Most of us internet users are obviously familiar with CAPTCHAs: a challenge or test that is designed to filter out bots (automated programs) and only allow legitimate human users in.

Related: How bots fuel ‘business logic’ hacking

The basic principle behind CAPTCHA is fairly simple: the test must be as difficult as possible (if not impossible) to solve by these bots, but at the same time it must be easy enough for human users not to hurt user experience.

This principle is precisely where all sorts of troubles surrounding CAPTCHAs come in. Today’s bots are really advanced, and advanced AIs are now pretty reliable in solving CAPTCHAs. So, we have to make the CAPTCHAs more difficult, but at the same time we all know how CAPTCHA challenges can be really annoying, and we’ll simply bounce from a site featuring even more difficult CAPTCHA.

This is why Google invented the invisible reCAPTCHA and other newer versions of reCAPTCHA.

reCAPTCHA

What actually is reCAPTCHA? Simply put, there are many different companies offering CAPTCHA solutions at the moment, and reCAPTCHA is Google’s brand of CAPTCHA solution.

Yulini

If you’ve been on the internet long enough, you might have remembered the first iteration of reCAPTCHA (now called reCAPTCHA v1) where we are shown a pair of words, one of them is scratched, distorted, or made obscure in different ways so it can only be identified by a human user.

This distortion method to fool the bot’s OCR (Optical Character Recognition) was actually a big innovation back then, which convinced Google to purchase the reCAPTCHA company back in 2009, and reCAPTCHA v1 continues to be reliable and popular throughout the 2010s.

That is, however, no longer the case. reCAPTCHA v1 was officially shut down in 2018 and was replaced by the newer invisible reCAPTCHA.

Invisible reCAPTCHA

The invisible reCAPTCHA is actually just one of several different versions of reCAPTCHA v2.

Most likely you’ve stumbled upon the “I’m not a robot” reCAPTCHA checkbox, which is actually a type of reCAPTCHA v2. Google often calls this version the no CAPTCHA-reCAPTCHA.

As a user, we only need to click on the checkbox, but it is actually a pretty advanced technology. To put it simply, Google analyzes the client’s behavior before, during, and after clicking the checkbox to determine whether the client is a human user. Google uses various advanced technologies, including analyzing your browser history (if you are using Chrome), mouse movement, typing patterns, and so on.

If Google is still unsure whether you are a human or a bot, only then you will be presented with the “select all images with xxxx”

About the essayist: Emma Yulini is a professional blogger who has written more than 500 articles on a variety of tech topics.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-a-breakdown-of-googles-revisions-to-streamline-its-recaptcha-bot-filter/