back to article Google's reCAPTCHA favors – you guessed it – Google: Duh, only a bot would refuse to sign into the Chocolate Factory

Google's reCAPTCHA v3 system, designed to separate people from bots during website interactions, is more likely to give you the benefit of the doubt as a human if you happen to be signed in to your Google Account – and is more likely to deem you dubious if you're trying to protect your privacy, recent research suggests. …

  1. JohnFen Silver badge

    I'm no bot

    But if a site is using reCAPTCHA, then that site is unavailable to me.

    "However, we can have a popup on the top of the website but the cost in this case is the user experience."

    As if Google gives a shit about that.

    1. DougS Silver badge

      I like polluting Google's data set

      I deliberately click on all the wrong boxes for 30-60 seconds before finally trying to get it right. Fuck them if they think I'm going to help their self driving cars tell what traffic lights are.

      1. stiine Silver badge

        Re: I like polluting Google's data set

        I do it one better, sometimes I click random boxes, several times, and then abandon the page.

        In the old days, when I was single and broke, I would log into the original captcha site and do them for hours because they were fun and challenging. These days, I just fuck with them.

        1. DrXym Silver badge

          Re: I like polluting Google's data set

          "I do it one better, sometimes I click random boxes, several times, and then abandon the page."

          While it would be nice to think this screws up their system, I expect Google poses the same challenges multiple times over different requests until they can be statistically confident about the right answer.

          1. Ken Moorhouse Silver badge

            Re: sometimes I click random boxes

            You've just caused a self-driving car to crash.

            (See Mage's xkcd link: "crowd funded Machine Learning" 20 mins ago).

      2. DrXym Silver badge

        Re: I like polluting Google's data set

        The scary part is the realisation that they can't get computers to recognise traffic lights so they have to ask a human to train it.

        What does that say about the hype coming from Google, Tesla and others how we'll all be driven around by computers in a few years? The obvious answer is its all kool aid. Any self driving car will be a simulacrum, only one bad recognition away from doing something completely nuts for the circumstance.

        I wonder if future versions of reCAPTCHA will challenge users to ID pregnant women, wheelchair users, carjackers and crazy homeless people so they can tune the car's behaviour when a human steps out in front of a vehicle.

        1. Richocet

          Re: I like polluting Google's data set

          I'm going to buy some popcorn. Will be fascinating to see how the people in IT who like to call themselves engineers using crowd-sourcing and AI, fare against the people with engineering degrees who design cars and roads and traffic management systems with 80 years of experience and methodologies.

          My money is on the latter because a significant amount of their training and their career success is about not killing anyone. And I think the former are going to relearn the hard way things that the latter already know. We will see....

          1. DougS Silver badge

            Re: I like polluting Google's data set

            If those engineers have Boeing's management overruling them, there will be blood in the streets when they look at the traffic light for the next street down, see "green" and plow into cross traffic...

      3. Richocet

        Re: I like polluting Google's data set

        Thank you for taking the time to do this. I think our best chance to thwart Google and Facebook is to pollute their data. Their automation and minimisation of staff combined with the size of their data set make this a fatal weakness they could not recover with their current business models.

        However data pollution would need to occur on a significant scale to achieve this. Maybe we need browsers that don't just protect our privacy but automate the process of sending misleading tracking data to Google, Facebook and the ad brokers.

        1. DougS Silver badge

          Re: I like polluting Google's data set

          That would make a nice add-on for someone to write for Firefox (hint hint)

          Just set it loose going to sites from your site history that use Google CRAPTCHAs and have it click random boxes for a minute and then abandon it. It would need to be clever with random delays and varying behavior so Google couldn't suss it out. Maybe even fake the browser identification to claim it is Chrome so Google can't simply ignore non-Chrome users.

      4. Anonymous Coward
        Anonymous Coward

        Re: I like polluting Google's data set

        Entering wrong answers probably still helps them. Instead give them the silent treatment. Don't do anything that involves going through Google.

