Google Updates ReCAPTCHA With Easier CAPTCHAs For Humans

An anonymous reader writes "Google today released an update to its reCAPTCHA system that creates different classes of CAPTCHAs for different kinds of users. In short, it makes your life easier if you're a human, and your work much harder if you're a bot. Unsurprisingly, Google wouldn't share too much detail as to how the new system works, aside from saying it uses advanced risk analysis techniques, actively considering the user's entire engagement (before, during and after) with the CAPTCHA. In other words, the distorted letters are not the only test."

Google can now see the future?

The CAPTCHA is influenced by what you do after you exit it?

Re:Google can now see the future?

Google can't see the future, but we can.

It's a future in which Google has added so many barriers to using their services that they have no human users left. Only the bots don't care about having to deal with all the added tedium.

Spoiler!

They're extending the user categorisation checks. It checks your IP address against a risk and Geo database. You're all smart enough to know what makes certain users riskier (eg: excessive requests, certain countries, is a Tor exit node etc.). They're just doing that properly now.

Re:Spoiler!

[mstefanro]

I can confirm that this happens for Tor exit nodes. They serve their CAPTCHAs to third-party
websites as well, and if it so happens that you want to use a website via Tor that uses their
CAPTCHA on login, the challenges they give you simply cannot be solved. I am not exaggerating,
I have been trying for ten minutes in the past to login on a certain website via Tor and was unable
to. Finally, I found the solution at the time: you have to go to google's login page one time and then
all the CAPTCHA's start becoming readable.

Poor Granny...

[beaverdownunder]

She ends up on a bum IP and ends up getting hopelessly indecipherable gibberish as the verification for paying her electric bill?

Not sure blacklisting is the best way to go about this...

Re:Poor Granny...

[GuldKalle]

In the CAPTCHA, maybe you couldn't read it.

Plus the audio version

[NotSoHeavyD3]

On those ones have you ever tried hitting the button that's supposed to say the captcha out loud just in case you can't read it?(Which is most of the time) I swear it sounds like some sort of inhuman moaning straight from the Necronomicon that would be more appropriate to summon some sort of demon.

Re:Google uses "advanced risk analysis techniques"

[stoploss]

What you describe can happen if the headers in the email appear to be forged. *That* can happen if your email is being routed strangely.

Here's one example: my organization uses hosted gmail for our domain email. However, our *institution* sold out to Microsoft. We were allowed to continue to use our hosted gmail. "Whew, dodged that bullet!", I thought, until email from other gmail users started being marked as "Person X may not have sent this email", and my Amazon.com order/shipping notifications started being sent to the spam folder.

What happened? Our institutional overlords required that our email be routed through MS' outlook.com servers. Thus all our inbound email appeared to have forged headers. GMail legitimately ignored my whitelist filter rules when it appeared that the field values for "from:", etc, were forged.

This may not reflect your situation, but I'm sure there are other weird scenarios where email to/from gmail can appear to be forged.