12 Matching Annotations
  1. May 2020
    1. Google encouraging site admins to put reCaptcha all over their sites, and then sharing the resulting risk scores with those admins is great for security, Perona thinks, because he says it “gives site owners more control and visibility over what’s going on” with potential scammer and bot attacks, and the system will give admins more accurate scores than if reCaptcha is only using data from a single webpage to analyze user behavior. But there’s the trade-off. “It makes sense and makes it more user-friendly, but it also gives Google more data,”
    2. For instance, Google’s reCaptcha cookie follows the same logic of the Facebook “like” button when it’s embedded in other websites—it gives that site some social media functionality, but it also lets Facebook know that you’re there.
    3. Previously, Google has said that the data captured from reCaptcha is not used for ad targeting or analyzing user interests and preferences. After this story was published, Google said that the information collected through reCaptcha will not be used for personalized advertising by Google.
    4. one of the ways that Google determines whether you’re a malicious user or not is whether you already have a Google cookie installed on your browser.
    5. Website administrators then get access to their visitors’ risk scores and can decide how to handle them: For instance, if a user with a high risk score attempts to log in, the website can set rules to ask them to enter additional verification information through two-factor authentication. As Khormaee put it, the “worst case is we have a little inconvenience for legitimate users, but if there is an adversary, we prevent your account from being stolen.”
  2. Mar 2020
    1. How "Invisible Captcha" Works Invisible Captcha, or reCAPTCHA, requires end-users to click a button that says "I'm not a robot" and Google can determine whether to prompt the user with additional question (i.e. select pictures that best describe X) to verify if that person is in fact not a robot.

      That's not accurate. Invisible Captcha is only one kind of reCAPTCHA. The terms are not simply interchangeable, as is implied here.

      From https://www.google.com/recaptcha/admin/create, we can see 2 main reCAPTCHA types:

      • reCAPTCHA v3 - Verify requests with a score
      • reCAPTCHA v2 - Verify requests with a challenge

      And these subtypes for reCAPTCHA v2:

      • "I'm not a robot" Checkbox - Validate requests with the "I'm not a robot" checkbox
      • Invisible reCAPTCHA badge - Validate requests in the background
      • reCAPTCHA Android - Validate requests in your android app