Slashdot Mirror
Google Updates ReCAPTCHA With Easier CAPTCHAs For Humans
An anonymous reader writes "Google today released an update to its reCAPTCHA system that creates different classes of CAPTCHAs for different kinds of users. In short, it makes your life easier if you're a human, and your work much harder if you're a bot. Unsurprisingly, Google wouldn't share too much detail as to how the new system works, aside from saying it uses advanced risk analysis techniques, actively considering the user's entire engagement (before, during and after) with the CAPTCHA. In other words, the distorted letters are not the only test."
I'm having enough trouble posting as an AC on /. as it is. Now I will have to put up with Google. Using Lynx with all these crappy images is getting to be a bitch!
The CAPTCHA is influenced by what you do after you exit it?
They're extending the user categorisation checks. It checks your IP address against a risk and Geo database. You're all smart enough to know what makes certain users riskier (eg: excessive requests, certain countries, is a Tor exit node etc.). They're just doing that properly now.
She ends up on a bum IP and ends up getting hopelessly indecipherable gibberish as the verification for paying her electric bill?
Not sure blacklisting is the best way to go about this...
So it serves up numbers to humans - does this mean that only computer-hard captchas are going to help reading books?
Further it knows you're a computer/human already but gives a test to reaffirm this anyway? Seems wasteful but I guess it acts as a safety net and allows better classification in the future...
So if it already knows we're human, why do we still have to fill in a captcha?
I am sure I have been used to identify addresses and mailboxes of homes via Google's Maps in these new ReCAPTCHAs.
( for the resident's sake I tell Google that the 7's are 1's or the 1's are 7's; some other switches pass too... )
Never ??
NEVER !!
Ads ??
NEVER !!
*Captcha was: googsux !!
The biggest change is that you are no longer recaptcha'ing to help assist the OCR process books. You are now recaptcha'ing google street view photos so NSA/google can pinpoint your house.
I wonder if blocking scripts on pages would affect the catcha itself, sounds like it might which would be pretty damn annoying.
"Google wouldn't share too much detail as to how the new system works"
Easy, it just does a lookup to the NSA, to find out your real name :)
On those ones have you ever tried hitting the button that's supposed to say the captcha out loud just in case you can't read it?(Which is most of the time) I swear it sounds like some sort of inhuman moaning straight from the Necronomicon that would be more appropriate to summon some sort of demon.
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Other changes are afoot. Google recently started requiring access to plus.google.com in order to login to gmail.
I block plus.google.com and chat.google.com in my /etc/hosts. Last week, google introduced a "google plus signup" nag screen that silently fails the login if it cannot access plus.google.com. Trouble is, it is silent and it locked me out of all of my gmail accounts.
You hit submit with your login/pass and nothing happens, over and over. Those fields even remain filled in. Each of my gmail accounts was blocked out until I viewed the nag screen, after unblocking plus.google.com. My posts concerning the issue in their help forums were ignored, aside from fanboys telling me to embrace the new undocumented requirement that is plus.google.com. Once you view the nag, you can login w/o plus.google.com. However, this morning another account is disabled just a couple days after viewing the nag. So apparently this push to force plus is a big thing.
This week they started forcing an advertising page that randomly appears ahead of the gmail login, via a redirect to mail.google.com/intl/en/mail/help/about.html
Initially it did not even have a sign-on link for some folks (like me). There are confused users complaining about it in the forums.
The downside for both of these incidents was suddenly being locked out of multiple email accounts. I was DoS'd by google.
The Blogspot implementation: http://googleonlinesecurity.blogspot.com/2013/10/recaptcha-just-got-easier-but-only-if.html In order to leave a comment on the post you have to do the following three steps. Step One: Decipher that often undecipherable StreetView street number. Step Two: 'OCR' that rarely legible text from Google Books project. Step Three: Sign-in with your Google or OpenID account. As I see it, the first two steps are completely unnecessary torture of end users for the sole benefit of the Google shareholders. Not to mention how far reCAPTCHA is from the Section 508, and WCAG accessibility standards. See: http://captcha.com/captcha-accessibility.html
What it could mean is that Google has caught up with the Copyright Term Extension Act of 1998 and finished all notable books in the English language published before 1923. Google has to set reCAPTCHA to read house numbers for Google Maps to pass the time until 2019 when copyrights will start expiring again barring yet another legislative extension.
