Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google The Internet

Google Launches reCAPTCHA v3 That Detects Bad Traffic Without User Interaction (zdnet.com) 108

Google has pushed an update to its reCAPTCHA technology that the company has been offering since 2007 to fight off bots on the world wide web. From a report: reCAPTCHA v3, as the new version has been branded, is a complete overhaul of the reCAPTCHA technology that we know and... most of the time hate. The good news is that the new system does not require any user interaction anymore. Gone are the days of reCAPTCHA v1 when everyone was trying to decipher in garbled text, and gone are the days of v2 when everyone was getting annoyed at clicking on endless image streams of "store fronts," "roads," and "cars" for up to 2-3 minutes. Instead, reCAPTCHA v3 will use a secret new Google proprietary technology to learn a website's normal traffic and user behavior. Google says that by observing how regular users interact with the website and its sections, it would be able to detect abnormalities and detect bots or undesirable actions.
This discussion has been archived. No new comments can be posted.

Google Launches reCAPTCHA v3 That Detects Bad Traffic Without User Interaction

Comments Filter:
  • by Anonymous Coward on Tuesday October 30, 2018 @03:03PM (#57563873)

    Please see Comment Subject

  • Sounds good to me (Score:4, Insightful)

    by SuperKendall ( 25149 ) on Tuesday October 30, 2018 @03:05PM (#57563895)

    Whatever they are doing is fine with me, those image based Capthas are an absolute nightmare, trying to see if one pixel in an image is a sign or a car or whatever.

    I think one time I cycled through picking objects something like 15 times! Absurd.

    • by Anonymous Coward

      You know you were training their machine vision initiative to help Google maps learn street sign and where stores are, right?

      • Which is why I just click shit randomly until it gives up and lets me in. The system determines if you're right or wrong only for a small set of the presented images, and for the others it uses your choice to feed The Beast. You only have to get the known images correct.

        • You're actually training Google to know what a crosswalk, stop sign, and cyclist look like. Just remember that when you get run over by a self driving car.

          • LOL - Mod this guy up.

            Just remember that when you get run over by a self driving car

            Someone clicked on the wrong capTCHA, fuck, from now on I am going to go a couple rounds just because I will be fucking with google's algorithms.

    • by Anonymous Coward

      They're data mining your session with the website to see if you're acting like that site's average user. If not, you're blocked. Meaning you'll be required to enable Google's tracking scripts on every website which uses this. Blocking those scripts mean no web content for you.

      If you do something different, like open 10 tabs of the next ten articles you want to read... BLOCKED. Assuming most users read articles one at a time.

      Basically this is the same tech anti-virus software uses to dynamically categori

      • Meaning you'll be required to enable Google's tracking scripts on every website which uses this.

        If that turns out true, websites worth caring about will use something different.

        I'm not worried though, because they're committed to making it accessible to the AA standard, and if you read that standard it means there is no way to keep me from browsing the way I want. That's what the world has come to; wanting to control what is on your own screen is a disability, but they have to accommodate it.

    • Yea, I had one of those 15+ cycle ones just last week. Where it starts slowing down the loading of images because it thinks you're cheating.

      "Click any boxes with stop lights"

      So... only the lights? The whole light box? Does the pole they're mounted on count? What about just a 1-2px sliver of one of those parts in an adjacent box?

      Yea... whatever they were expecting, it wasn't meshing with my interpretation. Can't be more excited to never see another one of Google's failed turing tests.

      • What I usually do is convince myself I don't really need to go to that link. Works every time.
        • by Cederic ( 9623 )

          I go further, and write to the site to let them know they've successfully blocked me.

          Unless they only offer a contact form and hide it behind recaptcha..

    • by schweini ( 607711 ) on Tuesday October 30, 2018 @07:06PM (#57565259)
      > I think one time I cycled through picking objects something like 15 times! Absurd.

      have you considered the possibility that you are a bot?
      • have you considered the possibility that you are a bot?

