Google Launches reCAPTCHA v3 That Detects Bad Traffic Without User Interaction (zdnet.com) 108
Google has pushed an update to its reCAPTCHA technology that the company has been offering since 2007 to fight off bots on the world wide web. From a report: reCAPTCHA v3, as the new version has been branded, is a complete overhaul of the reCAPTCHA technology that we know and... most of the time hate. The good news is that the new system does not require any user interaction anymore. Gone are the days of reCAPTCHA v1 when everyone was trying to decipher in garbled text, and gone are the days of v2 when everyone was getting annoyed at clicking on endless image streams of "store fronts," "roads," and "cars" for up to 2-3 minutes. Instead, reCAPTCHA v3 will use a secret new Google proprietary technology to learn a website's normal traffic and user behavior. Google says that by observing how regular users interact with the website and its sections, it would be able to detect abnormalities and detect bots or undesirable actions.
Translation:We'll just spy on you to figure it out (Score:5, Insightful)
Please see Comment Subject
Re: Translation:We'll just spy on you to figure it (Score:2)
captcha v3: spy and censorship
Re: (Score:2)
Even the current one does. If you take steps to protect your privacy, such as using a VPN or disabling Javascript or blocking access to canvas etc. it breaks and you have to solve it about 900 times to get past.
Sounds good to me (Score:4, Insightful)
Whatever they are doing is fine with me, those image based Capthas are an absolute nightmare, trying to see if one pixel in an image is a sign or a car or whatever.
I think one time I cycled through picking objects something like 15 times! Absurd.
Re: Sounds good to me (Score:1)
You know you were training their machine vision initiative to help Google maps learn street sign and where stores are, right?
Re: (Score:2)
Which is why I just click shit randomly until it gives up and lets me in. The system determines if you're right or wrong only for a small set of the presented images, and for the others it uses your choice to feed The Beast. You only have to get the known images correct.
Re: (Score:2)
You click randomly until you're in. The known ones simply stick around longer, on average. You don't need to know which ones they are unless you want to get in faster. It would make sense that the clear and obvious pictures of signs, cars, or store fronts are the known images, and the obscured, cropped, etc. images are the unknown ones. But I don't know how they choose what to present to you.
Re: (Score:2)
You're actually training Google to know what a crosswalk, stop sign, and cyclist look like. Just remember that when you get run over by a self driving car.
Re: (Score:2)
Someone clicked on the wrong capTCHA, fuck, from now on I am going to go a couple rounds just because I will be fucking with google's algorithms.
Sounds horrible to me (Score:3, Interesting)
They're data mining your session with the website to see if you're acting like that site's average user. If not, you're blocked. Meaning you'll be required to enable Google's tracking scripts on every website which uses this. Blocking those scripts mean no web content for you.
If you do something different, like open 10 tabs of the next ten articles you want to read... BLOCKED. Assuming most users read articles one at a time.
Basically this is the same tech anti-virus software uses to dynamically categori
Re: (Score:2)
Meaning you'll be required to enable Google's tracking scripts on every website which uses this.
If that turns out true, websites worth caring about will use something different.
I'm not worried though, because they're committed to making it accessible to the AA standard, and if you read that standard it means there is no way to keep me from browsing the way I want. That's what the world has come to; wanting to control what is on your own screen is a disability, but they have to accommodate it.
Re: (Score:3)
Yea, I had one of those 15+ cycle ones just last week. Where it starts slowing down the loading of images because it thinks you're cheating.
"Click any boxes with stop lights"
So... only the lights? The whole light box? Does the pole they're mounted on count? What about just a 1-2px sliver of one of those parts in an adjacent box?
Yea... whatever they were expecting, it wasn't meshing with my interpretation. Can't be more excited to never see another one of Google's failed turing tests.
Re: (Score:2)
Re: (Score:2)
I go further, and write to the site to let them know they've successfully blocked me.
Unless they only offer a contact form and hide it behind recaptcha..
