Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's reCAPTCHA Turns 'Invisible,' Will Separate Bots From People Without Challenges (arstechnica.com)

Posted by BeauHD on from the prove-you're-not-a-robot dept.

Google is making CAPTCHAs invisible using "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." Ars Technica reports: The old reCAPTCHA system was pretty easy -- just a simple "I'm not a robot" checkbox would get people through your sign-up page. The new version is even simpler, and it doesn't use a challenge or checkbox. It works invisibly in the background, somehow, to identify bots from humans. Google doesn't go into much detail on how it works, only saying that the system uses "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." More detailed information on how the system works would probably also help bot-makers crack it, so don't expect details to pop up any time soon. When sites switch over to the invisible CAPTCHA system, most users won't see CAPTCHAs at all, not even the "I'm not a robot" checkbox. If you are flagged as "suspicious" by the system, then it will display the usual challenges.

91 of 160 comments (clear)

  1. "suspicious" by the system by turkeydance · · Score: 1

    the ceiling is the roof

    1. Re: "suspicious" by the system by Spazmania · · Score: 2, Insightful

      yeah... display the usual challenges and then reject correct answers two or three times in a row before accepting a correct one. And by the way Linux = suspicious. It's a POS.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    2. Re: "suspicious" by the system by Spazmania · · Score: 1

      Just reporting my experience with the product, so if you're the guy who wrote it then right back at you.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    3. Re: "suspicious" by the system by Anonymous+Brave+Guy · · Score: 1

      You got through after only two or three times? That's a huge improvement on the old system then. I have literally been locked out of making financial payments and even being able to access some government systems because of captcha madness, giving up trying after several minutes of not being able to get one right. The picture-based ones, where you have to click every square with a tree or road sign or something, are the worst. So much time wasted.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    4. Re: "suspicious" by the system by Spazmania · · Score: 1

      This. So much this.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    5. Re: "suspicious" by the system by PixetaledPikachu · · Score: 1

      "The desk is just a desk"
      Twice's Sana

  2. Up until it tags the handicapped as bots by Anonymous Coward · · Score: 3, Interesting

    I believe there are accessibility laws most parts of the world ....

    1. Re:Up until it tags the handicapped as bots by gnick · · Score: 1

      If they're compliant now, it shouldn't be a problem. If you're suspicious, they just kick you back to the system they were using before. If they're not compliant now, this may be part of their accessibility solution.

      --
      He's getting rather old, but he's a good mouse.
  3. Eh! by Anonymous Coward · · Score: 1

    "You're either a bot or you're running NoScript!"

    1. Re:Eh! by Anonymous Coward · · Score: 1

      As far as I can tell, if you are running noscript you cannot get through these things at all.

      Google wants to know what you are signing up for. If you won't tell it, it won't let you pass.

    2. Re:Eh! by infolation · · Score: 1

      But google's CAPTCHAs are not only used for signups. If you search google using the TOR browser you're also presented with CAPTCHAs for every search. Which gets quite annoying.

      (Google say they don't target TOR but experience says otherwise.)

    3. Re:Eh! by toddestan · · Score: 1

      Browsing the internet through TOR is downright painful now thanks to all of the CAPTCHA garbage. Besides Google, Cloudfare is another major offender. Though at least as far as search goes, you can use DuckDuckGo.

  4. Don't know how I feel about this by Anonymous Coward · · Score: 2, Interesting

    For one thing, I never get the checkbox from my residential IP connection. But once I switch to my vpn on my own assigned /24 I get recaptcha's all day. This isn't new, I've been browsing from the same /24 for the last 5 years. Yet for some reason, Google things when I'm coming from there I'm a threat. I know I'm a minority that's going to be drowned out because who cares about the few users caught in the net. It's just an annoying feature that kills any competition for my business. Any remote sites using a squid cache connection get the reCaptcha flag. They switch to a different provider or move the cache server to GCE then everything magically works.

    What's a BOFH to do.

    1. Re:Don't know how I feel about this by jaymemaurice · · Score: 1

      Did you ever make sure that /24 doesn't have an open proxy, DNS or NTP server running on it? Did you make sure that there are DNS reverse/PTR records? When using squid did you make sure it is locked down? Did you ever try removing the x-forwarded-for headers or adding them?