    2. Ogi
      Thumb Down

      Re: I'm no bot

      > But if a site is using reCAPTCHA, then that site is unavailable to me.

      I follow the same rule, however things are coming to a head recently, as now websites that I find critical have starting using it.

      Case in point, two days ago I tried to transfer money out of my savings account to cover some unexpected expenses. However turns out earlier this month they "updated" their website, and now use recapcha to prove I am not a bot.

      I had no choice but to try to use the damn thing, but I kept coming across the following message:

      "Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help page"

      So basically ReCaptcha thinks I am a bot. I am using PaleMoon, noscript (temporarily disabled for this login) and no Google account. I guess they had no record of me because of the lack of Google account, never touched their recaptcha before, and their JS has been blocked on my machines for as long as noscript has been around.

      However, this meant that I was essentially blocked from accessing my own savings, not by the law, or the courts, or even the savings provider themselves, but by Google, a company that has nothing to do what-so-ever with this transaction.

      Luckily it was Friday before closing time, and they had a telephone number, so I phoned them up and did the transfer. However what if it was out of hours? Or what (like more and more services, including Google itself), they are going online only with no telephone number? What then?

      Google now has the power to control my access to third parties, had I not been able to transfer by phone I would be looking at a bunch of late payment fees and fines come Monday.

      Apart from the fact I despise having to give my time and effort to train up Google AI Image detection, apparently Google now gets to play gatekeeper, and decide whether I can use third party websites or not.

      And all this to stop bots. Honestly I am coming to the point where I think the cure is worse than the disease. So what if bots access a damn web page? Either they hit the page so hard they get blocked, or they behave and access like a human would, in which case who gives a toss whether a bot or human is at the end of the other line?

      They may spew spam out, but you can just as easily hire some cheap labour to sit there and post spam comments anyway, so captchas don't help there.

      For me, the ability to freely and lawfully transact without some random third party (be it Google, Facebook, or others) arbitrarily deciding whether I am "authorised" to do so is worth far more to me than the inconvenience of bots.

      For all the crap the bots of pre AI-captcha days caused, they never stopped me interacting with who I wanted to on the net.

      1. A.P. Veening Silver badge

        Re: I'm no bot

        Complain to your savings provider and tell them you will find another savings provider if/when they don't cancel that Google ReCaptcha. And don't hesitate to make good on your word. And if you are living in the EU (or California) or hold EU-citizenship or that savings provider is based in the EU, you should also mention GDPR (or the Californian equivalent) and report to the appropriate authority.

        1. Ogi

          Re: I'm no bot

          I did contact them, first thing before asking for the manual transfer was to have a go at them about the recaptcha, but the thing is, the guy on the phone did not even understand the problem. He was just a normal support worker, not even techie. For him it always "just let him in", no problem.

          Their argument was "security is most important for our clients", and "It is the industry standard", and "there must be something wrong with your system". Basically just trying to deflect and placate me without offering anything concrete.

          Even if I do move my money to one of their competitors (which I may well do, because 24+ hours later, Google still isn't letting me in), there is no guarantee their competitors will not follow "industry standards" and use Google anyway.

          I can moan at them all I want to, and even take my money out, but unless other people collectively do the same, I am basically pissing against the wind. And as most people are fully plugged into FB and/or Google, they won't even have this issue. It may well all work seamlessly for them, which in their eyes makes it something "wrong" with me or my systems.

          And that is another issue, just like with DRM, and Spyware (FB, Android, etc...), and our rallies against constant global surveillance, and everything else techies get worked up on, normal people just don't get it.

          They didn't get our objections to Microsoft in the 90s (until they got locked into an ecosystem that bled them dry of money, was insecure and unreliable). They didn't get DRM (until they started getting kicked out of their itunes/pandora/etc... collection ). And now, they don't get our objections to Google and FB (although they are waking up a bit to the "oh crap" moment, mostly due to Cambridge Analytica).