Re: (Score:2)
These days shouting at them on twitter might be more effective.
Re: (Score:2)
Does anyone even test things on slow networks?
If they want it to work in the US, they have to.
Re:Sounds good to me (Score:4, Funny)
have you considered the possibility that you are a bot?
Re: (Score:2)
have you considered the possibility that you are a bot?
You know that did occur to me, but an attempted sip of motor oil cleared the matter right up.
I guess the feeling that you shouldn't have made it past the capture check is the ultimate form of imposter syndrome!
Re: (Score:2)
It happens if you care about your privacy, e.g. use a VPN/Tor or use browser add-ons and security settings.
Even using it via remote desktop or in a VM seems to screw it up.
From what I can tell it tries to detect if you are human by looking at things like mouse movement and how fast the pointer update rate is (if it's fake or done via software KVM or something it's not as smooth?) and various other browser metrics. If you break any of them it makes you solve more of its little games, and 15 times is not unus
Re: (Score:2)
Blade Runner would be a very different movie if reCAPTCHA was used as the test.
Re: (Score:2)
There are many other issues, but low resolution of both the original and the screen is definitely a problem. I often give up.
OTOH, bots are pretty persistent.
Re: (Score:2)
I think one time I cycled through picking objects something like 15 times! Absurd.
If you're cycling through repeats it is often because you have been identified as a high risk connection. I can hit the same website directly and get through with a single question: Tick the crosswalks, and then go again with a VPN and sit there clicking on pictures for minutes before it believes me that I am in fact a human.
About time! (Score:1)
JFC where were you? You were gone the WHOLE DAY, on one of the busiest posting days of the year! Come on man, you KNEW it was an Apple Event day, what did you think would happen?
Were you drunk with your mom again or what?
Christ you can't even find reliable trolls these days. And while we are at it, what is up with vaguely non-committal threats. I've felt more threatened by unexpected updates to cereal boxes. Step up your game buddy or I'm getting a new troll who actually shows up when it matters and ca
But I have do not track enabled.. (Score:3)
Does that mean I get to.... (Score:3)
I find that about one of every 3 or 4 times that I click "Search" on Google after I've already scanned the first page of results it gives me without finding any promising leads, I will get a prompt like that which I have to click in order to proceed.
It's damn annoying to be perfectly honest.
Re: (Score:2)
Yeah, I use Bing and I've never seen such a thing. That sounds ridiculous.
Re: (Score:2)
Re: Does that mean I get to.... (Score:1)
Are you sure you're not a robot?
Re: (Score:2)
Are you sure you're not a robot?
I think you may be on to something...
go go away for a while
I'll get you next time, Inspector mark-t!
Re: (Score:2)
This is more something you see if you're using a VPN or Tor, because there are a lot more queries coming from one IP than just your own computer.
Re: (Score:3)
Logged in for the first time in years in order to say something very much like this. I also tried to tweak query to disable geo-refining of solutions, force including all of my search terms in my results and so on, wrap the whole thing up in a Firefox-bookmark macro. And if I use it too frequently, the bloody stupid captcha comes up. I noticed the bit about "a bot or behaviour the website owner doesn't like". Well, I don't like the stupefying nature of their dumbed down searches that will drop search terms
Re: (Score:1)
Logged in for the first time in years
Slashdot's awesome AI detected that, the fortune at the bottom says: "Do not meddle in the affairs of troff, for it is subtle and quick to anger."
Captcha: amazedly
Re: (Score:2)
I am seriously thinking of writing my own search engine. We are almost back to when the answer to all queries was "Barnes and Noble" and "Alamo Car Rental".
Re: (Score:2)
Some days I find myself pining for altavista.
How Long Will It Take to Roll Out? (Score:1)
How long will it take before most sites have it instead of previous versions?
Re: (Score:1)
The logical conclusion is coming soon (Score:5, Interesting)
There's really no way around it... Eventually Chrome will take authentication into the browser, which of course is integration into the Google Service in the back end, and just use that to bypass.