      --
      120 characters ought to be enough for anyone
  5. Lots of work to do by arth1 · · Score: 5, Informative

    For some reason, I get flagged for captchas all the time, but no matter how vigilant I am at choosing storefronts, mountains, street signs and house numbers, I have to go through at least a dozen pages of them before it believes me.
    I wonder whether being behind load balanced proxy servers might have anything to do with it.
    Anyone else having similar problems?

    1. Re:Lots of work to do by MatthiasF · · Score: 5, Insightful

      Yep. I constantly need to do them because I have my browser locked down to stop tracking.

      I have a feeling most of Google's new "invisible" method has more to do with the fact they are tracking you as a unique user and following your path to the page. If it looks legit, they don't challenge.

      But if you're one of the many of us who actively fight being tracked, we're going to be relegated to second-hand internet user thanks to Google's monopoly.

    2. Re:Lots of work to do by sinij · · Score: 1

      Yes, if you lock down your browser you get them a lot. Basically, for Google, if they know where you live and your cat's name - then you don't get shown captchas.

    3. Re:Lots of work to do by hcs_$reboot · · Score: 2

      Yes, and this is because you do, on Google behalf, some picture recognition as well, in order either to confirm some other person recognition "work", or to be the initiator. The percentage distribution between "recognition work" and "actual recaptcha" is not clear, but the more you have to recognize, the more you work for Google at no charge.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    4. Re:Lots of work to do by 93+Escort+Wagon · · Score: 4, Interesting

      Yep. I constantly need to do them because I have my browser locked down to stop tracking.

      I have to do them all the time, and I'm not even that aggressive regarding blocking tracking. I mostly just clear things out after the fact, every few days - I'm not even running noscript (but I am running an ad blocker, and don't use Google for much).
      I'll be curious to see how many of us this disenfranchises...

      --
      #DeleteChrome
    5. Re:Lots of work to do by MatthiasF · · Score: 5, Insightful

      That's a really nice attempt at an apologist's view of Google's monopoly, except credit card companies can only track WHERE you spend money, not the specifics of what you actually bought. Whereas Google literally knows what sites you are browsing, what pages on that site you are browsing, even what parts of the page you read through it's AdSense product and then takes all of that to determine what parts of the Internet it wants to show you through it's Search product. Then there's the email product, and the social media, etc. etc.

      No other entity has ever been able to get that much information in that detail on a "customer" (quotes intentional, since let's face it you're the product to Google, not the customer).

      The fact that Google is pushing an internet standard that would require accepting the use of their invasive business practices to maintain a normal experience on the Internet is pretty abusive of their monopoly in my opinion.

    6. Re:Lots of work to do by arth1 · · Score: 1

      This isn't difficult, and let's be honest, it's also not a big deal (these reCaptchas take like 30 seconds maybe every couple of days).

      30 seconds? More like 10 minutes. Once I've selected all the pictures, I get a new set. And a new set. And a new set. It doesn't matter that I answer them all correctly - I have to go through a lot of sets before finally being let through.

    7. Re:Lots of work to do by Anonymous Coward · · Score: 1

      Yep, same problems for me, and some images are so grainy it's not possible to make out anything on them.
      Since I normally don't have 10 minutes to spare clicking images when I want to do something, I just put that site to my blacklist and find an alternative instead.

    8. Re:Lots of work to do by AmiMoJo · · Score: 3, Informative

      The invisible ones seem to be using things like mouse movements and other measurements of human interaction, which can be difficult to fake. They must have some way to prevent replay attacks. Not sure how they will handle people disabling Javascript, probably fall back to the old HTML5 method.

      I find what triggers to endless captcha loops is:

      - Privacy settings in your browser, especially Privacy Badger and uBlock
      - Blocking Flash/WebGL/Canvas fingerprinting
      - Disabling Javascript
      - Using a VPN
      - Especially using TOR

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:Lots of work to do by jenningsthecat · · Score: 1

      I find what triggers to endless captcha loops is:

      - Privacy settings in your browser, especially Privacy Badger and uBlock - Blocking Flash/WebGL/Canvas fingerprinting - Disabling Javascript - Using a VPN - Especially using TOR

      I find what triggers endless captcha loops is the regression of Google's search capability, such that I have to repeat the same basic query multiple times with different minor variations in attempts to bypass Google's belief that it knows what I want better than I do. At least once a week, and often several times per day, I get stuck doing Google captchas. I guess it doesn't help that I have a wide range of interests and the type and range of query I make can change dramatically in a short period of time.

