I think the most straightforward answer is that it doesn't prove that it isn't a bot. Instead it adds a small cost to whatever the action is on your website you want to protect (e.g. submitting a form). Some of our customers set the difficulty to be quite high if their goal is to "slow down" scrapers to make them uneconomical, as it runs in the background anyway real users don't really notice as they are busy filling the form.
As you mentioned in your article if you have even a modest budget you can pass any captcha ($5 per 1000 human reCAPTCHA solves is actually on the higher end.. with a bit of searching you will find <$1 per 1000). Our captcha doesn't lock out anyone with disabilities or other accessibility concerns, doesn't kill conversion with forced tasks, and doesn't sell out your customer's privacy. Other than the competitors we are on the same side as you: your visitors' data is a burden for us, not an asset. It's in our interest to collect as little as possible of it.
There are some anti-headless checks clientside, but those are pretty basic so I don't think they would pose a huge obstacle. So if you script yourself around those and are willing to pay xx to xxx seconds of computation per request eventually, you can get through,
Sorry for the long answer, I just hope it highlights the difference in tradeoffs.
Accessibility First DevRel. I focus on ensuring content created, events held and company assets are as accessible as possible, for as many people as possible.
I think the most straightforward answer is that it doesn't prove that it isn't a bot. Instead it adds a small cost to whatever the action is on your website you want to protect (e.g. submitting a form). Some of our customers set the difficulty to be quite high if their goal is to "slow down" scrapers to make them uneconomical, as it runs in the background anyway real users don't really notice as they are busy filling the form.
As you mentioned in your article if you have even a modest budget you can pass any captcha ($5 per 1000 human reCAPTCHA solves is actually on the higher end.. with a bit of searching you will find <$1 per 1000). Our captcha doesn't lock out anyone with disabilities or other accessibility concerns, doesn't kill conversion with forced tasks, and doesn't sell out your customer's privacy. Other than the competitors we are on the same side as you: your visitors' data is a burden for us, not an asset. It's in our interest to collect as little as possible of it.
There are some anti-headless checks clientside, but those are pretty basic so I don't think they would pose a huge obstacle. So if you script yourself around those and are willing to pay xx to xxx seconds of computation per request eventually, you can get through,
Sorry for the long answer, I just hope it highlights the difference in tradeoffs.
No that is a great answer.