“No CAPTCHA reCAPTCHA” is as annoying as reCAPTCHA if…

reCAPTCHA

When completing an online form, proving that you’re not a robot can be very annoying. Sometimes even frustrating, especially if the website uses reCAPTCHA or a similar implementation of a system that asks you to decipher some cryptic text.

I don’t use reCAPTCHA on this website, but I do encounter it on other websites. So it was heart-warming to learn that Google has released a new implementation of reCAPTCHA called No CAPTCHA reCAPTCHA that doesn’t come with reCAPTCHA’s annoying aspects.

The official announcement has it that “a significant number of users will be able to securely and easily verify they’re human without actually having to solve a CAPTCHA. Instead, with just a single click, they’ll confirm they are not a robot.”

What’s not to like about that? But is it as simple as that? And how does the system know that the entity completing a form is a human and not an automated script? The simplest way to find out is to try and complete an online form protected from bots by No CAPTCHA reCAPTCHA.

Related Post:  Design a secure and usable communication tool, win a prize

Before I relate my experiences with the demoes, I should point out that the developers do concede that “CAPTCHAs aren’t going away just yet.” And that “In cases when the risk analysis engine can’t confidently predict whether a user is a human or an abusive agent, it will prompt a CAPTCHA to elicit more cues, increasing the number of security checkpoints to confirm the user is valid.”

But in cases where the system is able to determine that a user is a human, how does it know? From my tests, here’s how I think the system knows: Prior login information. Cookies don’t seem to play a part in the ability of No CAPTCHA reCAPTCHA to uniquely identify you.

While logged into a Google property and visiting the official demo website, for example, No CAPTCHA reCAPTCHA was able to accurately determine that the entity submitting the form was not a robot. Figure 1 was taken from that attempt.

No CAPTCHA reCAPTCHA
Figure 1: Passed a No CAPTCHA reCAPTCHA test.

However, visiting the same demo website from browsers that I’ve never used to log into a Google property, the system was not able to identify me. And that’s true whether the browsers were configured to accept Cookies or not.

reCAPTCHA
Figure 2: Failed a No CAPTCHA reCAPTCHA test.

So it appears that the “significant number of users” that “will be able to securely and easily verify they’re human without actually having to solve a CAPTCHA” will be those already logged into the website. For the other very significant number of users that the system cannot uniquely identify, it will try the old technique – shove a reCAPTCHA in there faces.

Related Post:  How Exynos 5 Octa HMP efficiently allocates workload to big.LITTLE CPU cores

So the benefit of No CAPTCHA reCAPTCHA is very minimal, unless there’s something that I’m missing.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Upcoming events

6 Responses

  1. CAPTCHA / reCAPTCHA has been a problem for me until I just updated to Ubuntu 17.04. I can’t seem to sign on to anything because the CAPTCHA doesn’t even show up on the page. Preferences does not indicated an on/off switch for it either. I’m going to have to go back to 16.04 or even better 14.04LTS. I enjoy commenting in real time about everything especially politics, and science.

  2. You were indeed missing something. The fallback to text captcha was temporary. When this was released last year, a week or so later the text captcha made room for the image selector. This removed the last traces of the text captcha.

  3. I am trying for past two days to read and enter the letters in the recapcha. I never seen such code in my life in internet. What is that security. I wondered how Google is preparing such quality less product and wasting time and irritating people. Is it providing that much security?
    Please make it readable fore mate. It is not security question to answer and remember.

    Please

  4. Thanks for publishing and researching this. I thought I was crazy. No captcha yet we still prompt you for the old captcha…huh.
    I was thinking may be they are checking a time on the page factor because that is another way behind the scenes to test for automated form submitting.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.