      Google really is gearing its results to the lowest common denominator among Internet users. It never used to be that way. If I had the opportunity to pay for the quality of search capability that Google provided a decade ago I would do so. But I guess they're not interested in receiving money from us, AKA "their products". They're only interested in monetizing us by selling our data, not in providing quality data to us.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    10. Re:Lots of work to do by TheRaven64 · · Score: 1

      "Oh, but then google.com doesn't work, and I can't watch funny cat videos on YouTube!" Well... what did you expect?

      That's absolutely fine. The problem is that it's not just Google, it's every third-party site that uses reCAPTCHA stops working properly as well if you don't permit Google to track you all across the web.

      --
      I am TheRaven on Soylent News
    11. Re:Lots of work to do by TheRaven64 · · Score: 1

      - Blocking Flash/WebGL/Canvas fingerprinting

      I'd wondered why a load of sites seem to be asking for WebGL access now when nothing seems to need it - using it for fingerprinting makes sense. I disable it by default, because I've worked on GPU drivers and there's no way in hell I'd allow untrusted code into them, even if it's been through a WebGL verifier.

      --
      I am TheRaven on Soylent News
    12. Re: Lots of work to do by BlytheBowman · · Score: 1

      and I can't watch funny cat videos on YouTube!#### Anybody that obsessed with cats needs to check into a mental institution. Seriously Today's die-hard "lolcats" fans - Tomorrow's animal hoarders

    13. Re:Lots of work to do by Wrath0fb0b · · Score: 1

      But if you're one of the many of us who actively fight being tracked, we're going to be relegated to second-hand internet user thanks to Google's monopoly.

      Whatever happened to you happened because the owner of the site chose to use ReCaptcha as a tool to prevent bots. You have no right to insist that a particular website cater a particular user experience to you -- if you don't like it, you can go elsewhere.

      And what monopoly are we talking about here? There's certainly no monopoly on plugins to detect bots, there are dozens. Google might (probably even) have a monopoly on search, but that's hardly relevant to the captcha story. . .

    14. Re: Lots of work to do by BlytheBowman · · Score: 1

      Must suck for those who have any kind of eye or visual perception problems. Those capchas that twist and contort the letters and mash them close together must really be fun for dyslexics.

    15. Re: Lots of work to do by BlytheBowman · · Score: 1

      I never get those on my tablet or phone, but that is because they are generally gimped compared to a desktop or laptop computer (even though there is no real technical reason they can't do what a "proper" computer can , the marketeers demanded these hobbles). If you are using a "proper" desktop computer, Google must ass-u-me the user is some Ev1l SpAm 73rr0r ha>0r and must prove they are innocent. (Yes, I know what our forefathers said, but right now they are bound and gagged and dressed in a silly clown suit, proverbaly speaking. Not even the peasants take seriously or care what they had to say anymore. Citizen Rights? That is so last millenium!) If you are using a browser where you can change the User-Agent string that it sends out to match an Android browser, you may be able to get around this, but be prepared to to be bombarded with "This stupid web site works best with our app!" messages, or be locked out entirely from some sites by this until you change the string back.

    16. Re:Lots of work to do by tepples · · Score: 1

      I've worked on GPU drivers and there's no way in hell I'd allow untrusted code into them, even if it's been through a WebGL verifier.

      What should reach more users: an application developed for WebGL or an application developed for, say, OpenGL on a Mac?

    17. Re:Lots of work to do by Anonymous+Brave+Guy · · Score: 1

      I haven't used much from Google in years, personally. I'll still use Google search if my first choices don't get good results, but usually they do fine. I watch videos on YouTube sometimes. It's not as if anyone actually has to use Google services routinely if they don't want to be subject to Google hassles.

      We're all fine unless other admins start plastering Google-hosted junk all over their own sites. Oh, wait...

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    18. Re:Lots of work to do by TheRaven64 · · Score: 1

      The web-based malware will be a lot easier to deploy, if that's your question.

      --
      I am TheRaven on Soylent News
    19. Re:Lots of work to do by Ol+Olsoc · · Score: 1

      If you don't want somebody knowing what you bought, you absolutely have to use cash.

