You might have noticed that there are fewer buses in squares and traffic lights in squares. Where are all the Captchas? CC-licensed photo by Becky Stern on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. Not a robot. I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. On Bluesky: @charlesarthur.bsky.social. Observations and links welcome.
The curious case of the bizarre, disappearing Captcha • WIRED
Reece Rogers:
»
As I browse the web in 2025, I rarely encounter captchas anymore. There’s no slanted text to discern. No image grid of stoplights to identify.
And on the rare occasion that I am asked to complete some bot-deterring task, the experience almost always feels surreal. A colleague shared recent tests where they were presented with images of dogs and ducks wearing hats, from bowler caps to French berets. The security questions ignored the animal’s hats, rudely, asking them to select the photos that showed animals with four legs.
Other puzzles are hyper-specific to their audience. For example, the captcha for Sniffies, a gay hookup site, has users slide a jockstrap across their smartphone screen to find the matching pair of underwear.
So, where have all the captchas gone? And why are the few existing challenges so damn weird? I spoke with cybersecurity experts to better understand the current state of these vanishing challenges and why the future will probably look even more peculiar.
“When the captcha was first invented, the idea was that this was literally a task a computer could not do,” says Reid Tatoris, who leads Cloudflare’s application security detection team. The term captcha—Completely Automated Public Turing test to tell Computers and Humans Apart—was coined by researchers in 2003 and presented as a way to protect websites from malicious, nonhuman users.
…in 2022, Cloudflare dropped Turnstile, another reCaptcha alternative. It was an additional major move away from human-completed tests and toward pattern-based usage analysis. Similar to the standard version of reCaptcha, Turnstile can be added to websites for free. You might not remember the name, but you’ve likely encountered one of these Turnstile challenges before. It’s the random-seeming request to click on a box to prove you’re human.
On the user end, Turnstile appears sometimes as a basic checkbox, but it’s more complicated than that. “Clicking the button doesn’t at all mean you pass,” says Tatoris. “That is a way for us to gather more information from the client, from the device, from the software to figure out what’s going on.” After gathering data, then a decision is made about whether the user is allowed to access the site.
Leading companies have a clear reason for the gratis implementation of their security software. “Cloudflare gives Turnstile away for free to the whole internet because we want more training data,” says Tatoris. “We see 20% of all HTTP requests across the internet. So, getting that massive training data set helps us know what a human looks like on the page versus what a bot does.”
«
DeFi protocol Balancer hit by multimillion-dollar exploit • CoinTelegraph
Zoltan Vardai:
»
The decentralized exchange (DEX) and automated market maker (AMM) Balancer has been exploited, with more than $116m worth of digital assets transferred to a newly created wallet.
“We’re aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority,” the Balancer team said in a Monday X post, adding that it will share more updates as information becomes available.
Onchain data initially showed that the decentralized finance (DeFi) protocol was exploited for $70.9m worth of liquid staked Ether tokens transferred to a fresh wallet across three transactions, according to Etherscan logs. The transfers included 6,850 StakeWise Staked ETH (OSETH), 6,590 Wrapped Ether (WETH) and 4,260 Lido wstETH (wSTETH), crypto intelligence platform Nansen said in a Monday X post.
By 8:52 am UTC on Monday, the ongoing exploit has swelled to over $116.6m in stolen funds, according to blockchain data platform Lookonchain.
The Balancer exploit may stem from smart contract issues that had a “faulty access check allowing the attacker to send a command to withdraw funds,” Nicolai Sondergaard, research analyst at Nansen, told Cointelegraph. “From what I see, losses are now greater than $100 million and have affected Balancer v2 + various forks.”
Aiming to recover the funds, the team behind Balancer offered a white hat bounty of up to 20% of the stolen funds if the full amount, minus the reward, is returned immediately. If the funds are not returned within the next 48 hours, Balancer stated that it will continue to cooperate with blockchain forensics specialists and law enforcement agencies to identify the perpetrator.
«
I had to read through a ton of other writeups of this hack before finding this one, which at least gives a vague idea of what has happened. What it doesn’t make clear is that this is money (even Monopoly money) which belongs to people who are now substantially out of pocket. “DeFi” – decentralised finance – is still somewhere in the 18th century as far as the trustworthiness of its “banks” goes.
unique link to this extract
Tesla sued over claim faulty doors led to deaths in fiery crash • Bloomberg via NDTV
Emily Chang:
»
Tesla is being sued over a crash in Wisconsin last November that killed all five occupants of a Model S who allegedly became trapped in a fast-moving inferno when the doors wouldn’t open, adding to scrutiny over whether a design choice by the automaker is a fatal flaw.