        You know that did occur to me, but an attempted sip of motor oil cleared the matter right up.

        I guess the feeling that you shouldn't have made it past the capture check is the ultimate form of imposter syndrome!

      • by AmiMoJo ( 196126 )

        It happens if you care about your privacy, e.g. use a VPN/Tor or use browser add-ons and security settings.

        Even using it via remote desktop or in a VM seems to screw it up.

        From what I can tell it tries to detect if you are human by looking at things like mouse movement and how fast the pointer update rate is (if it's fake or done via software KVM or something it's not as smooth?) and various other browser metrics. If you break any of them it makes you solve more of its little games, and 15 times is not unus

      • Blade Runner would be a very different movie if reCAPTCHA was used as the test.

    • Another problem seems to be cultural. In the UK, Traffic signs means ones giving instructions to drivers. Street signs means labels with the name of streets on. I suspect the reverse may be true in America.

      There are many other issues, but low resolution of both the original and the screen is definitely a problem. I often give up.

      OTOH, bots are pretty persistent.

    • I think one time I cycled through picking objects something like 15 times! Absurd.

      If you're cycling through repeats it is often because you have been identified as a high risk connection. I can hit the same website directly and get through with a single question: Tick the crosswalks, and then go again with a VPN and sit there clicking on pictures for minutes before it believes me that I am in fact a human.

  • by Fly Swatter ( 30498 ) on Tuesday October 30, 2018 @03:06PM (#57563905) Homepage
    This can't possibly work for me. /s
  • by mark-t ( 151149 ) <marktNO@SPAMnerdflat.com> on Tuesday October 30, 2018 @03:13PM (#57563943) Journal
    .... not have to click "I'm not a robot" whenever I'm trying to research something and the results of a query that didn't return any promising links, suggesting that I need to tweak the query a little to get more refined results?

    I find that about one of every 3 or 4 times that I click "Search" on Google after I've already scanned the first page of results it gives me without finding any promising leads, I will get a prompt like that which I have to click in order to proceed.

    It's damn annoying to be perfectly honest.

    • by troff ( 529250 )

      Logged in for the first time in years in order to say something very much like this. I also tried to tweak query to disable geo-refining of solutions, force including all of my search terms in my results and so on, wrap the whole thing up in a Firefox-bookmark macro. And if I use it too frequently, the bloody stupid captcha comes up. I noticed the bit about "a bot or behaviour the website owner doesn't like". Well, I don't like the stupefying nature of their dumbed down searches that will drop search terms

      • by Anonymous Coward

        Logged in for the first time in years

        Slashdot's awesome AI detected that, the fortune at the bottom says: "Do not meddle in the affairs of troff, for it is subtle and quick to anger."

        Captcha: amazedly

    • I find that about one of every 3 or 4 times that I click "Search" on Google after I've already scanned the first page of results it gives me without finding any of the search terms I entered.

      I am seriously thinking of writing my own search engine. We are almost back to when the answer to all queries was "Barnes and Noble" and "Alamo Car Rental".

  • How long will it take before most sites have it instead of previous versions?

    • by Anonymous Coward
      Years. If you read the story, this one requires even more coding, especially if you want custom actions for bot detections. People are so lazy they don't bother pressing the update button in their CMS, do you think they'll spend hundreds of dollars on devs implementing the new v3 "action tags?"
  • by Etcetera ( 14711 ) on Tuesday October 30, 2018 @03:18PM (#57563979) Homepage

    There's really no way around it... Eventually Chrome will take authentication into the browser, which of course is integration into the Google Service in the back end, and just use that to bypass.

    If you're not signed into Chrome (thus signed into Google), you'll get captchas of varying degrees of annoyance until/unless Google no longer needs people to categorize visuals for its AI training, at which point Google will just make a login mandatory under the guise of identity assurance.