      That's gone by the wayside. For some reason I had to buy something around a hundred dollars or so with cash. I had to show them ID and give a phone number.

      I suspect a lot of Slashdotters are going to have to sell everything, and move to a compound in remote Idaho, only barter, tear up their SS card, and go back to subsistence living.

      I wonder if the 1840's were really that much better than today.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    20. Re:Lots of work to do by tepples · · Score: 1

      Let me rephrase:

      A video game developer might consider targeting WebGL in order to avoid having to develop the game five times, once each for Windows, macOS, GNU/Linux, iOS, and Android, or to avoid the editorial censorship imposed by the sole app store of one or more of said platforms. If you were developing a video game, would you develop it five times in such a manner, or would you instead limit supported operating systems and forgo revenue from users of others?

    21. Re:Lots of work to do by FlaSheridn · · Score: 1

      http://www.bfi.org.uk/are-you-...

    22. Re:Lots of work to do by dryeo · · Score: 1

      Google doesn't have a monopoly, there's competition like Facebook and MS in the tracking space, Bing in the search engine space and a few ad networks. Soon your ISP will also be competing in gathering your info and selling it as well (yay consumer freedom) and it is harder to block your ISP then just adding a few entries to your hosts file and running no-script. Your ISP also has a lot more power then Google in controlling your internet use

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    23. Re:Lots of work to do by cant_get_a_good_nick · · Score: 1

      I always say --

      I really do hope there's an evil Phase 2 to Google, possibly enslaving us and forcing us to use Google Wave, Buzz, and Knol. Because if they're tracking me across every web page, every place I go, listen to everything I say, just to sell me socks, I'd be disappointed.

    24. Re:Lots of work to do by mrchaotica · · Score: 1

      I'd develop it in SDL + OpenGL.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    25. Re:Lots of work to do by tepples · · Score: 1

      And then compile the game made in SDL and OpenGL for which of the five platforms that I mentioned above (Windows, macOS, GNU/Linux, iOS, or Android)? Because I doubt that these platforms are binary compatible, unlike web browsers running a web application.

    26. Re:Lots of work to do by mrchaotica · · Score: 1

      And then compile the game made in SDL and OpenGL for which of the five platforms?

      Um... all of them, as you normally do? I'm confused because you ask that as if it's some kind of problem...

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    27. Re:Lots of work to do by MatthiasF · · Score: 1

      You just linked a service that is essentially only used for huge companies and government entities. Even on that very same page is an explanation that Level 1, the level for the majority of credit card purchases via the average consumer, only passes minimum data like I stated. Level 2 is the old Level 3, where it offers sales tax and a unique customer code along with what Level 1 offers to help track the purchases in the card holder's accounting or ERP systems.

      Level 3 requires an entire infrastructure of software on both sides, the credit card owner and the merchant, for it to work. I doubt many consumer-based merchants have Level 3 support, nor would any amount of fee reduction pay for the expense of it (and I would doubt many merchant merchants would survive had they agreed to doing this). This level of information is only used for large corporations buying from wholesalers and such so they can track the inventory they are purchasing from moment of purchase.

      But nice try Googling something to feed your paranoia.

    28. Re:Lots of work to do by tepples · · Score: 1

      And then compile the game made in SDL and OpenGL for which of the five platforms?

      Um... all of them, as you normally do?

      Not everybody "normally do[es]", for two reasons.

      First, an individual developer graduating from hobby projects to a first revenue-generating project is unlikely to have the financial resources right off the bat to purchase five different devices for which to build and test: a Mac, a Windows 10 PC, a GNU/Linux PC, an iPhone or iPad, and an Android device. He would have to make a version for each platform and use the revenue from users of each platform to fund a port to the next platform. But with web technologies, it's possible to hit multiple operating systems with one testing effort, such as all three major PC operating systems plus Android. In addition, someone who habitually uses Chrome and Firefox and refers to Can I Use is likely to be able to make something that's at least partially usable in Edge and Safari and can fix reported issues on demand. In addition, all users of Edge or Safari for macOS are eligible to install Chrome or Firefox and use it to run a particular web application until the application's support for Edge or Safari is more thorough.

