Biggest question I have is how this will overcome sites that implement aggressive anti-automation security. I can easily automate websites with existing tools until I slam into that wall.
This never made it into prod since the scale was small, but one of the favorite leaks I found when working on bot detection was browsers which generated the same random numbers. Presumably because they were being init to the same VM snapshot and therefore the same random number state.
That is clever! I wish we could use tricks like that but we've never used client side JS for such purposes.
p.s. I've added this comment to https://news.ycombinator.com/highlights. I mention this so more people might learn that it exists and hopefully send us nominations!
So far its cost me $2.27 to submit a contact form 3 times - why is this better than a captcha solver with human solves at 1000 per $2?
On your automation, your tool fed back to me as follows after 3 submissions:
> The CAPTCHA is persistently blocking now — Prosopo's widget appears to have flagged the session/IP due to the repeated submissions. The checkbox won't reset this time. This is expected behavior from their bot protection product. To submit again, you'd likely need to wait a while for the rate limit to clear, or submit manually from your own browser.
The cost is AI cost for using the agent - not captcha cost. Usually, you would write the project and then call it via API - instead of asking the agent to do the action more than 1 time. Considering using the web task API for this use case.
I had this problem with https://gitlab.com/gabriel.chamon/yagi which is Yet Another Stalker Gamma Installer. In my region, Brazil, I get cloudflare captchas when downloading assets from moddb. Using a VPN solves this but then latency and speed goes out the window. What worked for this particular case was to use an unmodified Firefox build and interact with it indirectly with it's limited interface: launch the browser with the download URL, solve captcha once, have the automation look for the download start at the browser's sqlite db then wait for the download to finish looking at the filesystem. Anything, even marionette would trigger cloudflares anti automation, even if I was solving the captcha manually.
Also, one of our engineers did a write up on bot detection systems and how they work - https://intunedhq.com/blog/how-bot-detection-works