Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Launches reCAPTCHA v3 That Detects Bad Traffic Without User Interaction (zdnet.com)

Posted by msmash on from the marching-forward dept.

Google has pushed an update to its reCAPTCHA technology that the company has been offering since 2007 to fight off bots on the world wide web. From a report: reCAPTCHA v3, as the new version has been branded, is a complete overhaul of the reCAPTCHA technology that we know and... most of the time hate. The good news is that the new system does not require any user interaction anymore. Gone are the days of reCAPTCHA v1 when everyone was trying to decipher in garbled text, and gone are the days of v2 when everyone was getting annoyed at clicking on endless image streams of "store fronts," "roads," and "cars" for up to 2-3 minutes. Instead, reCAPTCHA v3 will use a secret new Google proprietary technology to learn a website's normal traffic and user behavior. Google says that by observing how regular users interact with the website and its sections, it would be able to detect abnormalities and detect bots or undesirable actions.

14 of 108 comments (clear)

  1. Translation:We'll just spy on you to figure it out by Anonymous Coward · · Score: 5, Insightful

    Please see Comment Subject

  2. Sounds good to me by SuperKendall · · Score: 3, Insightful

    Whatever they are doing is fine with me, those image based Capthas are an absolute nightmare, trying to see if one pixel in an image is a sign or a car or whatever.

    I think one time I cycled through picking objects something like 15 times! Absurd.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Sounds good to me by PhrostyMcByte · · Score: 2

      Yea, I had one of those 15+ cycle ones just last week. Where it starts slowing down the loading of images because it thinks you're cheating.

      "Click any boxes with stop lights"

      So... only the lights? The whole light box? Does the pole they're mounted on count? What about just a 1-2px sliver of one of those parts in an adjacent box?

      Yea... whatever they were expecting, it wasn't meshing with my interpretation. Can't be more excited to never see another one of Google's failed turing tests.

    2. Re:Sounds good to me by schweini · · Score: 3, Funny

      > I think one time I cycled through picking objects something like 15 times! Absurd.

      have you considered the possibility that you are a bot?

  3. But I have do not track enabled.. by Fly+Swatter · · Score: 2

    This can't possibly work for me. /s

  4. Does that mean I get to.... by mark-t · · Score: 2
    .... not have to click "I'm not a robot" whenever I'm trying to research something and the results of a query that didn't return any promising links, suggesting that I need to tweak the query a little to get more refined results?

    I find that about one of every 3 or 4 times that I click "Search" on Google after I've already scanned the first page of results it gives me without finding any promising leads, I will get a prompt like that which I have to click in order to proceed.

    It's damn annoying to be perfectly honest.

    --
    File under 'M' for 'Manic ranting'
    1. Re:Does that mean I get to.... by troff · · Score: 2

      Logged in for the first time in years in order to say something very much like this. I also tried to tweak query to disable geo-refining of solutions, force including all of my search terms in my results and so on, wrap the whole thing up in a Firefox-bookmark macro. And if I use it too frequently, the bloody stupid captcha comes up. I noticed the bit about "a bot or behaviour the website owner doesn't like". Well, I don't like the stupefying nature of their dumbed down searches that will drop search terms just so it gets extra hits. But I do like the fact DuckDuckGo is around for when Google is pissing me off.

  5. The logical conclusion is coming soon by Etcetera · · Score: 5, Interesting

    There's really no way around it... Eventually Chrome will take authentication into the browser, which of course is integration into the Google Service in the back end, and just use that to bypass.

    If you're not signed into Chrome (thus signed into Google), you'll get captchas of varying degrees of annoyance until/unless Google no longer needs people to categorize visuals for its AI training, at which point Google will just make a login mandatory under the guise of identity assurance.

    --
    Hire a Linux system administrator, systems engineer,
  6. Source code for reCAPTCHA v3 has been leaked: by Anonymous Coward · · Score: 3, Funny

    function is_bot($IP_address, $unique_identity)
    {
            if (is_any_kind_of_privacy_such_as_Tor_exit_node_or_paid_VPN($IP_address))
                    return true;

            if (is_person_disliked_by_us($unique_identity))
                    return true;

            return false;
    }

  7. Will it work with VPNs and TOR? by Rick+Schumann · · Score: 3, Interesting

    How much you want to bet you'll be locked out completely with no recourse?

  8. Re:Secret? by wbr1 · · Score: 3, Interesting

    The javascript can read information like mouse movement and other user info and behavior, shipping that off to a google server farm for processing. The actual algo that decides human/not human does not have to reside in the browser side code.

    --
    Silence is a state of mime.
  9. Don't block google trackers... by QuietLagoon · · Score: 3, Interesting

    ... otherwise it appears that google blocks you from continuing. google must assume that all humans will allow google trackers on to their computers and bots won't.

  10. You do the work for us to spy on you by ljw1004 · · Score: 2

    If I understand right, the deal is that website developers now do the heavy lifting work of informing Google about every user and user action on their site, in meaningful profile-building ways, and in return Google will help them recognize bots.

    Its similar to the deal they made with Google Analytics (inform Google of page visits and in return get traffic analysis) except the new captcha bargain will extract more visitor-profiling than was ever needed before.

  11. Sounds horrible to me by Anonymous Coward · · Score: 3, Interesting

    They're data mining your session with the website to see if you're acting like that site's average user. If not, you're blocked. Meaning you'll be required to enable Google's tracking scripts on every website which uses this. Blocking those scripts mean no web content for you.

    If you do something different, like open 10 tabs of the next ten articles you want to read... BLOCKED. Assuming most users read articles one at a time.

    Basically this is the same tech anti-virus software uses to dynamically categorize running software when trying to figure out if it's a threat or not. Those features don't work too well, so expect this new system to not work as well either.

    And for my final point, CAPTCHAs only block initial access to a site. This new system continually monitors your interaction with the site. Previously you could login and then archive a bunch of content. Now you'll be banned if you try to download all your topics/favs. I'd bet money someone with a disability is going to sue Google over this is as it'll probably block everyone using screen readers and other accessibility features. No keyboard-only browsers either. If you prefer addons and shortcuts to jump to the links you want, too bad. Either you use your mouse properly and look at the ads for the average amount of time, or Google will block you. Afterall, the average user isn't blocking ads, so if your mouse rolls over a pre-ad element then hits a post-ad element without entering the ad in between them then obviously you just engaged in an undesirable action. Banned.

    This is a horrible service for the end-user. It'll get even worse in a couple years when they add in eye tracking as well.