The suit was filed on behalf of a couple who died when the four-door sedan hit a tree and caught on fire. Jeffrey Bauer, 54, and Michelle Bauer, 55, survived the initial impact, but were unable to escape because the doors locked them inside, according to the complaint brought by their children in state court.
A nearby homeowner who called 911 said she could hear people screaming from within the vehicle, according to the lawsuit. A report by the local sheriff’s office said a cluster of bodies in the front seat suggested there may have been a struggle to escape.
“Tesla’s design choices created a highly foreseeable risk: that occupants who survived a crash would remain trapped inside a burning vehicle,” lawyers for the children said in the complaint. The lawsuit accuses Tesla of negligence, arguing that Elon Musk’s electric vehicle maker was aware of the dangers of its door handle designs and the risk of post-collision fire hazards from the EV’s lithium-ion battery pack but did nothing to address either issue.
Tesla didn’t immediately return a request for comment. The suit was filed on Friday in state court in Wisconsin.Tesla’s door handles have drawn increased attention after a Bloomberg News investigation uncovered a series of incidents in which people were seriously injured or died after they were unable to open doors following a loss of power, particularly after crashes. The Wisconsin crash was one of several such incidents reviewed as part of the investigation. The company is also being sued over the deaths of three college students who allegedly were trapped inside a burning Tesla that crashed last November in a San Francisco suburb.
The National Highway Traffic Safety Administration, the US auto safety regulator, disclosed in September that it’s investigating whether some Tesla doors are defective, citing incidents in which exterior handles stopped working and trapped children and other occupants inside. Franz von Holzhausen, Tesla’s design chief, told Bloomberg that the company is working on a redesign of its door handles to make them more intuitive for occupants “in a panic situation.”
«
Bad design really does kill.
unique link to this extract
Ukrainian computer game-style drone attack system goes ‘viral’ • The Guardian
Robert Booth:
»
A computer game-style drone attack system has gone “viral” among Ukrainian military units and is being extended to reconnaissance, artillery and logistics operations, the nation’s first deputy prime minister, Mykhailo Fedorov, has told the Guardian.
Drone teams competing for points under the “Army of Drones Bonus System” killed or wounded 18,000 Russian soldiers in September, with 400 drone units now taking part in the competition, up from 95 in August, Ukrainian officials said.
The system, which launched more than a year ago, rewards soldiers who achieve strikes with points that can be exchanged to buy more weapons in an “Amazon-for-war” online store called Brave1 filled with more than 100 different drones, autonomous vehicles and other drone war material. It has a leaderboard topped by teams with names such as Achilles and Phoenix.
“It’s become truly popular among units,” said Fedorov, of the system, which is a prime example of the increasing automation of warfare. “All the defence forces know about this and there’s competition for the points, for getting these drones, electronic warfare systems and other things to help them in warfighting. The more infantry you kill, the more drones you get to kill more infantry. This is becoming kind of a self-reinforcing cycle.”
The number of Russian casualties in September is double the number from last October, in part because the Kyiv government doubled the rewards for killing Russian infantry from six to 12 points, reflecting changing battlefield priorities.
Ukrainian intelligence suggests Russia may be developing its own gamified system to compete, he said.
«
The arms race takes a weird turn.
unique link to this extract
How AGI became the most consequential conspiracy theory of our time • MIT Technology Review
Will Douglas Heaven:
»
Every age has its believers, people with an unshakeable faith that something huge is about to happen—a before and an after that they are privileged (or doomed) to live through.
For us, that’s the promised advent of AGI [artificial general intelligence]. People are used to hearing that this or that is the next big thing, says Shannon Vallor, who studies the ethics of technology at the University of Edinburgh. “It used to be the computer age and then it was the internet age and now it’s the AI age,” she says. “It’s normal to have something presented to you and be told that this thing is the future. What’s different, of course, is that in contrast to computers and the internet, AGI doesn’t exist.”
And that’s why feeling the AGI [as felt at OpenAI meetings] is not the same as boosting the next big thing. There’s something weirder going on. Here’s what I think: AGI is a lot like a conspiracy theory, and it may be the most consequential one of our time.