      Second, with WebGL, if you publish the game once, all five platforms receive it simultaneously. There is no mandatory app review process to delay it by two weeks or reject it, as there is with native apps for iOS.

    29. Re:Lots of work to do by mrchaotica · · Score: 1

      First, an individual developer graduating from hobby projects to a first revenue-generating project is unlikely to have the financial resources right off the bat to purchase five different devices for which to build and test: a Mac, a Windows 10 PC, a GNU/Linux PC, an iPhone or iPad, and an Android device.

      LOLWUT?

      There are only two possibilities: either the programmer in question is a hobbyist, or a pro. If the former, then Virtualbox (or whatever other emulator/virtualization system is applicable) would be fine. If the latter, then two phones and a Mac Mini is affordable.

      Besides, even writing platform-specific code from scratch is less complicated and time-consuming than you'd think.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    30. Re: Lots of work to do by BlytheBowman · · Score: 1

      Sucks when you are one of the few

    31. Re: Lots of work to do by BlytheBowman · · Score: 1

      Wow, I just had a flashback to all the stink that arose here when it was revealed that the Pentium 3 cpus would have a unique numerical id Damn, so quaint in this age of locked and signed boot loaders, malware from illigitimate and "legitimate" companies*cough*Sony*cough*, all the major commercial computer and phone operating systems constantly phoning home with shitloads of user info, games with DRM that require an always on internet connection just to load, and other such shit to remind us that we are fast backsliding into Feudal times.

    32. Re:Lots of work to do by tepples · · Score: 1

      There are only two possibilities: either the programmer in question is a hobbyist, or a pro.

      My question was about the transition from the first of these "two possibilities" to the second. But first, let me make sure we agree on definitions. To me, a "professional" means one who has been paid for his work in a particular field. Am I right? Or are you instead defining it as one who seeks to be paid for such?

      I thought one's project to become a professional had to be done with hobbyist tools in order to afford professional tools for the next project. The only ways I can see around this are A. to earn money for the required tools in a day job in a different industry, or B. to release hobby projects to establish one's reputation and then crowdfund the tools needed for a simultaneous 5-platform release of one's first professional project. Which one is more practical?

      If the former, then Virtualbox (or whatever other emulator/virtualization system is applicable) would be fine.

      I thought it was copyright infringement to run macOS in "VirtualBox (or whatever other emulator/virtualization system is applicable)" on anything but a Mac.

      If the latter, then two phones and a Mac Mini is affordable.

      Do you consider it a desirable state of affairs to give Apple a monopoly over computers used by developers? If so, why is this an exception to the inefficiency of monopoly?

    33. Re:Lots of work to do by mrchaotica · · Score: 1

      I thought one's project to become a professional had to be done with hobbyist tools in order to afford professional tools for the next project. The only ways I can see around this are A. to earn money for the required tools in a day job in a different industry, or B. to release hobby projects to establish one's reputation and then crowdfund the tools needed for a simultaneous 5-platform release of one's first professional project. Which one is more practical?

      C. Become a professional and save up money by working at an established company before striking out on your own, D. get venture capital and/or a small business loan, E. go ahead and release on one platform first to get money for proper testing on the others, although that's not ideal), etc.

      I thought it was copyright infringement to run macOS in "VirtualBox (or whatever other emulator/virtualization system is applicable)" on anything but a Mac.

      You run Linux and Mac VMs using a Mac OS host. Obviously.

      Do you consider it a desirable state of affairs to give Apple a monopoly over computers used by developers?

      No, which is why I'd just release on Windows/Linux/Android and fuck Apple. You're the one who predicated this sequence of strawman arguments on wanting to release on Mac and iOS.

      Regardless of all this, the fact remains that writing native code (even if it takes multiple times and testing everywhere) is infinitely better than balancing your game on the gigantic Jenga-tower of excessive abstractions and security holes that is Javascript/WebGL!

      Furthermore, WTF is wrong with you? I've read your posts on Slashdot for many years now, and you're not usually this trollish and stupidly argumentative. Are you ill, or did somebody else take over your account or something?

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    34. Re:Lots of work to do by mrchaotica · · Score: 1

      "Linux and Windows VMs using a Mac OS host," I meant.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    35. Re:Lots of work to do by tepples · · Score: 1

      You run Linux and Mac^W Windows VMs using a Mac OS host. Obviously.

