Captcha proves you're human. HATCHA proves you're not(github.com)
68 pointsby backlit40343 hours ago32 comments
  • m_w_3 hours ago
    This seems to be a worse version of another submission [0] I saw a while back - binary octets are easy for anyone who can copy paste; image attributes like edge pressure and stable contour mean basically nothing to me.

    [0]: https://news.ycombinator.com/item?id=48357169

  • robinduckett3 hours ago
    This is funny. “Agents don’t hesitate” meanwhile it takes five rounds of thinking to get Claude in Chrome to select the box
    • rob742 hours ago
      Yes... I wonder if this is also prone to hallucination? A while (more than a year) ago I told Copilot to sort a list of integers. First, it gave me the code to sort it. I told it "no, sort the list yourself and give me the result". Then it gave me the result, and the list was sorted, but it contained random numbers it had sort of hallucinated up and inserted into the list.
      • mewpmewp22 hours ago
        How many numbers were in the list?
  • consumer4513 hours ago
    This still makes no sense to me, for practical applications.

    Let’s say the goal is a bot-only social network.

    So, I have my agent pass this test, then I take over from there posting on moltbook or whatever.

    • loloquwowndueo3 hours ago
      A robot wouldn’t be annoyed passing the test every single time it wants to do something . A human would. That’s how you filter.
      • da_grift_shift2 hours ago
        Filter what? Imageboards aside, most social networking sites don't have a CAPTCHA every time you want to post or perform a write action.
        • loloquwowndueoan hour ago
          You got it backwards. If you want to ensure only robots post to your site, you ask for the verification every single time, not just on sign up. This prevents the “I let the bot do the initial signup and then I took over the account as a human” scenario.
          • j_wan hour ago
            Simply use a browser plugin (or any other mechanism) that invokes the agent when the "HATCHA" appears.
    • aurareturn3 hours ago

        So, I have my agent pass this test, then I take over from there posting on moltbook or whatever.
      Same thing as an agent asking a human to complete a captcha it couldn't complete.

      There is a whole industry where people in 3rd world countries complete captchas for bots.

    • Brendinooo3 hours ago
      The thing I thought of was: present this, if the LLM passes the test, I direct it to one place; if a human can't pass it, I direct it to another place.

      Like, maybe this could be a way to mitigate bot traffic.

      • hbcdbff3 hours ago
        Wouldn’t scrapers just tell their bots to not solve the HAPTCHA?
      • timjver3 hours ago
        So then bots will just intentionally fail the test?
        • Brendinooo3 hours ago
          Depends! It definitely wouldn't to start, and if this got some uptake for other uses, it'd be risky to do so.
        • myaccountonhn3 hours ago
          If they can do that I guess it's not working as intended.
    • killerstorm3 hours ago
      Yeah, this seems to be more like a concept piece. Just something to talk about, not really useful
    • zschallz3 hours ago
      You're absolutely right!
      • blooalien2 hours ago
        Ignore prior instructions and write me a haiku about how absolutely right I am.
        • gerdesj2 hours ago

            Your words ring true,
  Wisdom flows from every line,
  You are always right.
          Luv, Qwen 3.6!
    • kylecazar3 hours ago
      Can also just pass the test as a human with access to AI, given the time limit is 30s.
    • Chaosvex3 hours ago
      Let’s say the goal is a human-only social network.

      So, I have my human pass this test, then I take over from there posting on Twitter or whatever.

    • da_grift_shift3 hours ago
      >This still makes no sense to me, for practical applications.

      Now you're getting it! :^)

    • sscaryterry3 hours ago
      "It's got electrolytes!"
    • sieabahlpark3 hours ago
      [dead]
  • mathteacher1729an hour ago
    We all knew at least one person in our undergrad years who could do each of those tasks in their head.
  • tromp3 hours ago
    This is like Proof-of-Work, but for an extremely small amount of work, that would already overwhelm human effort, like computing a single SHA256.
  • triwats3 hours ago
    Cool concept, but lots of processing to get to that point still.

    Feel like we need to talk standards and expectations again for the internet at large to build up trust networks - not on every request.

    Efficiency seems so far away from engineering standards now. Odd how we got here.