  • by Anonymous Coward on Tuesday October 30, 2018 @03:18PM (#57563983)

    function is_bot($IP_address, $unique_identity)
    {
            if (is_any_kind_of_privacy_such_as_Tor_exit_node_or_paid_VPN($IP_address))
                    return true;

            if (is_person_disliked_by_us($unique_identity))
                    return true;

            return false;
    }

  • by Rick Schumann ( 4662797 ) on Tuesday October 30, 2018 @03:21PM (#57564005) Journal
    How much you want to bet you'll be locked out completely with no recourse?
    • by Anonymous Coward

      How much you want to bet you'll be locked out completely with no recourse?

      Already are on some providers. Cloudflare used to be sooooo much worse too.

      As someone who uses lynx, fuck capatchas. Try downloading drivers from NVIDIA while your system is sitting a console only to be greeted by this crap. Arguably it was incapsula (another proivder), but the point stands.

      What are they going to do next, offer their own "optimised" versions of core js libs used all over the friggin place but ONLY if you use theirs? I'm not a social experiment and I'm not a bot. Stop treating me lik

    • I'll take your bet. You won't be. Google's reCAPTCHA has never locked out anyone and has always offered fallback methods including to those people physically incapable of answering the reCAPTCHA. Additionally their customers would not allow false positives to drive down traffic.

      Now pay up. I can declare my success already because your tin-foil-hat scenario makes no sense, not from the end user perspective, not from Google's and not from Google's customers.

      • Fuck off, asshole. You have no idea what you're talking about.
        • Thankyou for your detailed and technical comeback. It's always interesting having a discussion with people. Some people fight their stupid opinions, some people admit they were wrong, and then there's those who revert to their 5 year old self. What a pleasant child you must have been.

          • Then there's trolls like you who love nothing better than to draw people into 'discussions' that you do your best to run around in circles, interspersed with your 'internet tough guy' routine, ("demanding payment on bets", and so on). So I do an end-run around all that and tell you to eat a bag of dicks instead.

            ..or, here, I'll treat you like the 4chan-esque troll you're starting to sound like:

            What the fuck did you just fucking say about me, you little bitch? I'll have you know I graduated top of my class in the Navy Seals, and I've been involved in numerous secret raids on Al-Quaeda, and I have over 300 confirmed kills. I am trained in gorilla warfare and I'm the top sniper in the entire US armed forces. You are nothing to me but just another target. I will wipe you the fuck out with precision the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit to me over the Internet? Think again, fucker. As we speak I am contacting my secret network of spies across the USA and your IP is being traced right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your life. You're fucking dead, kid. I can be anywhere, anytime, and I can kill you in over seven hundred ways, and that's just with my bare hands. Not only am I extensively trained in unarmed combat, but I have access to the entire arsenal of the United States Marine Corps and I will use it to its full extent to wipe your miserable ass off the face of the continent, you little shit. If only you could have known what unholy retribution your little "clever" comment was about to bring down upon you, maybe you would have held your fucking tongue. But you couldn't, you didn't, and now you're paying the price, you goddamn idiot. I will shit fury all over you and you will drown in it. You're fucking dead, kiddo.

            ..there. That's better than you probably deserve.

            • Then there's trolls like you

              Yep. Still with the name calling and zero technical comeback.

              interspersed with your 'internet tough guy' routine

              Oh I'm not a toughguy. I'm an internet thick skinned who simply laughs at people who jump in and namecall whenever someone calls out their stupid arguements.

              I'll treat you like the 4chan-esque

              Why am I not surprised that you're have stored reading material from 4chan. Also TL;DR. Keep to your one-liner insults, they get the point across better.

      • I'm not so sure of that. I've sat there for literally several minutes of clicking through ever-so-goddamn-slow-loading pictures of buses or stop signs or whatever before giving up. Maybe it would eventually let me in, or maybe it's really an endless loop. But most people aren't going to have the patience to sit through several minutes of captcha bullshit, with no indication that it's ever going actually going to let you through.