I have been reporting on artificial intelligence for more than a decade, and I’ve watched the idea of AGI bubble up from the backwaters to become the dominant narrative shaping an entire industry. A onetime pipe dream now props up the profit lines of some of the world’s most valuable companies and thus, you could argue, the US stock market. It justifies dizzying down payments on the new power plants and data centers that we’re told are needed to make the dream come true. Fixated on this hypothetical technology, AI firms are selling us hard.
Just listen to what the heads of some of those companies are telling us. AGI will be as smart as an entire “country of geniuses” (Dario Amodei, CEO of Anthropic); it will kick-start “an era of maximum human flourishing, where we travel to the stars and colonize the galaxy” (Demis Hassabis, CEO of Google DeepMind); it will “massively increase abundance and prosperity,” even encourage people to enjoy life more and have more children (Sam Altman, CEO of OpenAI). That’s some product.
«
Try this Kool-Aid, it’s delicious!
unique link to this extract
Meet the real screen addicts: the elderly • The Economist
»
Hundreds of teenagers, sometimes strong-armed by their parents, have trooped through the doors of Britain’s National Centre for Gaming Disorders since it opened in 2019. Yet lately the publicly funded clinic has admitted a steady trickle of rather different patients. Its specialists in video-game addiction have so far treated 67 people over the age of 40. The oldest, with an obsession for games on her smartphone, was 72.
…As today’s 60-somethings, already familiar with digital technology, enter retirement, time spent on smart devices is shooting up among the elderly. Some older adults “are increasingly living their lives through their phones, the way teenagers or adolescents sometimes do”, says Ipsit Vahia, head of the Technology and Ageing Laboratory at McLean Hospital, part of Harvard Medical School. The digital habits that have transformed the teenage years are now coming to old age.
…Older people have traditionally lagged behind when it comes to digital technology. A decade ago only a fifth of Americans over 65 owned a smartphone. That is changing. The newly retired, most of whom have been online since middle age, are among the most enthusiastic adopters of digital gadgets. Over-65s are more likely than under-25s to own tablets, smart TVs, e-readers, and desktop and laptop computers, according to a seven-country survey by GWI, a research firm.
Tech companies have identified oldies as a growing market. Apple makes earphones that double as hearing aids and watches that can carry out electrocardiograms or call an ambulance if the wearer falls. (Partly as a result of this, 17% of over-65s now own a smartwatch.)
The next generation of pensioners looks as if it will be even keener on digital gadgets: nearly a fifth of 55- to 64-year-olds own a games console. Retirement is starting to look a lot less about golf and more about “Grand Theft Auto”.
«
Real humans don’t stream Drake songs 23 hours a day, rapper suing Spotify says • Ars Technica
Ashley Belanger:
»
Spotify profits off fake Drake streams that rob other artists of perhaps hundreds of millions in revenue shares, a lawsuit filed Sunday alleged—hoping to force Spotify to reimburse every artist impacted.
The lawsuit was filed by an American rapper known as RBX, who may be best known for cameos on two of the 1990s’ biggest hip-hop records, Dr. Dre’s The Chronic and Snoop Dogg’s Doggystyle.
The problem goes beyond Drake, RBX alleged. It claims Spotify ignores “billions of fraudulent streams” each month, selfishly benefiting from bot networks that artificially inflate user numbers to help Spotify attract significantly higher ad revenue.
Drake’s account is a prime example of the kinds of fake streams Spotify is inclined to overlook, RBX alleged, since Drake is “the most streamed artist of all time on the platform,” in September becoming “the first artist to nominally achieve 120 billion total streams.” Watching Drake hit this milestone, the platform chose to ignore a “substantial” amount of inauthentic activity that contributed to about 37 billion streams between January 2022 and September 2025, the lawsuit alleged.
This activity, RBX alleged, “appeared to be the work of a sprawling network of Bot Accounts” that Spotify reasonably should have detected.
Apparently, RBX noticed that while most artists see an “initial spike” in streams when a song or album is released, followed by a predictable drop-off as more time passes, the listening patterns of Drake’s fans weren’t as predictable. After releases, some of Drake’s music would see “significant and irregular uptick months” over not just ensuing months, but years, allegedly “with no reasonable explanations for those upticks other than streaming fraud.”
Most suspiciously, individual accounts would sometimes listen to Drake “exclusively” for “23 hours a day”—which seems like the sort of “staggering and irregular” streaming that Spotify should flag, the lawsuit alleged.