If you're not signed into Chrome (thus signed into Google), you'll get captchas of varying degrees of annoyance until/unless Google no longer needs people to categorize visuals for its AI training, at which point Google will just make a login mandatory under the guise of identity assurance.
Source code for reCAPTCHA v3 has been leaked: (Score:3, Funny)
function is_bot($IP_address, $unique_identity)
{
if (is_any_kind_of_privacy_such_as_Tor_exit_node_or_paid_VPN($IP_address))
return true;
if (is_person_disliked_by_us($unique_identity))
return true;
return false;
}
Re: (Score:2)
Congratulations, you've successfully lowered the code quality of that snippet.
Will it work with VPNs and TOR? (Score:4, Interesting)
Re: (Score:1)
How much you want to bet you'll be locked out completely with no recourse?
Already are on some providers. Cloudflare used to be sooooo much worse too.
As someone who uses lynx, fuck capatchas. Try downloading drivers from NVIDIA while your system is sitting a console only to be greeted by this crap. Arguably it was incapsula (another proivder), but the point stands.
What are they going to do next, offer their own "optimised" versions of core js libs used all over the friggin place but ONLY if you use theirs? I'm not a social experiment and I'm not a bot. Stop treating me lik
Re: (Score:1)
I'll take your bet. You won't be. Google's reCAPTCHA has never locked out anyone and has always offered fallback methods including to those people physically incapable of answering the reCAPTCHA. Additionally their customers would not allow false positives to drive down traffic.
Now pay up. I can declare my success already because your tin-foil-hat scenario makes no sense, not from the end user perspective, not from Google's and not from Google's customers.
Re: (Score:2)
Re: (Score:2)
Thankyou for your detailed and technical comeback. It's always interesting having a discussion with people. Some people fight their stupid opinions, some people admit they were wrong, and then there's those who revert to their 5 year old self. What a pleasant child you must have been.
Re: (Score:2)
What the fuck did you just fucking say about me, you little bitch? I'll have you know I graduated top of my class in the Navy Seals, and I've been involved in numerous secret raids on Al-Quaeda, and I have over 300 confirmed kills. I am trained in gorilla warfare and I'm the top sniper in the entire US armed forces. You are nothing to me but just another target. I will wipe you the fuck out with precision the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit to me over the Internet? Think again, fucker. As we speak I am contacting my secret network of spies across the USA and your IP is being traced right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your life. You're fucking dead, kid. I can be anywhere, anytime, and I can kill you in over seven hundred ways, and that's just with my bare hands. Not only am I extensively trained in unarmed combat, but I have access to the entire arsenal of the United States Marine Corps and I will use it to its full extent to wipe your miserable ass off the face of the continent, you little shit. If only you could have known what unholy retribution your little "clever" comment was about to bring down upon you, maybe you would have held your fucking tongue. But you couldn't, you didn't, and now you're paying the price, you goddamn idiot. I will shit fury all over you and you will drown in it. You're fucking dead, kiddo.
..there. That's better than you probably deserve.
Re: (Score:2)
Then there's trolls like you
Yep. Still with the name calling and zero technical comeback.
interspersed with your 'internet tough guy' routine
Oh I'm not a toughguy. I'm an internet thick skinned who simply laughs at people who jump in and namecall whenever someone calls out their stupid arguements.
I'll treat you like the 4chan-esque
Why am I not surprised that you're have stored reading material from 4chan. Also TL;DR. Keep to your one-liner insults, they get the point across better.
Re: (Score:2)
I'm not so sure of that. I've sat there for literally several minutes of clicking through ever-so-goddamn-slow-loading pictures of buses or stop signs or whatever before giving up. Maybe it would eventually let me in, or maybe it's really an endless loop. But most people aren't going to have the patience to sit through several minutes of captcha bullshit, with no indication that it's ever going actually going to let you through.
