Google Updates ReCAPTCHA With Easier CAPTCHAs For Humans

← Back to Stories (view on slashdot.org)

Google Updates ReCAPTCHA With Easier CAPTCHAs For Humans

Posted by timothy on Friday October 25, 2013 @10:51PM from the destroy-all-humans dept.

An anonymous reader writes "Google today released an update to its reCAPTCHA system that creates different classes of CAPTCHAs for different kinds of users. In short, it makes your life easier if you're a human, and your work much harder if you're a bot. Unsurprisingly, Google wouldn't share too much detail as to how the new system works, aside from saying it uses advanced risk analysis techniques, actively considering the user's entire engagement (before, during and after) with the CAPTCHA. In other words, the distorted letters are not the only test."

20 of 81 comments (clear)

Min score:

Reason:

Sort:

Google can now see the future? by Anonymous Coward · 2013-10-25 23:09 · Score: 4, Funny

The CAPTCHA is influenced by what you do after you exit it?
1. Re:Google can now see the future? by Anonymous Coward · 2013-10-25 23:25 · Score: 3, Insightful
  
  Google can't see the future, but we can.
  It's a future in which Google has added so many barriers to using their services that they have no human users left. Only the bots don't care about having to deal with all the added tedium.
2. Re:Google can now see the future? by BradleyUffner · 2013-10-26 04:10 · Score: 2
  
  The CAPTCHA is influenced by what you do after you exit it?
  My guess is that Google watches what you did after the PREVIOUS captcha and uses that to determine how to display upcoming ones.
  This could be useful to detect capthca farms where people sit all day and just solve the captcha for spam bots. If you immediately move from one to the next to the next without spending any time looking at content then it's time to serve you something that takes more time to solve. If, on the other hand, you solve only a few captchas a day they can give you something easy.
Spoiler! by Anonymous Coward · 2013-10-25 23:10 · Score: 3, Informative

They're extending the user categorisation checks. It checks your IP address against a risk and Geo database. You're all smart enough to know what makes certain users riskier (eg: excessive requests, certain countries, is a Tor exit node etc.). They're just doing that properly now.
1. Re:Spoiler! by mstefanro · 2013-10-26 03:42 · Score: 3, Informative
  
  I can confirm that this happens for Tor exit nodes. They serve their CAPTCHAs to third-party
  websites as well, and if it so happens that you want to use a website via Tor that uses their
  CAPTCHA on login, the challenges they give you simply cannot be solved. I am not exaggerating,
  I have been trying for ten minutes in the past to login on a certain website via Tor and was unable
  to. Finally, I found the solution at the time: you have to go to google's login page one time and then
  all the CAPTCHA's start becoming readable.
2. Re:Spoiler! by Anonymous Coward · 2013-10-26 05:02 · Score: 2, Insightful
  
  Finally, I found the solution at the time: you have to go to google's login page one time and then
  all the CAPTCHA's start becoming readable.
  If you mean you have to go there to log in, rather than just load the page, doesn't that rather defeat the purpose of using tor in the first place?
Poor Granny... by beaverdownunder · 2013-10-25 23:22 · Score: 3, Insightful

She ends up on a bum IP and ends up getting hopelessly indecipherable gibberish as the verification for paying her electric bill?
Not sure blacklisting is the best way to go about this...
1. Re:Poor Granny... by InvalidError · 2013-10-25 23:32 · Score: 2
  
  My mother had a run-in with Microsoft's captchas a few times due to failed login attempts and when that happens, she usually asks my sister to unlock her account but even my sister often has trouble with it so she ends up asking me.
  Quite ironic that tests designed to tell humans from machines seem to cause humans to fail so much.
2. Re:Poor Granny... by GuldKalle · 2013-10-26 00:11 · Score: 4, Funny
  
  In the CAPTCHA, maybe you couldn't read it.
  
  --
  What?
3. Re:Poor Granny... by gmanterry · 2013-10-26 08:00 · Score: 2
  
  I often fail it as well. In some cases, it is just unreadable.
  You should try them when you're in your 70s. I have had sites I just gave up on. My kids live 2500 miles away.
  
  --
  Since when is "public safety" the root password to the Constitution?
Plus the audio version by NotSoHeavyD3 · 2013-10-26 00:16 · Score: 5, Funny

On those ones have you ever tried hitting the button that's supposed to say the captcha out loud just in case you can't read it?(Which is most of the time) I swear it sounds like some sort of inhuman moaning straight from the Necronomicon that would be more appropriate to summon some sort of demon.