          By the time the masses figure out what we have been screaming at them for the last 10 years, it is already too late to change things. Like now, when they are waking up to maybe FB/Google are not being quite so good, pure and innocent, their JS is already injected all over the web, controlling and logging as much as they can, while they pretty much got entire peoples lives in photos/videos/messages/locations/etc... all stored up.

          I mean, Google wants to be in your car (it already is in some modern ones) with the goal to eventually be your car in complete.

          AI is working on remotely identifying people based on their gait, or even the pattern of their heartbeat.

          Facebook wants to be your one stop bank/transaction broker with Libra.

          The way things are going, in future you may find yourself either plugged into FB/Google or unable to function in most of society.

          1. Martin an gof Silver badge

            Re: I'm no bot

            normal people just don't get it

            Well written rant thank you, and I've had the same for years. Fortunately we still have bank branches in the town nearby.

            Some people are beginning to wonder whether they should be handing over all this personal information, but if it's not Google, it's Facebook and if it's not Facebook it's Microsoft, and if it's not Microsoft it's... well, there'll be another along in a minute.

            I went to the "try it out" link in the article. I had to enable some Google script to get the thing to run, and then it seemed to oscillate between giving me scores of 0.3 and 0.7. Was it supposed to give me the "I'm not a robot" box to click, or the "identify the shopfronts" puzzle to complete?

            M.

            1. DropBear Silver badge

              Re: I'm no bot

              That's weird. I got the exact same 0.3 / 0.7 routine, which is... a disconcertingly large swing.Well, after I disabled uBlock because with that it wasn't running at all apparently. I'm on an older Firefox ESR / Debian by the way.

          2. Ken Moorhouse Silver badge
            Coat

            Re: Come the day...

            Come the day when data leakage occurs due to reCaptcha sharing your details in a non-GDPR compliant way, then let the recriminations begin.

            Until then we've all got to sit tight and try to do the secure thing. --->>>

            Icon meaning: Put on your coat and walk to your nearest retail outlet.

            Difficult: Santander are shuttering many of their retail outlets lately. Why? Because they think we all want to go online...

            Perhaps they should have called it GOTCHA.

      2. emullinsabq

        Re: I'm no bot

        The same happened to me last election cycle. I went to the city website to obtain a sample ballot and could not progress without passing google's reCAPTCHA. Actually, I didn't know what the problem was until I disabled my script blocker. So I sent them an email asking why essential services relied on Google. I must really be an outlier because the response was amazing. The election was only a couple days away, and they emailed me a couple hours later. It was an apology with my proper sample ballot attached as pdf. Kudos to them. I doubt that level of service could be achieved for the masses.

      3. JohnFen Silver badge

        Re: I'm no bot

        "Or what (like more and more services, including Google itself), they are going online only with no telephone number? What then"

        I solution I have in mind for when this happens to me is using a machine dedicated to that one task and no other.

        I'm already doing this with YouTube -- I have a tablet that is used for YouTube and nothing else, and I never use YouTube on any machine except that one. It wouldn't be that big of a deal to do the same for critical websites. I could see having a device that is used exclusively for interacting with my bank, for instance. It wouldn't even need much grunt, so it could be a very cheap device.

    3. Jamie Jones Silver badge

      Re: I'm no bot

      John, you're lucky. A few times I've been recaptured on this very website when trying to edit a post with invariably a few links in it. It's a cloudfare thing. On one occasion I had to give up because it refused to believe I was human!

      1. Richocet

        Re: I'm no bot

        Do you expect us to take your word for it? Your reg post could be from AI :-)

        1. Jamie Jones Silver badge

          Re: I'm no bot

          There's no intelligence in my posts... artificial or otherwise!

      2. JohnFen Silver badge

        Re: I'm no bot

        I'm not sure how that makes me lucky...

