Research Findings:

  • reCAPTCHA v2 is not effective in preventing bots and fraud, despite its intended purpose
  • reCAPTCHA v2 can be defeated by bots 70-100% of the time
  • reCAPTCHA v3, the latest version, is also vulnerable to attacks and has been beaten 97% of the time
  • reCAPTCHA interactions impose a significant cost on users, with an estimated 819 million hours of human time spent on reCAPTCHA over 13 years, which corresponds to at least $6.1 billion USD in wages
  • Google has potentially profited $888 billion from cookies [created by reCAPTCHA sessions] and $8.75–32.3 billion per each sale of their total labeled data set
  • Google should bear the cost of detecting bots, rather than shifting it to users

“The conclusion can be extended that the true purpose of reCAPTCHA v2 is a free image-labeling labor and tracking cookie farm for advertising and data profit masquerading as a security service,” the paper declares.

In a statement provided to The Register after this story was filed, a Google spokesperson said: “reCAPTCHA user data is not used for any other purpose than to improve the reCAPTCHA service, which the terms of service make clear. Further, a majority of our user base have moved to reCAPTCHA v3, which improves fraud detection with invisible scoring. Even if a site were still on the previous generation of the product, reCAPTCHA v2 visual challenge images are all pre-labeled and user input plays no role in image labeling.”

  • Bezier@suppo.fi
    link
    fedilink
    English
    arrow-up
    83
    arrow-down
    1
    ·
    4 months ago

    they wanted you to do two or three and that’s absurd

    Yea how about 20

    • LucidNightmare@lemm.ee
      link
      fedilink
      English
      arrow-up
      53
      ·
      4 months ago

      VPN? Google will just go in a loop with these things, so I just stopped using Google completely.

      • Bezier@suppo.fi
        link
        fedilink
        English
        arrow-up
        12
        ·
        edit-2
        4 months ago

        No. But it’s also not like I get 20 constantly, it was just the worst I’ve seen. Usually it’s 2 to 5, I think.

        I assume they’re just collecting data on how many are users willing to do.

        • LucidNightmare@lemm.ee
          link
          fedilink
          English
          arrow-up
          20
          ·
          4 months ago

          One time I did five in a row, because I use VPNs for everything, and realized after the 5th time that it would have been easier to just use bing so I do that first now. Google has turned into my last last resort, which is quite funny, because that’s where Bing used to be. Lmao

      • I Cast Fist@programming.dev
        link
        fedilink
        English
        arrow-up
        10
        ·
        4 months ago

        Whenever I’m on a private window the captchas just keep on coming. Trying to reset your Steam password via the program will also trigger an infinite loop of captchas, you HAVE to use a browser.

    • Dudewitbow
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      4 months ago

      if you have to do that many, you either have some privacy setting on or on a flagged ip given from a VPN

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          4 months ago

          Most people don’t, most bots do. You look more like a bot, so you get extra challenges.

        • Dudewitbow
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          4 months ago

          its abnormal to them because vpns are often also used by bad actors. your use is not abnormal but its a there are other people misusing it making it worse for everyone else.

          • Landsharkgun@midwest.social
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            4 months ago

            Wow, way to blame individuals who take basic precautions instead of the corporations who are blantly invading your privacy. Good job making the world a better place, bud.

            • Dudewitbow
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              point where i blame the individuals, the blame is clearly on the bad actors (e.g bots)

    • sramder@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 months ago

      I tried to order some components on Digikey a few months ago and I’m still mentally scarred. Probably did a few hundred of those things over the course of 2 weeks.