--
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
1. Re:Plus the audio version by deains · 2013-10-26 00:48 · Score: 2
  
  On those ones have you ever tried hitting the button that's supposed to say the captcha out loud just in case you can't read it?(Which is most of the time) I swear it sounds like some sort of inhuman moaning straight from the Necronomicon that would be more appropriate to summon some sort of demon.
  And thus, Inglip was born.
Blame Sonny Bono by tepples · 2013-10-26 01:24 · Score: 2

What it could mean is that Google has caught up with the Copyright Term Extension Act of 1998 and finished all notable books in the English language published before 1923. Google has to set reCAPTCHA to read house numbers for Google Maps to pass the time until 2019 when copyrights will start expiring again barring yet another legislative extension.
1. Re:Blame Sonny Bono by squiggleslash · 2013-10-26 04:18 · Score: 2
  
  I forgot that's what they were trying to do. So if you see some online books with completely absurd words in them, you can blame me. You see, when I get a CAPTCHA, I always make a good faith attempt to solve it on the first go.
  On the second, I figure that if they're going to screw me around by not accepting a reasonable interpretation of their CAPTCHA, I'll do the same thing: the generated part I try to guess. The photo part, well, for that I'll enter something completely ridiculous.
  Which probably makes me an asshole. But from day 1, the CAPTCHA system has been completely flawed and a waste of most people's time. At the very least, the creators of the various systems out there seem to have paid no thought to making sure humans can, actually, solve them, not even picking fonts that would allow users to easily see if the sequence of random characters has a 1, a lowercase l, an uppercase I, or a randomly drawn line designed, supposedly, to fool robots but that almost certainly only ever fools humans.
  I don't know if this one will be better. Google seems to be producing a lot of crap these days, and has lost sight of the fact that most people use its tools because it was making tools people want to use, rather than tools Google wants people to use. So we'll see, and hopefully it'll be an improvement.
  
  --
  You are not alone. This is not normal. None of this is normal.
2. Re:Blame Sonny Bono by chihowa · 2013-10-26 08:01 · Score: 2
  
  Are you going for funny? reCAPTCHA has always been about deciphering books:
  
  reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows.
  reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
probabilities. FaceTuring does none for returning by raymorris · 2013-10-26 01:45 · Score: 2

If the earlier checks suggest it's likely to be a bot, use a harder captcha to double check. If it's likely to be a human, use an easier captcha as confirmation.
If the system is pretty sure it's a returning user, FaceTuring doesn't require a captcha at all. I don't know if recaptcha ever goes as far as not requiring the captcha at all.
Or they could do this by Impy+the+Impiuos+Imp · 2013-10-26 03:17 · Score: 2

1. Google uses analytics and other techniques to find the IP addresses that are "captcha-busters".
2. Automate their captcha generator to feed into these with honeypot pages to see which ones they can bust.
3. Assemble lists of ones they cannot.
4. Profit!
It's a dynamic, revolving door, but when automated it's great. BTW I wouldn't mind a new job there, hint hint.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Thank-you Google by Stolzy · 2013-10-26 12:09 · Score: 2

I've been whining about this for years.
Google uses "advanced risk analysis techniques"... by pongo000 · 2013-10-26 19:44 · Score: 2

...no doubt the same techniques used in their excellent spam filter setup on gmail. You know, the one that will repeatedly mark incoming mail as spam even though you have already marked it over and over as "not spam". Or the classic: Google marks as spam incoming mail with a sent-from address that matches an already verified alias in your own account.
Yeah, I know, there's no way I can be right in light of the thousands of PhD's employed by Google. The collective brainpower is staggering, so Google will always be right in everything they do.
Re:Google uses "advanced risk analysis techniques" by stoploss · 2013-10-26 22:10 · Score: 3, Informative

What you describe can happen if the headers in the email appear to be forged. *That* can happen if your email is being routed strangely.
Here's one example: my organization uses hosted gmail for our domain email. However, our *institution* sold out to Microsoft. We were allowed to continue to use our hosted gmail. "Whew, dodged that bullet!", I thought, until email from other gmail users started being marked as "Person X may not have sent this email", and my Amazon.com order/shipping notifications started being sent to the spam folder.
What happened? Our institutional overlords required that our email be routed through MS' outlook.com servers. Thus all our inbound email appeared to have forged headers. GMail legitimately ignored my whitelist filter rules when it appeared that the field values for "from:", etc, were forged.
This may not reflect your situation, but I'm sure there are other weird scenarios where email to/from gmail can appear to be forged.