thereaverofdarkness wrote:I heard on a YouTube video (Veritasium I think) that Google tracks your usage history and decides if you seem bot-like. Thus sometimes the very easy captchas (in particular the one that simply asks you to click) are still effective bot deterrents. Just because you can solve the captcha doesn't mean it'll let you in.
That's Google's NoCAPTCHA-ReCAPTCHA. And although you got some of it correct, there are some inconsistencies with your statement.
Google doesn't JUST rely on usage history, it relies on a bunch of things to determine if you're a bot. Some of those things include:
- Your IP addresst
- Your previous internet traffic
- How your mouse moves to approach the checkbox
- How many times your IP address solved the CAPTCHA correctly* in the past
- The current time
- The current date
- The operating system and browser you're currently connecting from
& a bunch of other data that Google won't disclose for security reasons.
That data is then sent to a risk-analysis computer that takes the data and determines if you are a human or a robot with an output of a confidence level. If the machine's human output confidence < 70%**, then the computer will ask you to preform an actual CAPTCHA. From here, it's pretty easy: solve CAPTCHA = you're a human.
For the actual CAPTCHAs, Google was really smart when it came to that.
See, the reason why they ditched the old CAPTCHAs is because, well, they were too easy for robots, and too hard for humans. Back when computers had 2 MB of RAM and Hard Drives were still a pretty new invention, account bots DID exist, but they were extremely primitive. OCR was practically non-existent, so when websites had an issues with fake accounts, they just slapped up a CAPTCHA, and the bots would stop coming. However, the actual people would still be able to sign up, because we can read distorted text (up to a certain extent; some knock-offs would distort text beyond all recognition, hence why some website admins asked "ARE ALL OF OUR USERS ROBOTS!?"). Fast-Forward to about 2007: the new service ReCAPTCHA took over a while back, and is currently running the show. Too bad they're losing. At this point, OCR had advanced to the point where the CAPTCHAs could be solved with ease. And oh boy, were they solving them! In fact, at one point in late 2009, OCR had advanced so much that the robots were solving them with more successes/submits than people! So Google
helped out partnered with ReCAPTCHA bought out ReCAPTCHA and starting creating their own using Behavioral Analysis. 4 years later, Google came out with NoCAPTCHA-ReCAPTCHA. And it, well, worked. Instead of using text, when a user was prompted to complete a CAPTCHA, they needed to preform image identification (i.e: click all the squares that contain a street sign), which is something that most modern computers really can't do without taking an eternity to process the image. However, people can do it with ease, since it's pretty easy to identify a storefront or flower or cat.
I actually think that this forum should incorporate this CAPTCHA. the radio buttons are ok, but I could literally program a bot in Java in about 30 minutes that could create hundreds of spam accounts for shits and giggles. Not that I would do that.
*"Correctly" in this context defines as clicking the "I'm not a robot" button and not having to complete an actual CAPTCHA. It also includes solving the actual CAPTCHA correctly on the first try.
**This is just a rough estimate based on my standards. The threshold may actually be higher or lower based on Google's security settings.
