back to article Let's recap reCAPTCHA gotcha: Our cunning AI can defeat Google's anti-bot tech, say uni boffins

US-based academics claim they have developed a machine-learning system that can beat Google's bot-detecting reCAPTCHA system. Designed to stop stuff like automated scripts from doing things like creating accounts or purchasing tickets online en masse, reCAPTCHA v2 presents an image, or a series of images, and asks netizens to …

  1. g7rpo

    Catcha is the most annoying piece of crap ever

    That is all

    1. GnuTzu Silver badge

      Re: Catcha is the most annoying piece of crap ever

      O.K. but, the really annoying ones are the text-based ones, particularly the ones where they've gone too far making the text hard to read.

      1. Corwin_X

        Re: Catcha is the most annoying piece of crap ever

        Have to respectfully disagree - the text ones you can just do a renew to get one you can read.

        The picture based ones need to be killed with fire. Especially since it's all yank based and, as someone mentioned, not everyone around the world knows what a "crosswalk" is. It's the rough equivalent of a pelican crossing in the UK BTW.

        1. Graham Dawson Silver badge

          Re: Catcha is the most annoying piece of crap ever

          Except in the cases where it's elongated text on the road that recaptcha decides is a "crosswalk" and penalises you for not clicking.

        2. skeptical i

          Re: Catcha is the most annoying piece of crap ever

          Kill it with fire, drown the ashes, then lob the steaming pile into space. Can that AI thingie be made available for download so one can simply set it to attack the next recaptcha box, go get another beverage, come back to a completed exercise, and save some sanity?

        3. iron Silver badge

          Re: Catcha is the most annoying piece of crap ever

          Yup I have no idea what a "crosswalk" is, what constitutes a "storefront" for Google or why they show me pictures of yellow cars when they want me to click on Taxis. There's never a single black cab in any of the pictures! reCAPTCHA v2 is clearly the work of a Trump supporter because they think everyone understands Yank.

        4. GnuTzu Silver badge

          Re: Catcha is the most annoying piece of crap ever

          O.K. fair enough. It would be insane if the refresh wasn't there for the text ones. Yet, I'm finding that some of those text ones are so bad that a single refresh doesn't do it. I've definitely had to do more than a few refreshes for some of them.

        5. Kiwi Silver badge
          Pint

          Re: Catcha is the most annoying piece of crap ever

          It's the rough equivalent of a pelican crossing in the UK BTW.

          Sweet.. Cool. Now I know crosswalk=pelican crossing.

          But..

          WTF is a pelican crossing????

          1. Intractable Potsherd Silver badge

            Re: Catcha is the most annoying piece of crap ever

            Ah, you had to ask, didn't you? A Pelican (or PeLiCon) crossing is a Pedestrian Light Controlled crossing - a crossing with traffic lights activated by a pedestrian who wants to cross the road. Looking at https://www.drivingtests.co.nz/resources/pedestrian-crossings-and-refuges-sharing-the-roads-with-pedestrians/, you don't have them in NZ, nor most of the other menagerie of crossings - Puffin, Toucan, Pegasus, Tiger, and the extinct Panda, though you do have Zebras! See https://www.citylab.com/transportation/2012/03/puffins-pelicans-and-toucans-delightful-terms-british-crosswalks/1515/ for a quite amusing account of these creatures :-)

            1. Kiwi Silver badge
              Pint

              Re: Catcha is the most annoying piece of crap ever

              Ah, you had to ask, didn't you? A Pelican (or PeLiCon) crossing is a Pedestrian Light Controlled crossing - a crossing with traffic lights activated by a pedestrian who wants to cross the road.

              Ah yes, I know what they are now. We have several here in NZ actually. I'd send you a link to one but google maps doesn't seem to want to show me the menu that'd allow me to activate street view.

              Much like the one lower down in the link you gave, but without the accompanying road intersection.

              (I notice the other sign - "Turning traffic give way to pedestrians" has been changing - used to be shortened to "PEDS" but someone took offence at the preference given to paedos..... Yes sadly we have people who have too few other real problems and a pathological need to complain, or to few braincells (or both)

          2. e^iπ+1=0
            Linux

            WTF is a pelican crossing????

            One that features traffic lights for pedestrians rather than a Belisha beacon.

            Next, what's a Belisha beacon? Could always try Wikipedia.

