Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com)

Posted by BeauHD on Monday December 5, 2016 @11:20AM from the invisible-man dept.

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.

57 comments

Min score:

Reason:

Sort:

Well then by Anonymous Coward · 2016-12-05 11:26 · Score: 0

Guess they got tired of people saying store fronts were rivers in their image classification.
1. Re:Well then by sims+2 · 2016-12-05 11:32 · Score: 1
  
  Nah only bots think rivers are storefronts.
  
  --
  Minimum threshold fixed. Thanks!
2. Re:Well then by Anonymous Coward · 2016-12-05 11:39 · Score: 0
  
  Nah only bots think rivers are storefronts.
  Exactly. It's Sims that think rivers are street signs.
Thank god by Anonymous Coward · 2016-12-05 11:30 · Score: 0

Part of me is happy, those things can get annoying, hopefully the algorithms used work well, and doesn't make too many (if any) false positives.
not sure what that means, but... by Anonymous Coward · 2016-12-05 11:31 · Score: 0

Here's how they usually for me right now.
"Please click the things that are storefronts."
"Uhh... ok. That's a section of a brick wall that might be a house or might be a store, and I can't tell because I can't see enough of it. I'll guess... oh, and that one might be a considered a store, or it might be a government building that isn't a store, and it's hard to tell which from the picture...."
By the time I click done, my probability on each guess gets multiplied together into a number that is apparently about 0.1, and it asks me a new one all over again, "Click the images that contain a car". "Uh..., well that one contains a light truck, do you consider that a car, or not?" And off we go all over again.
I'd be happier if they asked something concrete that wasn't subject to so much fuzzy interpretation. "Click the image that is the derivative with respect to X of the following image of a polynomial". That would have a specific answer not open to shades of interpretation.
1. Re: not sure what that means, but... by Anonymous Coward · 2016-12-05 11:43 · Score: 0
  
  And if they do the derivation right, they're a computer, right?
2. Re:not sure what that means, but... by sims+2 · 2016-12-05 11:44 · Score: 1
  
  I always assume its literal. Why? Because google is trying to tag the images with keywords for easier searching thus a car is not a truck and bricks are not a storefront.
  If you searched google for "storefront" you wouldn't be looking for a picture of "bricks" just as if you search for "cars" you probably aren't looking for pictures of mac trucks.
  Years ago I had the same problem with tests and I had to guess did they FK up the question on accident or was it FKed on purpose to see if you would notice?
  Here's a good example I remember from a few years back:
  Does an inkjet printer work by spaying ink on printer?
  No it sprays ink on paper it doesn't spray ink on itself unless something breaks but it would be an easy typo for the person writing the test to make.
  
  --
  Minimum threshold fixed. Thanks!
3. Re: not sure what that means, but... by Anonymous Coward · 2016-12-05 11:48 · Score: 0
  
  I don't know what you're talking about when you say spaying ink on printer. I do, however, support the spaying of niigger hoes. For that matter, niigger bucks should be neutered as early in life as possible.
4. Re:not sure what that means, but... by Anonymous Coward · 2016-12-05 11:52 · Score: 0
  
  I thought the whole idea behind "no"captcha was that there wasn't any question or that the question didn't have a right or wrong answer. Isn't it based on dwell-time and mouse movements?
5. Re:not sure what that means, but... by Anonymous Coward · 2016-12-06 01:48 · Score: 0
  
  The idea was that your average smartphone user didn't want to type a simple letter captcha so they created the tap-friendly crap one
Ummm by Anonymous Coward · 2016-12-05 11:32 · Score: 0

Some bots are actually browsers driven by scripts as opposed to a web driver provided by the browser. How will it differentiate me clicking a link from a bot clicking the mmouse on a link?
1. Re:Ummm by Anonymous Coward · 2016-12-05 12:49 · Score: 0
  
  That's a solved problem with a number of solutions. There is all sorts of behavioural analysis that can be done, but the easiest way is just to just to query the browser. It will happily tell the site if it is being driven by a extension or a human.
2. Re: Ummm by Anonymous Coward · 2016-12-06 08:56 · Score: 0
  
  What about extensions that are run by the user but can contain small scripts or macros such as vimperator?
Mechanical turk and/or AI to the rescue by Anonymous Coward · 2016-12-05 11:43 · Score: 0

The "puzzle" (not really a puzzle), solved once by a human, can be tweaked by AI to bypass any useful measures. What is the input they are measuring - mouse directions and velocities? Pretty sure that can be faked out to look like it comes from a human. This is war of the AIs!
1. Re:Mechanical turk and/or AI to the rescue by sims+2 · 2016-12-05 11:48 · Score: 1
  
  You get that figured out you let me know I figure its worth at least $4/mo to bypass capatchas everywhere.
  