        • I have experienced that once too, only to reload the page and get an error message and then come back later in the afternoon to be let in without issue.
          reCAPTCHA also varies the difficulty with risk so it takes longer to get to somewhere through a VPN for instance. Part of that is precisely the problem Google is trying to solve: better identify bots so that people *don't* get stuck in these situations. This has always been the case as well, even back in the "what are these two words" days. Access a site dir

  • reCAPTCHA v3 will use a secret new Google proprietary technology

    OK. So if this is cross-browser I would have to assume this involves or fully relies on in-browser Javascript. In which case calling it "secret" is silly.

    If it relies on servers (thus keeping the "secret") run by Google then why bother with it all? Why not just use OAUTH/OAUTH2 authentication against existing Google+ logins and then no need for a 'bot test?

    • Re:Secret? (Score:4, Interesting)

      by wbr1 ( 2538558 ) on Tuesday October 30, 2018 @03:30PM (#57564063)
      The javascript can read information like mouse movement and other user info and behavior, shipping that off to a google server farm for processing. The actual algo that decides human/not human does not have to reside in the browser side code.
  • I could not always prove that I was a human, that just makes my blood boil, and there is no where to complain!
  • by QuietLagoon ( 813062 ) on Tuesday October 30, 2018 @03:39PM (#57564123)
    ... otherwise it appears that google blocks you from continuing. google must assume that all humans will allow google trackers on to their computers and bots won't.
  • Are you kidding me? I fucking prey that I get the store front one rather than enter street sign hell for 5 minutes.
    ReCap v2 is one of the worst things to ever happen to the internet and I prey to the god of the Internets that the creator dies or horrible death.

    • Let me fix that for you
      Prey is an animal hunted for food.
      Pray is a song by Sam Smith (whoever the fuck he is)
      • That's what he said. He fucked his prey in a storefront because there were too many signs out on the street. And he hates God, because reCAPTCHA v2.

        Gets yous some English!

  • What if the user is not "normal"?
    • What if the user is not "normal"?

      Then you get what happened to me today. I was wondering what was going on. I thought the problem was on my end. Multiple Capchas for simple Google web search? What a pain in the ass.

      I won't be using Google anymore, that's for damn sure.

      • What's interesting is I reboot the machine and it's still happening. Seems to be tied to my IP address, which was assigned from a pool by Comcast. I can easily get a new IP address assigned but whoever gets this one next is going to wonder wtf is going on, lol.

  • by ljw1004 ( 764174 ) on Tuesday October 30, 2018 @04:06PM (#57564285)

    If I understand right, the deal is that website developers now do the heavy lifting work of informing Google about every user and user action on their site, in meaningful profile-building ways, and in return Google will help them recognize bots.

    Its similar to the deal they made with Google Analytics (inform Google of page visits and in return get traffic analysis) except the new captcha bargain will extract more visitor-profiling than was ever needed before.

  • I never know whether an image grid section that has one tiny edge/corner of the street sign or store front in it counts as a "street sign" or a "store front." I've tried it both ways, and I get it wrong every time. The textual CAPTCHAs were no better: as robots got better at solving them, the squiggly figures got more and more obscure, until AI was required to solve them.

    Is reCAPTCH's new technique a spy system? I don't goddamn care. I just want user solving of CAPCHAs gone, using whatever technique they wi

  • > observing how regular users interact

    Last time I checked, I don't think I qualified to be a "regular" user.

    If this is done wrong, it's going to be a nightmare for me. And a lot of other users who are not "regular" because they are simply handicapped, as opposed to being outliers in the geeky/techno direction.

  • Frequently when I do an "advanced" search, which includes the use of double quotes, or the site:blah.com limiter, or the numeric range operator 1..100, I get the message that they have detected suspicious activity from my IP address and they want to verify that I am human.

Brain off-line, please wait.

Working...