      And thus still need to buy the Mac mini to run the macOS host, making the "hobbyist" and "pro" loadouts the same.

      No, which is why I'd just release on Windows/Linux/Android and fuck Apple.

      At this point, I'm inclined to agree.

  6. Google knows who you are already by Anonymous Coward · · Score: 1

    Translation: Google have collected enough data of most people's browsing habit from google.com + googleanalytics.com + googleadsense, no need to show you a captcha when they know who you are already.

    1. Re:Google knows who you are already by sinij · · Score: 1

      Speak for yourself. Insofar as Google knows, I am a dog.

    2. Re:Google knows who you are already by Black+Parrot · · Score: 3, Funny

      Speak for yourself. Insofar as Google knows, I am a dog.

      No, on the internet nobody knows that.

      --
      Sheesh, evil *and* a jerk. -- Jade
    3. Re:Google knows who you are already by Blig · · Score: 1

      Speak for yourself. Insofar as Google knows, I am a dog.

      Incoming dog food and related products advertising when you visit Google now in 5... 4... 3... 2... 1 ;-)

  7. Given that Google not infrequently flags me... by gweilo8888 · · Score: 1

    Given that Google not infrequently flags my web searches as being "suspicious", you'll forgive me if I expect this to work rather poorly in practice. I won't be holding my breath for the pipe dream of seeing captcha images less frequently...

    1. Re:Given that Google not infrequently flags me... by Anonymous Coward · · Score: 1

      If you do stuff like make a succession of similar searches, but with slightly different word orders or adding one or two different words, and then go deep into the returned page cache (past page 10), then Google's servers might get suspicious and throw a captcha box at you. And they won't be nice about it either - they'll say "Prove you're not a robot."

    2. Re:Given that Google not infrequently flags me... by ayesnymous · · Score: 2

      Google always thinks power users (people who use quotes around phrases, or who use the site:domain.com filter, or who are fast typers able to submit more than 1 search every 5 seconds) are suspicious.

    3. Re:Given that Google not infrequently flags me... by toddestan · · Score: 1

      I don't get why anyone would put with a search engine that throws CAPTCHAs at you when you try to use it. Given how lousy Google's search results are nowadays, it seems pretty easy to make the switch to someone else. I've never seen a CAPTCHA using DuckDuckGo, but I imagine even Bing would be an improvement. And if for some reason you like Google's results, there's always Startpage.

  8. That's nothing... by bistromath007 · · Score: 1

    If they were really smart, they'd just give up so they don't have to dump effort into the arms race anymore and reCAPTCHA would just secretly be a cryptocurrency mining operation.

  9. reCAPTCHA is simply another tracker by Anonymous Coward · · Score: 2, Interesting

    reCAPTCHA is triggered if you take basic precaution when browsing the web, e.g. blocking unnecessary scripts, cookies, trackers, beacons, and of course ads
    If you do, reCAPTCHA will force you to complete a broken AI-training job, collect your behavioral data, and monetize your labor.
    It's purpose: to force you to become a PRODUCT of Google, the all-grabbing data company.

    And now it's even worse.

    Do not endorse reCAPTCHA. Don't put it on your website.

  10. Google Checkmates Antiphorm by retroworks · · Score: 1

    This has been a war over user rights to "camouflage". Google and other ads-funded corporations have feared the "false positive", the background-running random search engine. The recent "are you human" captchas come when I'm not even running an anti-phorm, so I guess I have to prove I'm human because my searches appear to be non-sequetors to Google (though they are not, to me). x2010 http://retroworks.blogspot.com...

    --
    Gently reply
  11. There goes anonymous browsing by cfalcon · · Score: 4, Insightful

    The current "identify some bullshit" captchas can be done without javascript. This seems unlikely to have that failsafe. It will be a wad of purposefully hard to reverse engineer javascript, probably with some timing crap to make it hard to do anything with, and that will be that. It will of course ultimately end up generating telemetry.

    I sound pessimistic, but this has been the direction we've been heading for some time.

    1. Re:There goes anonymous browsing by Anonymous Coward · · Score: 1

      Timing? It could be worse.

      Mouse movement cadence. Path eigenmodes and entropy. OS and browser fingerprinting. Render fingerprinting. Anti-fingerprinting fingerprinting. Cross-correlation with thousands of other features Google already knows about.