  2. Anonymous Coward
    Anonymous Coward

    So... serious question.

    What are the well maintained, effective, safe, secure and reliable alternatives?

    Preferably options which don't impact on the user experience...

    1. Joe W Silver badge

      This implies that reCAPTCHA is any of these. Sure you read the article? Plus if you read what Codinghorror wrote about captchas you have to despair.

      The tradeoff between allowing only human users in and denying human users access by making the method more difficult is substantial, for the users and the websites. Still, the simple bots get filtered out by a challenge like e.g. Shamus Young (twenty sided.com, I think) had implemented for his comments. It was as static text challenge. Not sure what he uses these days, though. Anything more complex increases the likelihood of turning away legimate users, and only slightly impairs the robots. It is, unfortunately, a losing game.

    2. A.P. Veening Silver badge

      well maintained, effective, safe, secure and reliable alternatives

      The bank, which holds my accounts, has a small gadget, which you plug into your computer using USB and which can read your bank card. You verify it is you by entering your PIN and pressing OK to confirm the number and total amount of the transactions. It fits all your requirements and preferable options.

      A previous version (and this version when not plugged in) required entering a couple of codes into the gadget and the browser, making that slightly less user friendly, but still very workable.

      1. ThatOne Silver badge

        Re: well maintained, effective, safe, secure and reliable alternatives

        Enjoy it as long as it lasts... I'm pretty sure using this gadget costs them money, whereas reCAPTCHA is free. Ergo, it's only a matter of time until this gets "optimized". I've seen two banks pulling them so far.

        Never forget: "Our customers security is important to us, but not enough for us to lose money over it".

  3. ma1010 Silver badge
    Stop

    I despise CRAPTCHA

    I have hell with it. Don't know if it's me or it, but on the rare occasions I bother with a web site that uses it, it always takes me 3 or more tries before it decides I'm a real meatbag. When I see one of those show up on a web site, I usually just forget it and move on, and I know I'm not the only one. (Hey, web site developers, any of you listening?)

    1. ThatOne Silver badge
      Facepalm

      Re: I despise CRAPTCHA

      > it always takes me 3 or more tries

      Same here: One round of "click on stuff till there is no more", then another, then a third for the fun, and sometimes a couple more, just in case. I think it's the SOP.

      After all humans have all day, and bots are known to be impatient and have short attention spans, don't they.

    2. Andy Non Silver badge

      Re: I despise CRAPTCHA

      I struggle too with the hidden letters ones and often give up. I recently bought (or tried to buy) some items from an online engineering parts site. Must have spent half an hour sorting out all the parts I wanted and filling my basket. However, before I could finalise payment I had to solve a captcha - except there wasn't one there to solve. Refreshed a few times after clicking the "I'm not a robot" etc but the captcha stubbornly refused to appear. So I abandoned my order and bought the items from one of their competitors.

      1. John Brown (no body) Silver badge

        Re: I despise CRAPTCHA

        "So I abandoned my order and bought the items from one of their competitors."

        Did you contact them to say why you cancelled your order? Or was the only contact method a webform behind another captcha?

        1. Andy Non Silver badge

          Re: I despise CRAPTCHA

          I contacted them by phone to tell them about the problem and try order over the phone instead, but they said they only accept orders via their website. Apparently they'd introduced the captcha because someone (or a bot) had supposedly conned them by placing a large order abroad but payment subsequently was cancelled leaving the vendor out of pocket. How precisely introducing a captcha was supposed to eliminate such cons I don't know. It didn't help that it wasn't even implemented properly; it certainly didn't work for me, so they lost my order.

          1. Richocet

            Re: I despise CRAPTCHA

            Flawed logic there. Fraudsters are willing to go to great lengths to steal thousands of dollars. Genuine customers are not willing to go far our of their way to spend a little money legitimately.

            Their finance department instead need to get and stay up to speed with the latest scams.