If they know the answer, it's a bot.
I would expect Google to be looking at this those things. FaceTuring from bettercgi does. Then aagain, faceturing is readable from five meters away, so maybe recaptcha hasn't quite caught up to the little guys.
If the earlier checks suggest it's likely to be a bot, use a harder captcha to double check. If it's likely to be a human, use an easier captcha as confirmation.
If the system is pretty sure it's a returning user, FaceTuring doesn't require a captcha at all. I don't know if recaptcha ever goes as far as not requiring the captcha at all.
[RECAPTCHA+]$ Mouse cursor over boobies event detected, score +1 human
[RECAPTCHA+]$ Webcam Input: squint detected, score +1 human
[RECAPTCHA+]$ Microphone Input: "I wonder who lives there.", score +1 human
[RECAPTCHA+]$ 5 Incorrect captcha answers, score +1 human
Definitely a troll, but an old school one.
1. Google uses analytics and other techniques to find the IP addresses that are "captcha-busters".
2. Automate their captcha generator to feed into these with honeypot pages to see which ones they can bust.
3. Assemble lists of ones they cannot.
4. Profit!
It's a dynamic, revolving door, but when automated it's great. BTW I wouldn't mind a new job there, hint hint.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
uses pictures of Cats that we humans get to vote on - what's funny, who's grumpy, stupid, OMG Kill it! Social experimentation/analysis of the worst kind. Maybe Google will finally be able to profile what is human and will then be able to bear Skynet.
Mod me up/Mod me down: I wont frown as I've no crown
This is embarrassing... but also terrible interface design. I once spent 10 minutes trying to solve a Microsoft captcha. It turned out that the page was designed such that pressing "enter" to finish the captcha actually triggered some other form option. I tried multiple browsers. And finally... decided to try clicking the submit button with the mouse.
I wasn't too impressed.
the reason we have these human verification systems is obvious, as small group of people are ruining it for everyone. perhaps if we actually have strict enforcement of catching spammers then we wouldnt need all this annoying bullshit.
right now we are developing stronger armor when what we should be doing is stopping the shooter/spammer.
Anons need not reply. Questions end with a question mark.
There are fewer people trying to break recaptcha, just like how no one can be bothered to break that linksus (linksys?) os no one uses.
Everyone knows CAPTCHA's are supposed to discriminate between humans and robots based on their cognitive capabilities, but I always assumed it was the humans they were trying to keep out. *punches random keys in attempt to match what looks like the last will and testament of a deranged chicken with tourettes*
When things get complex, multiply by the complex conjugate.
... how long, until the only ones able to correctly solve the captchas are computers ... throughout the last couple modifications to the generated images, it already got to the point where I'd have to reload the images multiple times until I got one that I could get close to being able to read ...but maybe my natural senses are just not up to par with AI ...
I've been whining about this for years.
...no doubt the same techniques used in their excellent spam filter setup on gmail. You know, the one that will repeatedly mark incoming mail as spam even though you have already marked it over and over as "not spam". Or the classic: Google marks as spam incoming mail with a sent-from address that matches an already verified alias in your own account.
Yeah, I know, there's no way I can be right in light of the thousands of PhD's employed by Google. The collective brainpower is staggering, so Google will always be right in everything they do.
What you describe can happen if the headers in the email appear to be forged. *That* can happen if your email is being routed strangely.
Here's one example: my organization uses hosted gmail for our domain email. However, our *institution* sold out to Microsoft. We were allowed to continue to use our hosted gmail. "Whew, dodged that bullet!", I thought, until email from other gmail users started being marked as "Person X may not have sent this email", and my Amazon.com order/shipping notifications started being sent to the spam folder.
What happened? Our institutional overlords required that our email be routed through MS' outlook.com servers. Thus all our inbound email appeared to have forged headers. GMail legitimately ignored my whitelist filter rules when it appeared that the field values for "from:", etc, were forged.
This may not reflect your situation, but I'm sure there are other weird scenarios where email to/from gmail can appear to be forged.