Posted on by Michael Catanzaro

On reCAPTCHA Dread

When did reCAPTCHA become so maddeningly difficult and time-consuming?

I wanted to read Matthew Garrett’s post on Intel’s remote AMT vulnerability, but since I’m using Private Internet Access, Cloudflare has gated it behind reCAPTCHA. reCAPTCHA is much, much harder than it used to be. Although there seem to be a couple of other variants, nowadays you’re generally expected to identify squares that contain street signs and squares that contain mountains. Now either the answer key is regularly wrong, or I just don’t know what street signs and mountains are. You’d think the former… but there actually is a good degree of ambiguity in selecting which squares to tag.  Do I only tag all the squares that contain the signage-portion of the sign, or do I also tag the squares containing the signpost? (The former seems to work better, in my experience.) What if only a little bit of the sign extends into a particular square? (Jury’s out.) What if there are very distant signs in the background of the image, with many big signs in the foreground: should the distant signs be tagged too? And what constitutes a mountain anyway? Most of the “mountains” I see in the reCAPTCHA images look more like impressive hills to me. My guess is that reCAPTCHA wants me to tag any bit of elevated land as a mountain, but who knows, really.

Worse, once you tag some squares as signs or mountains, more squares appear in their places, making the captcha seem almost never-ending: you never know when you’ll finish. I dread each time new squares appear. I regularly find myself taking much too long to solve the captcha, often as much time as I would actually spend reading the gated content. Once I finish, I await the answer… “try again.” Which squares did I get wrong, Google? There’s no way to know. Back to start.

Today, for the first time that I can recall, I gave up after I was told to Try Again a few too many times in a row. I refreshed the page, thinking to try the captcha again… no luck this time, either. So congratulations, Google, on designing a usability nightmare captcha that can keep humans out. I know it has to be hard enough to make it difficult to solve with computer vision, but if humans can’t pass it, your captcha has failed. And so I am stuck reading Matthew’s article in Liferea.

Remember the days when all you had to do was spell out two words?

15 Replies to “On reCAPTCHA Dread”

  1. I tried briefly to look for a workable alternative for my website, and I couldn’t. Disabled reCAPTCHA for a few days (relying only on Akismet for spam filtering), and eventually the spam bots did get through.

    1. I wish most of my friends would run gpg. Then I’d only read emails signed with verified keys and spam would be gone (except for the few instances where their computer gets infected, but then I’d know for sure whom to warn). I could even automate that and allow commenting on my website via email.

  2. “When did reCAPTCHA become so maddeningly difficult and time-consuming?”

    When Google ran out of easy work for you to do for them for free. Now it only has *hard* work for you to do for them for free.

  3. For me it sometimes only contains a one big checkbox that says “I’m not a robot” or something like that. Sometimes it even passes automatically, like the checkbox is already pressed. But sometimes I get those squares. Do you know how is that determined?

    1. Yeah. Through cookies.
      If you pass the captcha once then it remembers you as a human and you don’t get the squares again .

      1. I guess that’s defeated by Epiphany’s default behavior to block third-party cookies?

  5. Well, someone has to verify that the machine has learned the correct thing. Is that really a mountain? A street sign? You’re contributing to machine learning whether you want to or not.

    This is really on the website operators. They’ve chosen a “protection level” at CloudFlare that means any IP address that originates a lot of users will get set aside and asked to answer a CAPTCHA. Most websites don’t need this! But it’s the tyranny of the default setting, causing unnecessary pains for regular visitors.

  6. “Remember the days when all you had to do was spell out two words?”

    Actually I do. And by my recall of events in the end these two words were so warped around and obscured by so many lines, patterns and colors that it was getting difficult for humans to read the words.

    And that’s how we ended with the “new” and “improved” recaptcha aka “identify a dozen street signs for me” puzzles.

  7. Slightly OT: Does a reCAPTCHA like JS library exist, that one can self-host and that is free software? I.e. I want the same “wonderful” UI with street signs and mountains, but only to talking to my own server. TIA!

  8. To understand it, just think from the perspective of those who want you to help them identify the signs to help their image recognition algorithms. You’re much cheaper than their processing time.

  9. Can you spot the mountain?

    http://imgur.com/dytmwx5

    These captchas by google seem to be to be clearly anti-competitive. As long as they allow their own bot through, this system seems to be breaking anti-competition laws. Microsoft, sue these @sswhos into oblivion!

    And, how dare *google* accuse me of being a bot.

  10. If you disable JavaScript (which is what you should be doing by default anyway), many instances of reCAPTCHA will use the non-JS mode, where you need to check the boxes that correspond to the desired objects (street signs, mountains, rivers, cars, buses, grass). Mostly street signs (about 90% of the time) though. Usually there’s exactly four squares with a street sign, and it takes roughly 5-6 seconds to complete a challenge.

    [WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.

Comments are closed.