    3. viscount
      Terminator

      Re: I despise CRAPTCHA

      Have you considered that you may not be a human?

    4. Jamie Jones Silver badge

      Re: I despise CRAPTCHA

      That's because once it's determined you're human, it throws a few others at you so you help their machine learning.

      And the order is randomized too, so it may be the first one that is used for training if subsequent ones determine you are human..

      You are doing unpaid work for them!

    5. DropBear Silver badge

      Re: I despise CRAPTCHA

      Three...? You have it lucky. Yes, sometimes it lets me in with three, but more often than not it's more like three dozens - tiles after tiles after tiles after tiles... just an unending stream of "do another one!". Not acknowledging I'm human. Not deciding that I'm not. Just an endless refusal to make any decision whatsoever (while gleefully forcing me to do useful work for them for the privilege), the absolute purest evil any gatekeeper can do - not even wrongfully keeping you out but outright refusing to acknowledge your existence, the epitome of how powerless you are compared to Its Gatekeeping Omnipotence. Strictly figuratively speaking, Google's CAPTCHA devs are definitely lucky for having an ocean between their throats and my hands...

  4. Kevin McMurtrie Silver badge

    I'm not a Google fan

    I like to answer the "select images containing" captchas slightly incorrectly. It still lets me through and I hope I'm training some bot to do things wrong.

    1. jelabarre59 Silver badge

      Re: I'm not a Google fan

      So what we need is an extension for our Firefox/Waterfox browsers that randomly selects cells in the image for us and submit the response. Because fuck-you Google.

  5. dansbar

    I must be doing it wrong

    Because in Safari in normal browsing mode and signed in to a Google account, that little test tool returned 0.7. From a little known privacy focussed browser with ad blocking and privacy protections on full blast and not a Google account having ever dated to sully it’s cache I get 0.9.

    1. John Brown (no body) Silver badge

      Re: I must be doing it wrong

      I tried it firefox with full privacy protections turned on. I didn't get a score because NoScript blocked the script. When I tried temporarily whitelisting the site domain only, I got 0.7 .

      1. Martin an gof Silver badge

        Re: I must be doing it wrong

        I had to allow the site too (also allowed google.com, gstatic but not googletagmanager), and each time I clicked "try again" it swapped between scoring me 0.3 and 0.7. Firefox, Noscript, Privacy Badger...

        M.

        1. Updraft102 Silver badge

          Re: I must be doing it wrong

          Same here, 0.3 or 0.7. Interesting that it picked those two numbers that add up to the whole.

  6. Danny Boyd

    Say anything you want about Google, but you must admit - they are highly consistent.

  7. Azerty

    Synology

    I asked Synology to replace recapcha so I don't get tracked when managing my private home nas but unfortunately, Synology doesn't care about the privacy of it's users.

    1. Pascal Monett Silver badge

      Re: Synology

      Would you mind explaining how it is that you get a captcha when connecting to your home NAS ? I have a DS414j and I have never seen a captcha when accessing its local IP on my browser.

      Granted, I have also configured it to refuse Internet connections.

  8. ashdav
    Big Brother

    A lot of people think Google IS the internet.

    Unfortunately, Google think that too.

  9. stuartnz

    I may not be a bot

    I use Pale Moon on Windows for most browsing, I tried after running CCleaner, got 0.9. Installed Brave for the first time on my PC, also got 0.9. Updated my Vivaldi, got 0.7 At least in the case of the last two, I've never visited any Google sites, logged in or otherwise, but they still gave me vaguely human sounding scores.

  10. ThatOne Silver badge
    Terminator

    I'm unmasked!