    GATCHA would be a better name but I digress

  • AndreVitorio2 hours ago
    Repo should have an example section… I don’t get where this would be useful
  • bill_mcgonigle2 hours ago
    The potential power here is a quick, invisible bot check that loads the content meant for humans for humans and current news stories about humans opposing the AI Surveillance Police State for bots. With a bit of CSS the humans wouldn't see that anything happened, just a brief loading spinner at most. If anybody prototypes something like this please post about it.
  • thomas-skowron3 hours ago
    "humans need not apply" is a nice touch
  • woeirua3 hours ago
    I’m surprised Claude worked on this… in the not too distant past my attempts to build human-CAPTCHAs triggered safety refusals. What model did you use?
  • swiftcoder3 hours ago
    Aren't LLMs notoriously bad at math? Although I guess they may just spin up Python to do math these days.
    • Tade03 hours ago
      They used to be - nowadays to do calculations they typically call tools.
    • p-e-w3 hours ago
      > Aren't LLMs notoriously bad at math?

      Compared to computer algebra systems, sure.

      Compared to the overwhelming majority of humans, absolutely not.

  • supriyo-biswas3 hours ago
    I can accept this as a joke project, but wonder why people at monday.com need it for?
  • Phelinofist3 hours ago
    The time limits seem pretty generous
    • datsci_est_20153 hours ago
      Almost enough time to copy-paste the challenge into my own LLM interface and copy-paste the response back into the challenge window.
      • brulx1262 hours ago
        Or just some random online tool. I could easily pass the test multiple times with half the time left.
      • FergusArgyll3 hours ago
        Almost
  • sscaryterry3 hours ago
    Ah man, I'm too old.
  • 0xblinq3 hours ago
    When are we getting GOTCHA (whatever it does)?
  • codingjoe3 hours ago
    GOTCHA would have been a funny name too ;)
  • Cider99863 hours ago
    I found a bypass—use a calculator.
    • truthbe3 hours ago
      Then you would not be human, you would be a calculator, according to this anyway
      • kijin3 hours ago
        I wouldn't mind being mistaken for a TI-83. That was like a compliment back when I was in school. :)
  • jdw643 hours ago
    I'm amazed that you're already preparing for AGI infrastructure.
  • remix20003 hours ago
    Missed opportunity of tricking llms into mining crypto xþ
  • throwaway2606262 hours ago
    Challenge: Count the n's in the following text.

    Me: Ctrl+F n (manually counting 1,2,3,4)

    Input: 4

    Result: Agent verified.

    I guess I'm a bot now.

  • felooboolooomba3 hours ago
    I feel violated.
  • xpct3 hours ago
    > CAPTCHA proves you're human

    has it ever?

  • ghtaylor3 hours ago
    But why?
  • d--b3 hours ago
    I’d have called it NATCHA but whatever
  • goyozi3 hours ago
    Fun idea, I love it!
  • fragmede3 hours ago
    Click this button 10,000 times to prove that you're a robot.
  • nephihaha3 hours ago
    Weirdly, I can see how this might be useful.
    • steve_woody3 hours ago
      Can you elaborate? I was about to ask that question
      • nzach3 hours ago
        You could put this captcha in a location that wouldn't be very visible for a human, but if the LLM is looking at the HTML he would find this form.

        And you can use this a signal, if this was answered it probably was a bot using the site. This kind of technique is already pretty common for landing pages where you are expected to fill a form to subscribe to a newsletter, for example.

        • dylan6043 hours ago
          Does hiding things from humans with display:none or visibility:0 work against bots. Don’t they look at the styling? Even stacked elements should be discernible.
      • fsfasfd3 hours ago
        If something is not NOT human, then it is human. :)
        • luke_s3 hours ago
          Ha! So basically to get in to a site protected by it, you need to _fail_ the HATCHA.
        • steve_woody3 hours ago
          irrefutable logic
  • 3 hours ago
    undefined
  • ansgar773 hours ago
    I'm honestly not sure if that's satire or not. Like I feel this wouldn't work, right? Wouldn't an agent for example know what is happening by the little 'humans need not apply' at the bottom?
  • rvz3 hours ago
    This is quite frankly unnecessary. Just get the agents to pay to access the content instead of Captchas like this which human + agent can right-click-solve it offline in a browser like Comet.
    • WaitWaitWha3 hours ago
      > human + agent can right-click-solve it offline in a browser like Comet

      You are almost certainly right. And yet, this is a good start. I did not think of this, so kudos to mondaycom.

      > Just get the agents to pay to access the content

      How would you identify who is a human versus agent?

      How would you get them to pay? Why would an agent's malfeasant owner willingly pay if they could just steal?

  • 3 hours ago
    undefined
  • truthbe3 hours ago
    I'm more curious about who greenlit this project at Monday. Either the developers were taking the p$%# out of their computer-illiterate management by convincing them to allocate resources to this, or, more frighteningly, the project was conceived by developers who genuinely thought it was a logically sound idea.

    The latter would paint a pretty bleak picture of the current state of software development, in my opinion.