      2. 's water music Silver badge

        Re: Catcha is the most annoying piece of crap ever

        The ones that boil my piss quickest are those that have a standalone image in each square and display a new one as you dismiss each one but it takes around thirty seconds to display each new image and keeps displaying new images for several days before letting you through

    2. Cederic Silver badge

      Re: Catcha is the most annoying piece of crap ever

      I'm fairly sure it breaches disability discrimination legislation but can't find a public body willing to pursue this. Instead they tell me to complaint individually to the companies using it to block me from contacting them.

      reCaptcha and autism spectrum disorders are seriously incompatible.

      1. mark4155
        Thumb Up

        Re: Catcha is the most annoying piece of crap ever

        Your so correct Captcha is so tiresome and annoying. I suffer from sight impairment and find it difficult to make out the letters, despite trying to refresh. The photos are just a blur to me. The audio, even worse. There must be a better way.

    3. bombastic bob Silver badge
      Mushroom

      Re: Catcha is the most annoying piece of crap ever

      and WORSE, if you make the photos SO HARD TO READ that you CANNOT SEE THE OBJECTS, and you have to CLICK ON MULTIPLE SCREENS to get past it... kinda like NOW.

      I had to use CAPTCHA on a California government web site the other day. IT REALLY PISSED ME OFF.

      Find all of the traffic lights - ok a walk signal, obvious on the pole, is it a "traffic light" or not. Then there's one WAY off in the distance, do I included THAT square too? Seems like including it GETS YOU ANOTHER CAPTCHA because YOU FAILED IT.

      @#$% captcha is the BANE OF TEH INTARWEBS. A _BOT_ that solves it BETTER THAN I CAN would be a WELCOME PLUGIN to my browser!!!

      1. 's water music Silver badge

        Re: Catcha is the most annoying piece of crap ever

        Finally a post where I can FULLY GET BEHIND your use of capitalisation bob.

  2. IGotOut Silver badge

    Is this avalible to the uk public

    Click the traffic lights...does that include the posts?

    Click the houses...does that include the flats above the shop?

    Click the shop....is that blurry image a shop or just a house with a big window?

    Click the crosswalk...wtf is a crosswalk!

    1. Foxglove

      Re: Is this avalible to the uk public

      'Click the crosswalk...wtf is a crosswalk!'

      A crosswalk is when you angrily walk away from the computer asking you to solve a dumb CAPTCHA to go and get the axe to fix the problem once and for all.

    2. Graham Dawson Silver badge

      Re: Is this avalible to the uk public

      A crosswalk is where americans go when they don't want to be arrested for safely crossing the road.

    3. GnuTzu Silver badge

      Re: Is this avalible to the uk public

      Geo-location is an actual thing. I can't imagine why they're not using it for this--when we absolutely know that they use it for their marketing services. Don't we?

      Anyway, it wouldn't make it any better.

  3. Andy Non Silver badge

    The most annoying CAPTCHAs are those that are absent

    I hate the things as much as anyone else, often struggling to get them correct after numerous attempts; but some sites don't even implement them correctly. On several occasions I've spent some time filling in an online form or browsing and placing an order on wesites only to be confronted with a message prompting me to solve a CAPTCHA at the end or checkout... except there is no CAPTCHA there to solve. I tick the box "I'm not a robot" and nothing, nada, zilch. Result... I end up abandoning the site and buying elsewhere, never to return to the original site.

    1. Corwin_X

      Re: The most annoying CAPTCHAs are those that are absent

      I've had quite a few instances of this. Firefox nope. Chrome nope. Edge nope. The only way I've been able to get it to dispay the actual Captcha is to use IE6 (may the goddess preserve my soul!!!).

  4. Anonymous Coward
    Anonymous Coward

    Can we just stop pretending that this is anything more than a speedbump to bots?

    Sites that implement captchas are just strong arming you into working on train Googles self driving cars for free. Funny how most of those sites are also dependent on Googles Ads to keep the lights on. So just stick an ineffective captcha instead of using SSO, 2FA, FIDO tokens or Authenticator and stick with the one that exploits all of your users as slave labor.

    1. SzS

      Re: Can we just stop pretending that this is anything more than a speedbump to bots?

      Those images I'm afraid are already trained ... Google will get richer user activity reports, DATA, while the Average User (AU from now on) would probably see some kind of fun in the process except in cases already mentioned like when you don't understand english - not a bad opportunity to learn something anyway.

