Forget security – Google's reCAPTCHA v2 is exploiting users for profit | Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them

I kinda figured. It was annoying to do one, but then they wanted you to do two or three and that's absurd. Whenever it comes up now, I usually just close out.

Getting served a captcha often results in me closing the tab. I'm not doing stupid puzzles for you.

When they slow fade in the picture, I add one more software engineer to my kill list.

I bypassed 35000 google recaptcha v2 using bots. Don't ever rely on this for security

I honestly thought it was common knowledge that these things were essentially free labor for training AI.

There's nothing that can express my disdain for Google's reCaptcha.

😒 We're training its AI models 😒 It's free labor for Google 😒 Sometimes it wants the corner of an object, sometimes it doesn't 😒 Wildly inconsistent 😒 Always blurry and hard to see 😒 Seemingly endless 😒 It's the robot asking us humans if we're the robots

The objective of reCAPTCHA (or any captcha) isn't to detect bots. It is more of stopping automated requests and rate limiting. The captcha is 'defeated' if the time complexity to solve it, whether human or bot, is less than what expected. Now humans are very slow, hence they can't beat them anyway.

Google should bear the cost of detecting bots, rather than shifting it to users

how?

reCAPTCHA is exploiting users for profit

Well duh.

reCAPTCHA started out as a clever way to improve the quality of OCRing books for Distributed Proofreaders / Project Gutenberg. You know, giving to the community, improving access to public-domain texts. Then Google acquired them. Text CAPTCHAs got phased out. No more of that stuff, just computer vision rubbish to improve Google's own AI models and services.

If they had continued to depend on tasks that directly help community, Google would at least have had to constantly make sure the community's concerns are met. But if they only have to answer to themselves for the quality of the data and nobody else even gets to see it, well, of course it turned into yet another mildly neglected Google project.

I will gladly solve a reCAPTCHA for you today if you pay me for it today.

Remember the good old days when it was just malformed text you have to solve? I miss those days. AI was complete garbage and they had to use farms of eyeballs to solve them for bots, making it a costly operation. We've now totally gotten away from all of that.

WE ARE THE EYEBALLS AND I AIN'T GETTING PAID IN WOW GOLD TO DO IT EITHER

Why is that no news to me? How did so many people not know that? Should I have spread the word more, even if all people I told that where likr “yea, yea, of course, but, what can I do? 🤷🏻‍♀️”?

I don't really get where this article is going. They are all over the place.

Let's start with a fuck google. They are a evil company. But:

• Other captchas are also not very effective against bots. Arguably most traditional systems would be worst that recaptcha at fighting bots.

• Recaptcha agent validation while a privacy violation is faster than solving any other captcha and if you are hit with the puzzle is not that much more time consuming that every other captcha.

• That profit number is very questionable and they know it. Anyway, that's no much different and probably less profitable that most google services.

Also is ridiculous how someone can say in the same article that the image puzzle can be solved by bots 100% of the time and that is a scheme to get human labor to solve the puzzle. Am I the only one seeing the logical failure here?

And what's the purpose of all this? Just let bots roam free? Are they trying to sell other solution? What's the point?

I hate google as much as the next guy. But I don't really share this article spirit.

If I were to make a point. They point will be that people and companies should stop making registration only sites and dynamic sites when static websites are enough for their purposes. And only go for registration or other bot-vulnerable kind of sites of there is no way around it. But if you need to make a service that is vulnerable to bots, you need to protect it, and sadly there's not great solutions out there. If your site is small and not targeted by anyone malicious specifically you can get with simpler solutions. But bigger or targeted sites really can't get around needing google or cloudfare and assume that it will only mitigate the damage.

But if anyone knows a better and more ethical solution to prevent bot spam for a service that really need to have registrations, please tell me.

Try the headphone option.

No one makes a company use reCAPTCHA.

The conclusion can be extended that the true purpose of reCAPTCHA v2 is a free image-labeling labor and tracking cookie farm for advertising and data profit masquerading as a security service,” the paper declares.

I thought this was known since it came out. It seemed even more obvious when the images leaned in heavily to traffic related pictures like stoplights.

Gonna have to disagree hard with this, based on extensive first-hand experience (web dev). I've added CAPTCHA to dozens (hundreds?) of web forms, and it all but eliminates spam.

I had to deal with one yesterday that wouldn't let me in no matter what I did.

So it isn't even good at figuring out who isn't a robot.

They were using us to label the data.

I thought the whole point of reCaptcha was to provide a reliable set of data to train bots. Entering a fuzzy scanned word, identifying bikes and traffic lights, etc.

The fact that they've now got that, and the bots are trained is hardly a surprise.

Without captchas the problem of spambots would still be a million times worse.

We already knew that, but it's nice re to have data.

reCAPTCHA v2 visual challenge images are all pre-labeled and user input plays no role in image labeling

That's funny, because when I'm faced with this, I keep adding/removing one of the image randomly and it keeps accepting them as ok.

Is it only 7200 people solvning reCAPTCHA every hour for the past 13 years? Feels like it should be more?

Does this work?

https://addons.mozilla.org/de/firefox/addon/noptcha/

I thought this was old news 20 years ago?

I thought it was detecting bots based on how you are moving your mouse, etc to solve it, but if they can be solved by AI do they want their AI trained by other AI?

Alright, I don't use google.com

Edit: this was in reply to someone. I guess my app fucked up the reply.

I mean, duh? With proof of work captchas existing, there's no reason to have those image selection captchas... Ever...

How those work is by having the server generate a puzzle. Server side this is cheap to generate, while client side solving is "hard". The server can even choose the difficulty of the puzzle, and even set it dynamically. This means that when your website is under light load the captcha can be really easy/fast to solve. If your website is under attack however the captcha can be set to take seconds to solve.

I always thought they are just getting the training data for AI using these.

It is undoubtedly a new piece of research, but the cause is always the same: corporations exploit people because they are taken out of government and democratic control effectively everywhere.

Some corporations employ more people and have bigger budgets than some countries and they often influence people's lives more than the government. Yet they're effectively electoral monarchies where electors and monarchs are just a bunch of rich assholes who respond to nobody.

Only when we change that system then those headlines will stop.

Dropping this from Upper Echolon: https://youtu.be/IWUHv3S8JVI?si=KWxZLqJhEPSCXbNV

Sometimes I think writers just try to find things to be edgy about. The straws this grasps at it are incredible. Might as well complain from the billions of unpaid man hours people provide by providing common courtesy for free.

This is bullshit. Author is literally insane.