    Tried the v.3 score test, which showed a bunch of code stating at the end:

    Received response from our backend:

    {

    "success": false,

    "hostname": "recaptcha-demo.appspot.com",

    "challenge_ts": "2019-06-29T01:14:18Z",

    "apk_package_name": null,

    "score": 0.1,

    "action": "examples/v3scores",

    "error-codes": [

    "score-threshold-not-met"

    ]

    }

    Means I'm most certainly a robot, doesn't it? Fortunately my parents are deceased, i wouldn't know how to break it to them... :'-(

    Edited to add, just using Firefox, nothing fancy.

  11. Claverhouse Silver badge

    Attack-Sites...

    Instead, a Google spokesperson provided this statement: "We do not disclose our security methods because we want to prevent bad-actors from using that information to evade detection and attack sites across the internet."

    Suppose one thinks Google is the Internet Bad-Actor ?

    1. short a sandwich

      Re: Attack-Sites...

      Ooh, Schneier's favourite 'security by obscurity' phrase. Probably not secure then!

  12. Jou (Mxyzptlk)

    Re-Captcha is not anti-bot - it is anti-human

    I got SO fed up with it I starting putting it on my channel. Record holder is humblebundle wasting nearly 10 Minutes of my life... The sole reason I don't by anything from humblebundle any more except for the occasional free stuff.

    If you use a "google tracking friendly" browser and disable all privacy and anti-tracking settings google treats you better.

    1. Dan 55 Silver badge

      Re: Re-Captcha is not anti-bot - it is anti-human

      Are companies even aware Captcha is a denial of service for their customers? Perhaps you could forward the videos to HB.

      If you use a "google tracking friendly" browser and disable all privacy and anti-tracking settings google treats you better.

      Go on, say Chrome.

    2. Updraft102 Silver badge

      Re: Re-Captcha is not anti-bot - it is anti-human

      Ah, so I am not alone there.

      I had long ago signed up for the Humble Bundle promos to one of my throwaway email accounts, and I wanted to see if I could set it to only inform me about products with a Linux version. I soon found that I couldn't get into the damned website... the ReCaptcha thing kept messing with me until it finally said (after many painful minutes of being told that I was wrong on each puzzle) that it could not verify me, and told me to try again later. Of course, the audio recaptcha is never available, as it just gives me the nonsense "your computer may be sending automated queries" (I guarantee you it isn't, Google). So much for accessibility.

      I messed around until I finally got in to Humble Bundle, and I was so angry by then that I just unsubscribed and sent them a sharply-worded message explaining my issue. As in some of the examples in the comments above, the person who eventually read the message (if that ever happened) probably just thought that since they never have any trouble, and most of their customers never have any trouble, it must be on my end. They probably use Chrome without any privacy addons and just let it track their happy arse all over the web, which is what Google ReCaptcha wants the peons to do. Good little peon!

      I guess there is an element of truth in the "it must be something with your system" explanation. If my system would just let Google track me and harvest my personal data, I'd be allowed to be human too. Humans get tracked by Google, don't you know that?

  13. Dan 55 Silver badge

    The Register asked Mozilla to comment on whether anyone has complained that reCAPTCHA has hindered Firefox users excessively for their technology choices, as some have claimed, but we've not heard back.

    Waterfox users are certainty being hindered by reCAPTCHA, just check the latest release entries in their Waterfox blog.

    I've also had my suspicions about reCAPTCHA punishing Firefox for Android users, not helped by me getting 0.3 just now.

    1. jackofalltrades

      If you're not using A) Chrome, or B) native Android browser, you basically can't even log into many sites. They specifically blocked the others on the Android platform. This has nothing to do with JS support, etc. They don't get to do their special snowflake methods or just don't want to bother using a less proprietary code. It's getting to where if you're not using Chrome and allowing their heavy JS mess(i.e. Pixiv!), many sites will not work even in a non-interactive fallback. It's Microsoft's old EEE method.

  14. Anonymous Coward
    Anonymous Coward

    recaptcha.org^W^Wgoogle.com

    I thought it was explicitly made plain that Google were using your activity on Google properties to inform their CAPTCHAs back when they moved reCAPTCHA from its own domain to be hosted instead on google.com, where they can potentially access the cookies from any other google.com property.

