Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Do you think Google's recaptcha has gone greedy off late?
63 points by piyush_soni on Dec 18, 2018 | hide | past | web | favorite | 46 comments
For past some time, on a lot of websites I visit the usual one click 'recaptcha' doesn't work, and it asks me to click various images. That would be ok, but while previously you generally had to click just one category of images, recently I've been noticing they keep on showing multiple images in multiple categories (cars, bicycles, cross walks, buses etc.) and force us to click on all of them. Google is making us do slave work for free, and we don't seem to have many options if we want to use a particular website. Just wanted to check if anyone else has observed a similar pattern.

I've noticed the same thing. It's pretty annoying.

The original premise of Recaptcha was: "Do good by helping digitize books".

Now it's: "Provide some free work classifying images so we can improve our commercial products, because the owner of the website is too cheap to pay for spam detection tech."

> too cheap to pay for spam detection tech.

Can you suggest alternative?

I prefer going to the old captcha rather than spend 2 minutes clicking on images

Honeypot hidden fields are still fascinatingly efficient. Plain old captcha, even self hosted, is not bad. Written text questions that need actual answers (2+3 = write in a word). Combine some of them, you're good to go.

Honeypot is bad because it does not prevent malicious users that can write bots. Same goes for 2 + 3.

Plain old captcha is pretty much the only choice AFAIK.

It really depends on what you are protecting. In many cases, no one is going to build a custom script to defeat your custom captcha method of they just want to spam your comments section. The problem with widely used systems is that it is more efficient to write a bot to circumvent them and then look for others who use the same captcha system.

I hidden input tag (through .css file) with an id="url" worked for me!

Yes I have absolutely noticed the same thing.

It seems to be quite excessive.

A few years ago it was like "we need to make sure you are not a robot".

Now it goes like this "we need to make sure you are not a robot ... oh yeah it seems like you are a human ... hey you have a moment to help me identify these road signs? how about these shop fronts? a few cars? ... thanks!"

Yes, I also noticed this. It's especially annoying since many companies chose to implement "always on" Google Captcha on their login pages now (as they can't or won't implement proper defenses against brute-forcing). This makes logging in really painful. I guess for Google it's a pretty lucrative arrangement though as they basically get billions of free click workers that annotate their ML training data.

Yeah, noticed this. They are forcing us to solve multiple captchas for no reason.

Google wants to improve their AI for FREE!

I wonder if Foogle is crowdsourcing Waymo’s vision system...

Funny thought ... at the scale that Google operates, you could use still images to crowdsource waymo driving in real time on quite a few cars at once.

In my experience you are unlikely to have problems when you are logged into your Google account with an "old" cookie. If you block cookies, ads & third party js/trackers, use firefox containerisation and other privacy addons, they will punish you by letting you identify traffic lights for a few minutes.

The logical explanation is that they use various tracking methods to evaluate your "human score" and blocking them makes you suspicious, thus the repeated and increasingly hard tests.

> If you block cookies, ads & third party js/trackers (...) they will punish you

Exactly. I feel like Google is trying to beat me into submission.

> the repeated and increasingly hard tests

I don't mind solving quick captcha, but I'm often asked to solve one after another, repeatedly, just to be told that I missed something and I have to do it again - even if I'm 100% sure that I solved the captchas correctly. It happens every day. This is malicious, abusive behaviour.

Also puts pressure on users to switch to chrome so that they avoid this hassle.

I get the same hassle in chrome. Haven't noticed it being any worse now that I switched to Firefox.

I have a conspiracy theory: they track the persistence level of the user and if the user is very persistent then there is no harm is giving them a few extra puzzles to solve right? I honestly think this might be the case.

Yes, 20+ times sometimes. Totally user-hostile.

Yes. In fact I posted a similar thread only a few weeks ago:


This along with GDPR popups and now having to verify every device you log in with via email (separate to 2fa) is making login a real pain across the web.

An aside: Some sites have recaptcha that solves in one try everytime while most will present 5-7 images. I’d assume that there is some sort of aggressiveness setting for it, which may be set to very high by default(benefits google I suppose?) when not configured properly ...

I've effectively given up on Google Captchas. If there's a site that asks me to go through with one, and it expects me to click on pictures, I just close the site and do something else. I absolutely refuse to play their monkey through tens of images with excruciatingly slow fade-outs/-ins. They've become frustratingly obnoxious over the past year or two.

That is not an option anymore as all major services use captcha. Previously, I’d just delete my account/cancel subscription & reported my irritation with recaptcha, but now all major services I need to use are doing it, so no choice. Only Amazon/MS/Apple using old wiggly captcha, everyone else is on recaptcha :(

Yup, I've noticed that for several weeks now. The other day I had to click traffic lights for 7 images to submit a comment somewhere.

My anecdotal experience: it's much more work-intensive on mobile sites than desktop. I seem to have to do multiple rounds of "storefront", "crosswalk", "bridge" detection before it finally goes away.

makes me long for the days of Rapidshare Cats.

Not only those recaptchas — I just had a page present a Google-branded widget that asked me a market segmentation type personal question to allow me to read an article. I clicked the back button instead. The greed is indeed a bit over the top.

Yeah, I've been noticing that too. The best part is that they don't even work that well against bots anymore; I'm literally running a Firefox plugin that autofills audio captchas with Google's own services.

I have been having the exact same thought. Lately, it's been too much work, it says 'failed, try again' until you do a bunch of them - cars, traffic lights, bicycles, etc. It makes me mad.

Yep super annoying. I know sears went bankrupt but now you can't use their website at all b/c of the recaptcha. If I were these companies I'd cancel the Google recaptcha services.

Also, if you're using Firefox, you will encounter those "verify you're not a robot" far more than if you're using Chrome which is something I hate.

Interesting. I have noticed that recaptchas can be frequent on Firefox Android, and yet I hardly ever run into them on Mozilla Brave Android, which is built on Chromium.

The weird thing to me is that I’m either checking a box and doing nothing or going through some annoying process. There isn’t much middle ground.

I’ve entirely given up when I encounter a Google captcha. It thinks I’m a robot 90+% of the time and takes so long it’s just not worth it.

I often struggle to pass reCAPTCHA, it usually takes 2-3 tries before I am considered a human-being

I have noticed too. It asked me so many times, I was really annoyed.

I think recaptcha is terrible for many reasons. That is one of them.

What are the others?


Yeah need some deep neural network solution to solve these for us.

Maybe blame the bots and spammers that have led to a situation on some sites where aggressive recaptcha is the only defense?

So far the only thing I saw that could break previous "squiggly text" style captchas was some research papers. I have yet to see any of it used in the wild.

So I doubt spammers brought this upon us - the previous captchas were more than effective at keeping them at bay already.

The real reason is shitty Google being greedy and needing someone to label their training data.

Reddit has tons of bots and I've heard Twitter is just as bad.

A lot of social media “bots” are actually human farms against which no captcha can defend.

But I thought that's what Google's promise was (hard for machines, easy for humans)?

Do you use a VPN OP?

I assumed that was my issue.

I do use at times, yes, but mostly not. Even when I'm not using it and logged in with my 'official' personal account, it shows these images to click on, at least three sets of multiple images.

I call it censorcaptcha lately. it is pretty clear when the algorithm put you in hell-ban mode.

hide your cookies from google and get removed from any internet discussion. only the voices oblivious to google tracking have a place now.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact