European folklore (think stories that inspired The Witcher, the gorier version of Cinderella, etc.)

One of the assignments was to write our own short fairytales, but apparently I was the only person that got a memo that these should have a darker style and tone as well… I don’t remember the whole of what I wrote, only that it involved trying to kill a witch, if you failed you died, and the winning method was using a pencil (this was 3-4 years before John Wick).

After I read it to the entire class… well if there wasn’t a whispered “WTF” to break the silence, there should’ve been.

I think I got a B minus.

Carmy: “Cooking is not fun for me.”

Richie: “Yeah, but you love it.”

Carmy: “That doesn’t mean it’s fun.”

Richie: “If this shit is not fun for you, Cousin,what the fuck is fun for you?”

– The Bear, S2 E1