Just one month ago, Lemmy didn't have CAPTCHAs, and we were hit by so many script-kiddies that signups to https://lemmy.world had to be disabled.
The hackers who will create thousands-of-accounts and make thousands-of-spam posts are largely low-quality hackers who don't know how to make an AI bot. Proof? When the Admins added the dumbest of CAPTCHAs to https://lemmy.world, those fake-signups stopped.
CAPTCHAs work, at least at the level that lemmy.world is at. We'll have to get better as we get more popular but there's an ocean of difference from wget/curl script-kiddie and AI-using bot master.
Yeah, they still work somewhat as in they raise the bar on how complex the bot needs to be.
Believe me, there's tons of spammers out there that have captcha cracking bots. They're just not as dumb as the basic skiddie that can barely make a http POST.
Captcha's were supposed to separate bots from humans. Now it separates simple bots from complex bots.
Oh, and as a bonus, a lot of places hire people to create accounts and post spam for pennies.
It's a very bad decision to not implement CAPTCHA when you are going to allow signups.
There's always someone that will take advantage of this and annoy you with constant sign ups.
I've been saying for a while now that the actual test should be that you miss a couple. If you can look at a this 4 nanometer picture of what is either a bird, a sofa, or the titanic, and correctly tell me if it has part of one pedal from a bicycle in it, you're a robot.
That's already built in. If you answer too quickly or too accurately (with the pictures at least), it will give you another one. Best way to beat this is to select an incorrect answer and then deselect it before submitting
Furthermore the bots’ solving times are significantly lower in all cases, except reCAPTCHA, where human solving time of 18 seconds is nearly similar to the bots’ time of 17.5 seconds.
Due to this solving time captchas still provide an easy method how to reduce spammy request count. Also kind of doubt it is super easy to create your own setup that would bypass captchas so everyone could do this, but there probably are 3rd party services exactly for this.
Countless services exist where you can buy captcha solving, though currently it's done by actual humans in developing countries for tiny pay. Yet another job that's going to soon be replaced by AI, though this time it almost certainly will result in some people starving to death.
You're not going to get me to feel any sympathy for the dying market of paid human bad faith internet actor.
It would be like acting sad if improvements to the phone system's security resulted in spoofing numbers no longer being possible and putting phone scammers out of business.