  --
  Minimum threshold fixed. Thanks!
2. Re: Mechanical turk and/or AI to the rescue by Anonymous Coward · 2016-12-06 08:59 · Score: 0
  
  You could probably modify just about any 2d game bot code to go to the area with the link while adding a bit of entropy to it's course.
It's about time by pushing-robot · 2016-12-05 11:48 · Score: 3, Funny

Their last system made me uncomfortable.

--
How can I believe you when you tell me what I don't want to hear?
1. Re:It's about time by Archangel+Michael · 2016-12-05 11:55 · Score: 0
  
  I self Identify as a robot!
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
2. Re:It's about time by seoras · 2016-12-05 12:48 · Score: 0
  
  Their new system reminds me of the unbelievable year we've had.
3. Re:It's about time by Aighearach · 2016-12-05 13:22 · Score: 1
  
  auto-banned lol
4. Re:It's about time by b783719 · 2016-12-05 14:26 · Score: 1
  
  Their last system made me uncomfortable.
  It does make people wonder if that's a verification for us or a message from someone trapped behind recaptcha.
  You sure it's just an algorithm?
5. Re:It's about time by dlingman · 2016-12-06 00:55 · Score: 1
  
  Well, the foxconn ex-workers displaced by robots have to do something to feed themselves right?
6. Re:It's about time by Anonymous Coward · 2016-12-06 01:45 · Score: 0
  
  It also a bloated thing which includes it's own javascript-based VM
7. Re:It's about time by Anonymous Coward · 2016-12-06 04:56 · Score: 0
  
  I fail reCAPTCHA regularly. Booo.
Re: Hey BauHD - your reminder that TRUMP WON by Archangel+Michael · 2016-12-05 11:52 · Score: 0

Have Madonna Do it. She owes everyone who voted for Hillary a blowjob.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Re: Hey BauHD - your reminder that TRUMP WON by Anonymous Coward · 2016-12-05 11:56 · Score: 0

That's what I get for voting for Trump :-(
Deadline? by Anonymous Coward · 2016-12-05 11:56 · Score: 0

This can't come out sooner
Re: Hey BauHD - your reminder that TRUMP WON by Anonymous Coward · 2016-12-05 12:06 · Score: 0

i didnt vote and didnt care.
get rid of the FUCKING CAPTCHA by Anonymous Coward · 2016-12-05 12:07 · Score: 0

fucking idiots trigger captchas just for using advanced search functionality like "site:". i've switched to Bing out of spite.
Nonces by Anonymous Coward · 2016-12-05 12:11 · Score: 0

"According to this specification, CloudFlare is working on a Tor Browser extension that generates one-time authentication tokens, called nonces."
Is the author of TFA sure that they weren't referring to Tor users themselves?
1. Re:Nonces by sexconker · 2016-12-05 12:52 · Score: 1
  
  It's almost as if you don't know what a nonce is.
  Hint - it's a value used only once.
2. Re:Nonces by Anonymous Coward · 2016-12-05 14:04 · Score: 0
  
  A non-response:
  Anon, a nonce is used but once
  And once a nonce is used, perchance,
  It's gone, y'ponce!
3. Re:Nonces by Anonymous Coward · 2016-12-05 22:03 · Score: 0
  
  Whoosh.
4. Re:Nonces by Anonymous Coward · 2016-12-06 04:19 · Score: 0
  
  It's an insult in British slang. That's the primary meaning for a lot of non-technical people.
I'm tired of mistraining their AI by Anonymous Coward · 2016-12-05 12:12 · Score: 0

I welcome this.
1. Re:I'm tired of mistraining their AI by Anonymous Coward · 2016-12-05 12:17 · Score: 0
  
  I'm worried. I always fail Turing tests.
Ya, but how? by MrLogic17 · 2016-12-05 14:09 · Score: 1

I've been curious about those "I'm not a robot" checkboxes. How does it differentiate between a humsn and script checking that box?
I've guessed that it had to do with timing of page load vs checkbox, or with tracking mouse movements for human-like movements.
Anyone have the scoop?
1. Re:Ya, but how? by Anonymous Coward · 2016-12-05 14:31 · Score: 0
  
  I'd bet it has to do with time to click vs load times, and they *do* sometimes ask for more questions if they aren't sure.
2. Re:Ya, but how? by Anonymous Coward · 2016-12-05 14:33 · Score: 2, Informative
  
