1
0

Google’s new reCAPTCHA silently betrays everything you surf back to Google


 invite response                
2019 Jun 27, 9:49am   625 views  2 comments

by Patrick   ➕follow (55)   💰tip   ignore  

https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side

Now, when you enter a form on a website that’s using reCaptcha V3, you won’t see the “I’m not a robot” checkbox, nor will you have to prove you know what a cat looks like. Instead, you won’t see anything at all. ...

Instead, Google analyzes the way users navigate through a website and assigns them a risk score based on how malicious their behavior is. Khormaee won’t share what signals Google uses to determine these scores because he says that would make it easier for scammers to imitate benign users, but he believes that this new version of reCaptcha makes it incredibly difficult for bots or Captcha farmers—humans who are paid tiny amounts to break Captchas online—to fool Google’s system. ...

According to tech statistics website Built With, more than 650,000 websites are already using reCaptcha v3; overall, there are at least 4.5 million websites use reCaptcha, including 25% of the top 10,000 sites.


All of these sites expose everything you do on those pages to Google. By including links to Google reCaptcha Javascript, these sites allow Google to upload anything you entered (including passwords!) as well as details about exactly what you surfed.

With reCaptcha v3, technology consultant Marcos Perona and Akrout’s tests both found that their reCaptcha scores were always low risk when they visited a test website on a browser where they were already logged into a Google account. Alternatively, if they went to the test website from a private browser like Tor or a VPN, their scores were high risk.

To make this risk-score system work accurately, website administrators are supposed to embed reCaptcha v3 code on all of the pages of their website, not just on forms or log-in pages. Then, reCaptcha learns over time how their website’s users typically act, helping the machine learning algorithm underlying it to generate more accurate risk scores. Because reCaptcha v3 is likely to be on every page of a website, if you’re signed into your Google account there’s a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3—and there many be no visual indication on the site that it’s happening, beyond a small reCaptcha logo hidden in the corner.


You want to use the web? Sorry, Dave, you're not allowed to see 25% of the internet unless you're logged into Google and they have the ability to watch you poop.

Comments 1 - 2 of 2        Search these comments

1   exfatguy   2019 Jun 27, 9:53am  

"We also see you once said you liked Trump's hair. Your Alexa heard you say and then relayed it to me. Sorry, you will not be able to purchase that extra strength Metamucil via one-touch."
2   NuttBoxer   2019 Jun 27, 10:05am  

Not true if you use TOR. But on TOR you will have to spend several minutes going through their captcha before you succeed. My theory is the repeats are an attempt to track you through TOR.

Please register to comment:

api   best comments   contact   latest images   memes   one year ago   random   suggestions