    As another reason not to use it, this means that using Google's CAPTCHA means that you lock out everyone in China from using your service, where google.com is blocked by the Great Firewall, and using VPNs can get you arrested (or worse, your humanity^Wsocial score reduced).

  15. Doctor Syntax Silver badge

    "To me, it feels like Google's entire strategy behind reCAPTCHA anything is to make it harder to protect your privacy,"

    FTFY

  16. IT Poser

    Well this explains a lot.

    Sorry Google, the last time I logged in you were still pretending you weren't evil.

  17. Pascal Monett Silver badge
    Flame

    Wait a minute

    Could someone please tell my why Google should have access to my mouse movements and how that is possible or legal ?

    Oh right, it's not illegal, so anything goes.

    I hate companies who just decide that whatever is possible is fair game.

    It's MY computer, dammit. What will it take for you to understand that, pitchforks and torches at sundown ?

    1. A.P. Veening Silver badge

      Re: Wait a minute

      What will it take for you to understand that, pitchforks and torches at sundown ?

      A nuke in the parking garage under the Chocolate Factory might bring it to their attention, understanding might take a little longer (about till the heat death of the universe).

      1. jackofalltrades

        Re: Wait a minute

        Wait until someone finds a keylogger in that junk. Poof, WW3 on it. XD

  18. Anonymous Coward
    Headmaster

    Favors ?

    Last time I looked the Reg was a .co.uk

    It's favours.

    1. Steve Knox
      Childcatcher

      Re: Favors ?

      Horrour of horrours!

      You should contact your solicitour.

    2. gotes

      Re: Favors ?

      The article was presumably written by an American ("in San Francisco") so this is normal spelling for them. I don't see why they should use UK spelling just because the site has a .co.uk domain.

  19. Camilla Smythe

    Welcome back Ms Smythe...

    Please click all boxes containing the socks you wish to buy.

  20. DrXym Silver badge

    reCAPTCHA always helps Google / Alphabet

    Websites might benefit from these humans-only barriers but the main beneficiary is and always has been Google.

    The first iterations of reCAPTCHA used humans to correct OCR errors in scanned books. Now they're using humans to fix / train systems to recognize real world objects like signs, store fronts, buses, bicycles etc.

    I assume somewhere in Google-land, they are trying to make every single signpost & crossing and produce AI that recognizes other traffic to perfect the simulacrum that is their self-driving effort.

  21. Updraft102 Silver badge

    That wasn't the actual problem we have with ReCaptcha, Google

    A spokesdrone for the evil empire wrote:

    "The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google."

    Right. So you won't be using the data collected during ReCaptcha harassment to deliver ads, but you will use ReCaptcha-based denial of service as punishment for the person not allowing collection of data used for personalized advertising by Google at all other times. Got it.

  22. Mage Silver badge
    Big Brother

    Should be banned.

    Site operators that use Google value their own convenience over the privacy and time of people.

    It's also a scummy cheap dodgy way of getting crowd funded Machine Learning.

  23. Blackjack

    CAPTCHA got your wallet

    Google has been doing this for years already. Logging is in fact a recommended way to get less CAPTCHAs, if you don't care about privacy, since years ago.

    I lost count of the many times all I needed to prove that I human was just to click in the capcha box and I get an automatic pass because I was logged in my Google account.

  24. Boson

    YATT

    This seems to be a reverse Turing Test. Rather than having a human evaluate how human a machine is, the machine evaluates how machine-like a human is.

    Well, Google rated me as 0.7; Chrome, logged into Google. I suppose that I can now brag to those who accuse me of being too much "like a computer", that a computer finds me 70% human. Progress!

  25. teebie

    Does recaptcha also hamper you signing up for additional google accounts? Asking for 7 friends who are actually me using various different websites.