  It does both, along with other heuristics. If it detects a normal delay in reaching the checkbox and normal mouse movements it will usually let you proceed. If it's suspicious, because the box was checked too quickly, or the mouse movements were unnatural (or the pointer jumped without following a patch), or the traffic follows a common pattern, it will display a secondary test. That test will be text recognition, or pattern recognition that's easy for a human but tough for a computer (choose all squares that contain X).
  It's very effective against automated solvers, but pages can still be passed through to a CAPTCHA solving service which hires people in India and such to constantly solve them very cheaply. I just looked up a quote and it's only $1.39 per 1000 solutions.
3. Re:Ya, but how? by Anonymous Coward · 2016-12-05 20:17 · Score: 1
  
  Thank you - you just explained why I *always* end up having to do the secondary test. I habitually use tab to step between elements and space to select, skipping the mouse entirely. Might try using the mouse next time and see what happens.
4. Re:Ya, but how? by dunkelfalke · 2016-12-06 00:27 · Score: 1
  
  Easy for a human, you say?
  
  --
  "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
5. Re:Ya, but how? by dlingman · 2016-12-06 00:57 · Score: 1
  
  It does both, along with other heuristics. If it detects a normal delay in reaching the checkbox and normal mouse movements it will usually let you proceed. If it's suspicious, because the box was checked too quickly, or the mouse movements were unnatural (or the pointer jumped without following a patch)
  So how does THAT work on touch screens? Delay might still be there, but I typically don't drag my finger over the screen to reach a checkbox.
6. Re:Ya, but how? by alci63 · 2016-12-06 02:32 · Score: 1
  
  It might also be more low tech than said : apparently, it is also relying on a cookie to retain information about your authenticity !! https://www.shieldsquare.com/s...
What's Their Angle? by Anonymous Coward · 2016-12-05 15:07 · Score: 0

How will this improve their data mining efforts? Have all their street view images been successfully tagged and categorized?
#OperationReNigger by Anonymous Coward · 2016-12-05 15:33 · Score: 0

Captchas are the AIDS of the internet.
Bag of tricks. by eriks · 2016-12-05 16:50 · Score: 1

I've been doing something similar for years. It's probably not as complex as what google is doing, but with little more than a few tricks with a hashed timestamp, and making sure that javascript works, it stops most bots.
1. Re:Bag of tricks. by Anonymous Coward · 2016-12-06 04:50 · Score: 0
  
  It's surprising how stupid most bots are. All my forms have a single display:none field (ie contact form has Name, Email, Subject and Message, where Subject is hidden), and if that display:none field has a value, I throw away the form submission.
  
  Sure, if everybody did this bots would be quick to adapt, but for now it's been pretty damn close to 100% effective.
2. Re:Bag of tricks. by szy · 2016-12-06 23:18 · Score: 1
  
  Javascript requirement is sad if like me, you're blocking it by default on non-whitelisted sites.
Re:Hey BauHD - your reminder that TRUMP WON by Anonymous Coward · 2016-12-06 05:03 · Score: 0

Yeah...but Hillary got more votes.
See, that means more people actually want her as President.
The only reason Trump is President is because of the outdated, bassackwards, loophole flukes of the Electoral College.
But hey.....keep making yourself feel like your candidate actually deserves it!
Do not want by AnonymousCube · 2016-12-06 09:16 · Score: 1

If it's like their previous attempts at CAPTCHA-less CAPTCHAs this will involve taking information like mouse movements and your browser fingerprint, and then analyzing that to decide if you're human. Deeply concerning. Google already knows enough about my browsing habits by having their scripts embedded everywhere.
I miss the "two words" reCAPTCHA by Anonymous Coward · 2016-12-06 15:20 · Score: 0

Before Google bought reCAPTCHA, (and shortly thereafter), the goal was citizen science of sorts. It'd give you two words, one is a word from a book that needs to be OCR'd, and another that the machine generated (as usual).
Over time, people filling out CAPTCHAs would help OCR old books.
Now the challenges are along the lines of "help Google learn how to OCR street numbers!", which is less useful.
Yep. Full ReCAPTCHA for me in private browsers by WoTG · 2016-12-06 17:41 · Score: 1

Yeah, anecdotally I think I get the full recaptcha test when I happen to be in an incognito window. Pretty rarely in the regular browser windows.
why cripple the internet? by Anonymous Coward · 2016-12-07 01:17 · Score: 0

why is the internet crippled with this stuff anyway - who cares if i download or a bot does it for me? a huge leap backwards to the dark ages
Re:Hey BauHD - your reminder that TRUMP WON by Anonymous Coward · 2016-12-08 02:55 · Score: 0

Yeah...but Hillary got more votes.
That's because Trump didn't invest too much in CA. If the system was different, campaigning would have been different, and result the same.