      Other solutions require further data to be extracted, for the government, attackers, etc. while increasing your website security. Every website should provide at least two alternatives in my opinion, i.e., for those who like to play with graphics, or the 'better' 2FA for example. As a 2FA AU, I like to give - AU hint - my phone number only to mainstream companies that are supposed to better manage their anti-attackers, resources wise.

      I'm afraid v3 will end up like v2 (if not more 'unreliable'), time will tell. You can always use both anyway.

      Eager to see an innovative v4 .. But I'm afraid it will be based on V3 due to the fact that it's built upon multiple sources vs. how easy a puzzle problem a machine is able to solve (and Google's commitment with 'open source').

  5. JohnFen Silver badge

    Hopeful

    Since reCAPTCHA v3 is very likely to be impossible for me to pass, I'm hopeful that someone will create a system that will defeat that as well.

  6. Phil Endecott Silver badge

    Obligatory xkcd

    https://xkcd.com/1897/

  7. whitepines Silver badge
    Devil

    It's always bugged me at some deep level that I'm being forced to train Google's automated ML just to use things like banking websites, with that training then used to further break my privacy and limit what I can do in the real world. I've been pissed enough at it to try to feed it as much bad data as I can, hoping it'll do things like misidentify traffic lights as stop signs when Google tries to take over transport (I know, low chance of success, but still it's about the only act of rebellion available to me).

    The faster we can just throw a few seconds of processor power at sidestepping the entire headache, the better in my opinion.

    1. NATTtrash Silver badge
      Facepalm

      I am sorry... Maybe it's because I'm from a different part of the world... But, are you telling me that banks where you live, institutions that have, as one of their most important tasks (or at least pretend ;) to safeguard your money, do not rely on their own hardened security, but depend on a widely used, third party, outside their control application? And I'm not even referring to the implications of the privacy of your financials...

      1. Anonymous Coward
        Anonymous Coward

        Some banks also use Google analytics scripts on the account management pages after you log in.

        1. Baldrickk Silver badge

          None of mine do, even if they would want to. NoScript to the rescue.

      2. e^iπ+1=0
        Thumb Up

        that banks where you live

        HSBC?

    2. Kiwi Silver badge

      It's always bugged me at some deep level that I'm being forced to train Google's automated ML just to use things like banking websites

      Start making some noise then. Surely you have a banking code of practice where you are that makes passing your details on to any 3rd party a bad thing? Privacy laws etc?

      Make a bit of a fuss, name names etc, maybe ask around to see if there's a lawyer who'll do a class action on behalf of the bank's customers...

      This stuff can be changed.

  8. Tom 38 Silver badge

    Confused

    Isn't reCAPTCHA itself a system for training a ML system? So they've trained an ML system to beat another ML?

    1. Ordinary Donkey

      Re: Confused

      Nothing new. Most deepfakes use ML systems to make fakes that other ML systems can't detect as fakes. They reason that if the other ML system can't spot the difference then neither will a meat based classifier.

  9. NeilPost Bronze badge

    Good news. Hate Capcha - 2FA like Google/ Microsoft Authenticator or the inbound Logged i. With Apple is where we need to go.

    At work, our Capcha is called a Turing Image. Is this a legacy they missed out off the Imitation Game factionary film of his life.

  10. NeilPost Bronze badge

    92.4% Capcha success

    So @ 92.4 % success at Capcha it already outperforms me, and furthermore outperforms any old person by about 2 orders of magnitude !!

  11. MJI Silver badge

    I need this

    I hate these image based ones.

    Are those houses?

    Where are the taxis?

    WTF is a crosswalk?

    I think the record is 20 pages of the fuckers!

    And yes I have in the past given up if I did not need to get through.

  12. MJI Silver badge

    Any good firefox addons?

    Seen some but not yet downloaded

    1. Andy Non Silver badge

      Re: Any good firefox addons?

      With a bit of luck someone will develop a Firefox add-on that solves all CAPTCHAS and saves me from cussing and swearing at my inability to get past them as a human being. Bring on the robots!

  13. Cuddles Silver badge

    Nice bit of reecursion

    Recaptcha is used in large part to train machine learning algorithms in image recognition. Now it's been used enough that machine learning algorithms are able to pass the test used to train them. It does make one wonder exactly what they expected to happen. Take a system specifically designed to train computers to be able to pass a test, then use that test to identify computers that are unable to pass it...

    1. e^iπ+1=0
      Thumb Up

      Re: Nice bit of recursion

      Job done?

  14. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020