      The human as an autonomous and free agent is over. You're a product.

    2. Re:There goes anonymous browsing by jbn-o · · Score: 2

      Perhaps this is the latest PR initiative to try to get the public to defend "invisible" spying. Google makes considerable money and maintains relationships with powerful organizations on the basis of spying. Spying is very much a part of Google's business. Google could probably use a way to get more people to (even indirectly) defend Javascript-based spying by turning the public into ignorant supporters who say things like 'We *need* this invisible reCAPTCHA' when we could actually choose to do without it.

      Without knowing what the code does (and keeping up with all the changes, changes which can happen at any time) we can't confirm this code only does the job Google claims it does.

      --
      Digital Citizen
    3. Re:There goes anonymous browsing by Blig · · Score: 1

      I pictured a captcha image challenge where it gives you assorted piles of crap and you try to guess which ones came from a bull.

      So, would this type of captcha technically be a "crapcha"? ;-)

    4. Re:There goes anonymous browsing by strikethree · · Score: 1

      If this requires javascript, then every site that uses it will lock me out.

      I use noscript. I am willing to go without any information from anyone else, forever, as long as requiring a script to run is part of the deal.

      Executing logic on MY computing device, is purely at my discretion. I am unsure why anyone else feels they have a right to require me to execute logic. Perhaps if they asked, I might agree, depending on the other details in the deal. If it is required up front, then they have my denial up front. There is no business to be had here.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  12. Alternative checkbox by Black+Parrot · · Score: 1

    "Yes, I am a robot, but I'm not going to take your job."

    --
    Sheesh, evil *and* a jerk. -- Jade
    1. Re:Alternative checkbox by lgw · · Score: 1

      Read this yesterday and just now got the joke. So, LOL. Never change your sig - that show was awesome.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  13. Useless by corychristison · · Score: 1

    reCAPTCHA is useless.

    There are other very reliable ways of catching automated bots. They are stupid, and make many mistakes that are easy enough to catch even without Javascript.

    The real issue is firms hiring people for less than a buck an hour to spam crap. It's impossible to stop without impeding real users... so where do you draw the line?

    As it is reCAPTCHA gets in the way more than it should. You're probably better off without it.

    1. Re:Useless by Gavagai80 · · Score: 1

      Common spambots that submit contact forms are easy to catch. Advanced registration bots targeting major websites, not so easy.

      The amount of paid human spam is minuscule compared to the automated kind, so it's much easier to handle manually.

      --
      This space intentionally left blank
    2. Re:Useless by arth1 · · Score: 1

      Yes you can. Simply turn away from the site that gives you the recaptcha.

      That's not always so easy. I had to go through a Google captcha in order to request an RMA from a company.

    3. Re:Useless by corychristison · · Score: 1

      Having been in web development for over 15 years, I can tell you there are some very reliable ways to catch any kind of form submission SPAM.

      As stated, there is a point where the bots are not possible to catch, as they emulate exactly how people do it (or they are paid spammers).

      You come to a point of diminishing returns, and start to irritate real users.

      CAPTCHA's are a bandaid solution for lazy developers.

  14. Re:reCAPTCHA sucks by molarmass192 · · Score: 2

    I'm pretty sure you meant Hertzfeld, not Herzog in that SJ citation.

    --

    Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
  15. don't expect details to pop up any time soon by gravewax · · Score: 1

    "don't expect details to pop up any time soon", LOL anyone else smell the bullshit here. basically with a few days of this being available you will see published tear downs of it and proposals to work around it.

  16. The inverse Turing Test by goombah99 · · Score: 5, Insightful

    So now we have an AI trying to decide who is the human, the inverse of the turing test. What it comes down to then is it easier to create an AI that can pass the Turing test or the inverse turing test. If it's easier for a bot to fool a bot then this AI strategy will meet it's match in another AI. On the other hand if it's easier to do the inverse turing test then this new strategy will work. I'm not really sure if it's obvious which test is harder.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re: The inverse Turing Test by Anonymous Coward · · Score: 1

      Yeah its great. A non transparent way to make life to make life more difficult. What could possibly go wrong ?

    2. Re:The inverse Turing Test by modrzej · · Score: 1

      Probably that's how it's done by Google. You just described the training stage of generative adversarial networks.

