No-Captcha

bentael

spam be gone

Moved Permanently

(googleonlinesecurity.blogspot.com)

baris

I'm confused how does this prevent bots from checking the checkbox

Scuzz

Google probably uses all the information it knows about you to see if you are a bot or not.

They know.

julian

Pretty neat. From an isolated POV, they could examine user behaviour on the page, look at mouse movement, speed at which a forum is filled out, time on page...

But if you think outside the box, Google could be using cookies to build an online profile based on your behaviour. That same cookie hits the noCAPTCHA, the server will respond with an aggregate result of that behaviour...

---

At another job, I thought about this sort of thing (albeit it did not go much further than that). Even if a user clears their cookies, you can still piece it back together:

• Cookie: abcdef accesses site, logs in to uid 123, builds some profile data based on behaviour
• User clears cookie
• Cookie: foobar accesses the site, logs in to uid 123, builds more profile data, aggregated with the behaviour data gathered earlier from abcdef

Carter Gale

@julian That what I as thinking, sadly Google decides to keep us in the dark about the specifics of how it works. Although, I believe that is how it works, by analyzing your mouse movements and such, and I am VERY happy to see reCaptcha's going away -- hate those things :C

A Former User

This makes me happy - but leaves me with so many questions. Honestly not sure what to make of it.

PitaJ

Another reason recaptcha is going away is because literally every single book has been dignified, so there is no need for it. They were using it for addresses and stuff, but they have created such a good text recognition platform that they don't even need it for that anymore.

Schamper

Someone partially reverse engineered it.
The original repo was deleted, but Google still has a cache.

Error 404 (Not Found)!!1

(webcache.googleusercontent.com)

it comes down to:

• Plug-ins
• User-agent
• Screen resolution
• Execution time, timezone
• Number of click/keyboard/touch actions in the <iframe> of the captcha
• It tests the behavior of many browser-specific functions and CSS rules
• It checks the rendering of canvas elements
• Likely cookies server-side (it's executed on the www.google.com domain)
• And likely other stuff...

bentael

[email protected] now uses the new Google NoCAPTACHA thing, compatible with NodeBB 0.6.0-dev

Thanks to @wzrdtales

Breaking change

Your old CAPTCHA keys won't work, generate new ones
(upgrade note)

wzrdtales

@bentael said:

[email protected] now uses the new Google NoCAPTACHA thing, compatible with NodeBB 0.6.0-dev

Thanks to @wzrdtales

Breaking change

Your old CAPTCHA keys won't work, generate new ones
(upgrade note)

No problem

The new ReCaptcha is way more comfortable and works great, unfortunately if you fill out about 5 captchas the same day you will be treated to type in the words, pictures again

At least it feels like