…Spotify artists are supposed to get paid based on valid streams that represent their rightful portion of revenue pools. If RBX’s claims are true, based on the allegedly fake boosting of Drake’s streams alone, losses to all other artists in the revenue pool are “estimated to be in the hundreds of millions of dollars,” the complaint said. Actual damages, including punitive damages, are to be determined at trial, the lawsuit noted, and are likely much higher.
«
Michael Mann to Bill Gates: You can’t reboot the planet if you crash it • Bulletin of the Atomic Scientists
Michael Mann (erstwhile Nasa climate scientist):
»
[Bill] Gates became a household name in the 1990s as the Microsoft CEO who delivered the Windows operating system. (I must confess, I was a Mac guy.) Microsoft was notorious for releasing software mired with security vulnerabilities. Critics argued that Gates was prioritizing the premature release of features and profit over security and reliability. His response to the latest worm or virus crashing your PC and compromising your personal data? “Hey, we’ve got a patch for that!”
That’s the very same approach Gates has taken with the climate crisis. His venture capital group, Breakthrough Energy Ventures, invests in fossil fuel-based infrastructure (like natural gas with carbon capture and enhanced oil recovery), while Gates downplays the role of clean energy and rapid decarbonization. Instead, he favors hypothetical new energy tech, including “modular nuclear reactors” that couldn’t possibly be scaled up over the time frame in which the world must transition off fossil fuels.
Most troublingly, Gates has peddled a planetary “patch” for the climate crisis. He has financed for-profit schemes to implement geoengineering interventions that involve spraying massive amounts of sulphur dioxide into the stratosphere to block out sunlight and cool the planet. What could possibly go wrong? And hey, if we screw up this planet, we’ll just geoengineer Mars. Right Elon?
Such technofixes for the climate, in fact, lead us down a dangerous road, both because they displace far safer and more reliable options—namely the clean energy transition—and because they provide an excuse for business-as-usual burning of fossil fuels. Why decarbonize, after all, if we can just solve the problem with a “patch” later?
Here’s the thing, Bill Gates: There is no “patch” for the climate crisis. And there is no way to reboot the planet if you crash it. The only safe and reliable way out when you find yourself in a climate hole is to stop digging—and burning—fossil fuels.
«
Gates’s latest memo is intended to influence proceedings at the upcoming COP30 climate summit in Brazil. In short, he backs technology as the way to solve the climate crisis – because we are definitely not getting there through self-denial; the Paris agreement has not worked out. It’s hard to see why Mann is so against trying any sort of idea that might work.
unique link to this extract
The Super PAC trying to free Democrats from the cult of the quants • POLITICO
Issie Lapowsky:
»
Future Forward, the dominant Democratic outside funder which raised some $950m between its super PAC and other entities, had gained prominence for its aggressive approach to ad testing. Run by a small inner circle of number crunchers, the firm commissioned more than 1,500 ads throughout 2024 and, with the methodological rigor of a drug company testing a new vaccine, ran each one through randomized-control trials, surveying millions of voters to determine which ads would be the most persuasive to the most people.
Future Forward’s tests spelled out a pretty consistent theory of the case: elevating and contrasting Biden with Trump was more persuasive to voters than attacking Trump outright. But the debate scrambled this strategy. How to promote a candidate who had all but self-immolated on stage? And was it worth spending money now when it was anyone’s guess what the next few months would hold? Without something nice to say about Biden, for a few critical weeks, Future Forward didn’t say much at all.
To [rival Democrat Super PAC director Danielle] Butterfield, that was a wakeup call. Democrats, she believed, were allowing data about what supposedly sways people to stand in the way of intuition. For all their parsing and fine tuning, she felt her party was failing to simply read the room. “Trump was attacking us from every angle, and we were not doing anything,” Butterfield said. “We were really letting data drive a decision that should be pretty crystal clear.”
…Getting people to watch and give their opinions about an ad in a vacuum bears little resemblance to the way people actually consume content online. These tests don’t measure whether people will grasp a candidate’s message when they’re half-listening to a podcast at work. They don’t tell you if people get the ick when a slick, highly-produced political spot pops up in the middle of a video of a guy ranking fast food french fries. They don’t tell you if an ad is really “breaking through,” Butterfield said, a hand-wavy term she uses both liberally and intentionally.
“We try to treat advertising like this, like black and white, measurable thing, but in the world we’re dealing with, it’s not,” she said.
«
There’s something too there about those at the top being cut off from voters – unsurprisingly, since the country is enormous, and trying to go with your gut about what people want is sure to go wrong.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 