  26. teebie

    I listened to a Planet Money podcast about repatcha 3, where they interviewed someone from google about it

    (paraphrased)

    "Given that recaptcha will use data on if the user is behaving normally for a user of a given site, do you really need to know whether the user has a google account to verify that they are human"

    "[Extremely long pause]"

  27. Runilwzlb

    Another reCaptcha victim

    I use Linux/Firefox/AdBlocklPlus/NoScript and am unable to pass a reCaptcha test no matter how many times I click on the correct boxes or twiddle settings (short of removing protection completely). This results in me simply refusing to patronize sites that have a reCaptcha test.

    On a separate note: Similar to user JonFen (above) in order to mitigate the risk of malicious apps (any app that snoops on data originating in another app), I also use the strategy of keeping apps segregated on multiple devices and no overlapping logins.

    Financial and other sensitive activity is relegated to a privacy-oriented Linux desktop (NEVER a mobile OS).

    A bare Android Pie phone with the minimum number of necessary contacts and no add'l apps installed for voice calls.

    An iPad with a soft-phone app, also used as audiobook player with side-loaded media.

    An HP-Touchpad (webOS) as a bluetooth music player (just because I love webOS and the ability to use a device that isn't trying to mine all my data.) [Once upon a time you could keep a calendar, to-do list, contacts, and notes WITHOUT GIVING ALL THAT DATA TO GOOGLE, et al. Imagine that!]

  28. gnarlymarley Bronze badge
    FAIL

    attempting the impossible?

    Google's reCAPTCHA v3 system, designed to separate people from bots during website interactions, is more likely to give you the benefit of the doubt as a human if you happen to be signed in to your Google Account – and is more likely to deem you dubious if you're trying to protect your privacy, recent research suggests.

    Like the title, I fail to see how this will even work. More than a decade ago, I saw someone using an automated computer to test our internal web pages. The "robotic functions" simulated the mouse and keyboard. It used actual real web browsers (such as FireFox, Internet Explorer, and has been updated to use the latest version of Chrome and Edge) that would login and test for functionality. This means that someone really wants to defeat a bot, then have to permanently prevent users from getting into their system, and that defeats the true purpose.

    We coded the bots to have human like randomized delays in them to show authenticity. So, I would say that stopping a bot is impossible. If you really want to try, then you have already lost by more than 12 years.

    The bot was coded at the time to be completely capable of reading doctors handwriting, so the humans already have lost.

    1. jackofalltrades

      Re: attempting the impossible?

      ReCaptcha v4 will include a frustration index. If user gets emotional, then must be human! Then it can like in Bladerunner, haha.

  29. carl0s

    I am not a robot

    I thought the 'i am not a robot' checkbox wasn't there with recaptcha v3. Isn't that the whole point of v3 - no user interaction required?

  30. It's just me
    Terminator

    aMfM?

    What score does he get?

  31. jackofalltrades

    "Unfortunately, because Google is so tight-lipped about reCAPTCHA's privacy implications, we're left to guess which data sources it uses to determine your humanity (or 'risk score' in reCAPTCHA v3)" Yeah, reverse-engineering that should be a priority. I mean it's not OK that people are just taking their "trust me" attitude. The fact that web of trust concept is entirely being ignored tells you they want a centralized solution with one API to rule them all - they're basically 1990's Microsoft all over again!

    "Google maintains that reCAPTCHA is only used to fight spam and abuse." Until it's not. Or until they define abuse in a way that includes "tracking evasion". Or start using it as their own personal Carnivore to out TOR/I2P users, leakers, etc.

    It's time for an addon (or filters for uBlock Origin) that just puts ReCaptcha in the timeout corner until you actually need to login. If they start blocking people for that, going to be some huge lawsuits for the levels of coercion involved, even if 'insulating' themselves by getting a third party to help them do it. Realize: There's government websites that require it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019