'We've all tried to log into a website or submit a form only to be
stuck clicking boxes of traffic lights or storefronts or bridges in a
desperate attempt to finally convince the computer that we're not
actually a bot. For many years, this has been one of the predominant
ways that reCaptcha -- the Google-run internet bot detector -- has
determined whether a user is a bot or not. But last fall, Google
launched a new version of the tool, with the goal of eliminating that
annoying user experience entirely. Now, when you enter a form on a
website that's using reCaptcha V3, you won't see the "I'm not a
checkbox, nor will you have to prove you know what a cat looks like.
Instead, you won't see anything at all.
Google is also now testing an enterprise version of reCaptcha v3,
where Google creates a customized reCaptcha for enterprises that are
looking for more granular data about users' risk levels to protect
their site algorithms from malicious users and bots. But this new,
risk-score based system comes with a serious trade-off: users'
privacy. According to two security researchers who've studied
reCaptcha, one of the ways that Google determines whether you're a
malicious user or not is whether you already have a Google cookie
installed on your browser. It's the same cookie that allows you to
open new tabs in your browser and not have to re-log in to your Google
account every time. But according to Mohamed Akrout, a computer
science PhD student at the University of Toronto who has studied
reCaptcha, it appears that Google is also using its cookies to
determine whether someone is a human in reCaptcha v3 tests. Akrout
wrote in an April paper about how reCaptcha v3 simulations that ran on
a browser with a connected Google account received lower risk scores
than browsers without a connected Google account.
"Because reCaptcha v3 is likely to be on every page of a website, if
you're signed into your Google account there's a chance Google is
getting data about every single webpage you go to that is embedded
with reCaptcha v3 -- and there many be no visual indication on the
site that it's happening, beyond a small reCaptcha logo hidden in the
corner," the report adds.'
-- source: https://tech.slashdot.org/story/19/06/27/2139219
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174