Re: (Score:2)
I have experienced that once too, only to reload the page and get an error message and then come back later in the afternoon to be let in without issue.
reCAPTCHA also varies the difficulty with risk so it takes longer to get to somewhere through a VPN for instance. Part of that is precisely the problem Google is trying to solve: better identify bots so that people *don't* get stuck in these situations. This has always been the case as well, even back in the "what are these two words" days. Access a site dir
Secret? (Score:2)
reCAPTCHA v3 will use a secret new Google proprietary technology
OK. So if this is cross-browser I would have to assume this involves or fully relies on in-browser Javascript. In which case calling it "secret" is silly.
If it relies on servers (thus keeping the "secret") run by Google then why bother with it all? Why not just use OAUTH/OAUTH2 authentication against existing Google+ logins and then no need for a 'bot test?
Re:Secret? (Score:4, Interesting)
Where to complain? (Score:2)
Re: (Score:2)
I'd complain there, but I have to complete a captcha first
Don't block google trackers... (Score:4, Interesting)
Re: (Score:2)
I'm blocking 3rd party javascripts everywhere. I do often get the captcha, and I have always select store fronts/cars/whatever for numerous iterations. It's never sufficient to just tick the 'i'm not a robot' checkbox.
Annoyed by store fronts? (Score:2)
Are you kidding me? I fucking prey that I get the store front one rather than enter street sign hell for 5 minutes.
ReCap v2 is one of the worst things to ever happen to the internet and I prey to the god of the Internets that the creator dies or horrible death.
Re: (Score:2)
Prey is an animal hunted for food.
Pray is a song by Sam Smith (whoever the fuck he is)
Re: (Score:2)
That's what he said. He fucked his prey in a storefront because there were too many signs out on the street. And he hates God, because reCAPTCHA v2.
Gets yous some English!
Seems nice in theory but... (Score:1)
Re: (Score:2)
What if the user is not "normal"?
Then you get what happened to me today. I was wondering what was going on. I thought the problem was on my end. Multiple Capchas for simple Google web search? What a pain in the ass.
I won't be using Google anymore, that's for damn sure.
Re: (Score:2)
What's interesting is I reboot the machine and it's still happening. Seems to be tied to my IP address, which was assigned from a pool by Comcast. I can easily get a new IP address assigned but whoever gets this one next is going to wonder wtf is going on, lol.
Re: (Score:1)
Unless you play games or do something for a living that requires highly accurate mouse movement.
There are sooo many variables that go into the behviour of an end user vs bot that AI could never learn a profile of everyone. Hell my accuracy changes based on posture, alcohol comsumption, tiredness, etc. There's no way Google could know that.
Here's another rather silly example of why behaviour profiling is a bad idea - ever notice images refresh faster on mouse movement? Now erratically move your mouse a
You do the work for us to spy on you (Score:3)
If I understand right, the deal is that website developers now do the heavy lifting work of informing Google about every user and user action on their site, in meaningful profile-building ways, and in return Google will help them recognize bots.
Its similar to the deal they made with Google Analytics (inform Google of page visits and in return get traffic analysis) except the new captcha bargain will extract more visitor-profiling than was ever needed before.
Ooooh, they're spying on us! (Score:2)
I never know whether an image grid section that has one tiny edge/corner of the street sign or store front in it counts as a "street sign" or a "store front." I've tried it both ways, and I get it wrong every time. The textual CAPTCHAs were no better: as robots got better at solving them, the squiggly figures got more and more obscure, until AI was required to solve them.
Is reCAPTCH's new technique a spy system? I don't goddamn care. I just want user solving of CAPCHAs gone, using whatever technique they wi
Great --- except I'm not "regular" (Score:1)
> observing how regular users interact
Last time I checked, I don't think I qualified to be a "regular" user.
If this is done wrong, it's going to be a nightmare for me. And a lot of other users who are not "regular" because they are simply handicapped, as opposed to being outliers in the geeky/techno direction.
Advanced searching (Score:2)