I've seen this a week ago on reddit. The researched told google about this vulnerability and Google doesnt care about it, they are totally OK with it. You can see here that captcha doesn't block robots, but blocks people and makes browsing inconvenient. reCaptcha is a way google mines data from us for free.
> Google doesnt care about it, they are totally OK with it
Google hasn't said they don't care about it, where did you see any of that ?
They merely allowed the code to be released despite it still working against the current. Previous experience (namely the original uncaptcha) prove that they intend to find a way to fix it.
> You can see here that captcha doesn't block robots, but blocks people and makes browsing inconvenient.
Total BS, remember it's not Google that uses it, it's website owners (us), if what you claim was indeed true we wouldn't be using it, we would use something else that did what we wanted.
> reCaptcha is a way google mines data from us for free.
Of course, through the visual selection it displays when "unsure", although I do not know the detail it seems pretty obvious that once it's sure you're human it sometimes ask you to detect things in picture anyway so as to provide training data (for maps, waymo, image search, whatever ...)
I 100% agree but it's not like captcha are a complicated things or that we didn't all more or less switch to it from something else.
I can say for my current needs right now that if created a non-subscriber posting content page tomorrow I would use a captcha because it removes enough bot to be worth it, and I would go with recaptcha because I find it the better one for end users (I as a user prefer to see it on websites compared to other solution).
100% nonsense. When I use Firefox with 3rd party cookie blocked, it does not accepts my correct answers. Waste 5 minutes of my life to beg google to let me in.
Allow 3rd party cookie, log in to google and I only have to check a box.
Same when I use VPN, it does not accept any of the correct answers.
So when Google sees that I am trying to protect my privacy, it punish me by having to work for them.
One more thing. If try to use audio challenge in the first case, it directly told me that I am using some method to solve captcha and they won't allow it. So much fun.
I have literally never been asked to solve one of those image recognition recaptchas in my main browser profile. (While it happens once a month in incognito windows.)
So it's not at all obvious that known humans are being asked to solve captchas just for the purposes of training.
It barely asks you if you use Chrome and/or are logged into a Google account. ReCaptcha is how you make Firefox and IE/Edge users without a google account hate you.
Because believe me, if I get asked to click another 50 cars without good reason, (3 failed logins would be a good reason) I'll blame your site for being dumb and not google.
I have only been served image captchas since forever. I literally thought the warped text captchas had been phased out. I literally never see anything but image captchas.
I think the warped text ones have been phased out, but AFAIK it's in favor of the ones people mentioned above and some black magic for detecting humans without needing to click things.
(I work for Google, on nothing related to browsers or recaptcha, this is purely my impression from encountering it logged in and out.)
For the record, the one I meant are the second solving: sometimes recaptcha ask you one (I believe it is genuine), and then after you succeed it ask again with another set of picture (sometimes another question), which I believe is for training.
I have it semi-regularly (like once or twice a week); but I also have some automated tooling using my account AND I travel quite often so location testing probably flag we as weird.
Remember that the original recaptcha also did that with text to help train OCR (it would send a known word and a unknown word, if you succeeded at the known word it would record the answer for the unknown one, and after enough people gave the same one train it as the proper OCR'ed text).
I feel that this depends on how fingerprintable your browser is. Signed in to Chrome? You’ll likely see nothing. But logged out and using Safari’s Private Browsing? You will likely have to do it multiple times.
I have the feeling this is also configurable somewhere.
A few months ago, my bank added the image-clicking one to its login screen. I've always gotten past that one on the first attempt. But with the same profile on the same Firefox, all other sites always take multiple tries.
Google allows website operators to configure how sensitive they want v2 or v3 to be, but in practice it makes little difference. The only apparent effect on v2 is that the least sensitive setting permits the use of the noscript version. The least sensitive setting of v2 will still harshly hassle and punish users who aren't in compliance with google, unless they use the noscript version. Then and only then, it lets people through for correct answers every time.
The 'owner' of the recaptcha API key can set a slider on a scale from "Easiest for users (some security features turned off)" to "Most secure (all security features turned on)"
> They merely allowed the code to be released despite it still working against the current. Previous experience (namely the original uncaptcha) prove that they intend to find a way to fix it.
