Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com)

Posted by BeauHD on from the invisible-man dept.

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.

18 of 57 comments (clear)

  1. Re:Well then by sims+2 · · Score: 1

    Nah only bots think rivers are storefronts.

    --
    Minimum threshold fixed. Thanks!
  2. Re:not sure what that means, but... by sims+2 · · Score: 1

    I always assume its literal. Why? Because google is trying to tag the images with keywords for easier searching thus a car is not a truck and bricks are not a storefront.

    If you searched google for "storefront" you wouldn't be looking for a picture of "bricks" just as if you search for "cars" you probably aren't looking for pictures of mac trucks.

    Years ago I had the same problem with tests and I had to guess did they FK up the question on accident or was it FKed on purpose to see if you would notice?

    Here's a good example I remember from a few years back:
    Does an inkjet printer work by spaying ink on printer?

    No it sprays ink on paper it doesn't spray ink on itself unless something breaks but it would be an easy typo for the person writing the test to make.

    --
    Minimum threshold fixed. Thanks!
  3. Re:Mechanical turk and/or AI to the rescue by sims+2 · · Score: 1

    You get that figured out you let me know I figure its worth at least $4/mo to bypass capatchas everywhere.

    --
    Minimum threshold fixed. Thanks!
  4. It's about time by pushing-robot · · Score: 3, Funny

    Their last system made me uncomfortable.

    --
    How can I believe you when you tell me what I don't want to hear?
    1. Re:It's about time by Aighearach · · Score: 1

      auto-banned lol

    2. Re:It's about time by b783719 · · Score: 1

      Their last system made me uncomfortable.

      It does make people wonder if that's a verification for us or a message from someone trapped behind recaptcha.

      You sure it's just an algorithm?

    3. Re:It's about time by dlingman · · Score: 1

      Well, the foxconn ex-workers displaced by robots have to do something to feed themselves right?

  5. Re:Nonces by sexconker · · Score: 1

    It's almost as if you don't know what a nonce is.
    Hint - it's a value used only once.

  6. Ya, but how? by MrLogic17 · · Score: 1

    I've been curious about those "I'm not a robot" checkboxes. How does it differentiate between a humsn and script checking that box?
    I've guessed that it had to do with timing of page load vs checkbox, or with tracking mouse movements for human-like movements.
    Anyone have the scoop?

    1. Re:Ya, but how? by Anonymous Coward · · Score: 2, Informative

      It does both, along with other heuristics. If it detects a normal delay in reaching the checkbox and normal mouse movements it will usually let you proceed. If it's suspicious, because the box was checked too quickly, or the mouse movements were unnatural (or the pointer jumped without following a patch), or the traffic follows a common pattern, it will display a secondary test. That test will be text recognition, or pattern recognition that's easy for a human but tough for a computer (choose all squares that contain X).

      It's very effective against automated solvers, but pages can still be passed through to a CAPTCHA solving service which hires people in India and such to constantly solve them very cheaply. I just looked up a quote and it's only $1.39 per 1000 solutions.

    2. Re:Ya, but how? by Anonymous Coward · · Score: 1

      Thank you - you just explained why I *always* end up having to do the secondary test. I habitually use tab to step between elements and space to select, skipping the mouse entirely. Might try using the mouse next time and see what happens.

    3. Re:Ya, but how? by dunkelfalke · · Score: 1

      Easy for a human, you say?

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    4. Re:Ya, but how? by dlingman · · Score: 1

      It does both, along with other heuristics. If it detects a normal delay in reaching the checkbox and normal mouse movements it will usually let you proceed. If it's suspicious, because the box was checked too quickly, or the mouse movements were unnatural (or the pointer jumped without following a patch)

      So how does THAT work on touch screens? Delay might still be there, but I typically don't drag my finger over the screen to reach a checkbox.

    5. Re:Ya, but how? by alci63 · · Score: 1

      It might also be more low tech than said : apparently, it is also relying on a cookie to retain information about your authenticity !! https://www.shieldsquare.com/s...

  7. Bag of tricks. by eriks · · Score: 1

    I've been doing something similar for years. It's probably not as complex as what google is doing, but with little more than a few tricks with a hashed timestamp, and making sure that javascript works, it stops most bots.

    1. Re:Bag of tricks. by szy · · Score: 1

      Javascript requirement is sad if like me, you're blocking it by default on non-whitelisted sites.

  8. Do not want by AnonymousCube · · Score: 1

    If it's like their previous attempts at CAPTCHA-less CAPTCHAs this will involve taking information like mouse movements and your browser fingerprint, and then analyzing that to decide if you're human. Deeply concerning. Google already knows enough about my browsing habits by having their scripts embedded everywhere.

  9. Yep. Full ReCAPTCHA for me in private browsers by WoTG · · Score: 1

    Yeah, anecdotally I think I get the full recaptcha test when I happen to be in an incognito window. Pretty rarely in the regular browser windows.