    3. Re:The inverse Turing Test by dj245 · · Score: 1

      So now we have an AI trying to decide who is the human, the inverse of the turing test. What it comes down to then is it easier to create an AI that can pass the Turing test or the inverse turing test. If it's easier for a bot to fool a bot then this AI strategy will meet it's match in another AI. On the other hand if it's easier to do the inverse turing test then this new strategy will work. I'm not really sure if it's obvious which test is harder.

      Depends on how invasive you allow the inverse turing test to be. USB blood analyzers already exist, DNA analyzers that fit in your pocket may be built in my lifetime. (Obligatory Skynet reference.)

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  17. Wikileaks told us how. by Anonymous Coward · · Score: 1

    New captcha uses you computer, phone, tablet, or TV's microphone to listen for your breathing to see if you are human :-).

    1. Re:Wikileaks told us how. by Anonymous Coward · · Score: 1

      You say in jest, but I give it five years.

  18. Re:BS: I blow all that Joogle crap away! by fisted · · Score: 1

    Fuck you and your ads.

    --
    CLI paste? paste.pr0.tips!
  19. If it was just google it wouldn't be a problem by Geeky · · Score: 1

    Flagging you as a robot incorrectly would be less of an issue if it was just Google doing it.

    Unfortunately, lots of other websites use the API. There are plenty of Wordpress plugins that add Google's recaptcha to comment forms and I've seen it elsewhere.

    It could become a de-facto standard and at that point the issues - in particular for accessibility - become critical. If it's more likely to pop up if you're disabled and using things like screen readers then it's discriminatory.

    If nothing else, it'll be something new to keep the EU busy with Google...

    --
    Sigs are so 1990s. No way would I be seen dead with one.
  20. Make sure your proxies aren't open, firewall by raymorris · · Score: 1

    > I wonder whether being behind load balanced proxy servers might have anything to do with it.
    Anyone else having similar problems?

    Yes, proxies correlate well to bots. Not all attempts from proxies are bots, but most attempts from bots come through proxies. Open proxies especially. Open proxies are bad anyway, so make sure your proxies aren't open. If possible, use a firewall to limit access to your proxies by IP address.

  21. Re:I am the walrus by Anonymous Coward · · Score: 1

    Don't you mean "goo goo ga joob"?

  22. Windows Embedded POSReady by tepples · · Score: 1

    Windows is also a POS.

    1. Re:Windows Embedded POSReady by Spazmania · · Score: 1

      Hah hah. The "it" referred to Recaptcha not Linux.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  23. When a government requires solving reCAPTCHA by tepples · · Score: 1

    Whatever happened to you happened because the owner of the site chose to use ReCaptcha as a tool to prevent bots. You have no right to insist that a particular website cater a particular user experience to you -- if you don't like it, you can go elsewhere.

    What you said applies when a private sector business in a competitive market requires solving a reCAPTCHA challenge or running other proprietary scripts as a condition of accessing a luxury. I don't find it so defensible when a private sector monopolist or even a government requires doing so as a condition of accessing a necessity, as the United States Copyright Office required last year.

  24. Can't easily boycott your government by tepples · · Score: 1

    We can just boycott pages that require connections to Google in order to work properly.

    Until your national government requires connection to Google in order to exercise the rights of a citizen, such as submitting comments on proposed regulations. It has happened recently; see the Free Software Foundation's 2016 letter to U.S. Copyright Office.

  25. Re:/.ers disagree Fisted... apk by fisted · · Score: 1

    Doesn't matter that the mentioned people allegedly fell for your ads. It doesn't stop the irony of you advertising in a more obnoxious way than the ads your crapware is alledgedly getting rid of. You are a special sort of retarded to not realize that.

    --
    CLI paste? paste.pr0.tips!
  26. Re:Fisted? STFU fake name "ne'er-do-well" by fisted · · Score: 1

    I generally don't care about what advertisers think or say about me, so you might as well save yourself the trouble -- I'm not even reading your ads.

    --
    CLI paste? paste.pr0.tips!
  27. Re:BS FIsted - why else reply? You care by fisted · · Score: 1

    I'm no advertiser

    Then what are your posts on /., if not ads? Maybe you need a little reality check?

    --
    CLI paste? paste.pr0.tips!