According to Google, you’re not human if you aren’t being tracked by Google.

“…one of the ways that Google determines whether you’re a malicious user or not is whether you already have a Google cookie installed on your browser.”

@aral But what would prevent "malicious users" from adding the same cookie? 🤔

@yyp @aral Yeah, this sounds really dumb. Are humans actually even better at captchas than bots? I find myself thinking "well, that *is* a crosswalk, but algo probably thinks "no" on some of those ....
(Would be very interested to see studies on that!)
I also doubt it would be very hard to just record a few "Real Actual Hoomans" navigating a site and just "replay" variations on that via Selenium or whatever browser-automation framework is cool now (for e.g. the "farmers" as they put it)

@meejah @yyp it's a different story, but yes, machines are good at solving Captchas nowadays. Replaying is hard, because it is always different, but even if you did not use a machine, there are also a lot of underpaid clickworkers who justz solve captchas for you… so… 🤷

@rugk @yyp Yeah, weird how "monetary incentive" so often seems to mess things up ...

@yyp @aral Okay I read more of the article .. the *goal* isn't even "detect bots" it is "detect weird behavior". So if you act "oddly" / outside the one standard-deviation or whatever then you're considered "bad". Let alone the privacy impacts, this is a stupid goal.

@thufie This is true but we are not Google’s customers, we are the livestock being farmed :)

@aral So basically every site using them can just go and fsck themselves for me. I started browsing in private windows nearly two years ago now, i only watch YT through invidious instances and most G-domains are blocked by my privoxy already (not all, as my wife is one of those ppl thinking that Google is the entrance to the internet 🙄 and she's resistant to arguments, "nothing to hide" and such).

@aral I still wonder why I so often fail in the "are you not a robot" test ... either I am too bad as human ... or something else is wrong here.

@aral to be fair, I recently had to work with one site that shown captcha every few actions (not fault of Google here). Having logged in my Google account actively used for years, every time it worked with one click.

Out of interest I then tried using my other user in Chrome, not logged in to Google, and actually after a few captcha requests they started to ask for challenges and after about 15 requests these got harder…

I think account age and use is a very good metric for nice experience.

@sasha_sorokin Indeed. What could possibly be a problem with requiring anyone who wants a seamless experience on the web to have a Google account. I say seamless experience… that’s today. Tomorrow, you’ll need it to book a medical appointment. But we can trust Google, so why worry. A human is what a corporation says it is. This is fine.

@tam @aral you would just tryna solve the captcha while using free proxy or tor exit.

then you really begin to doubt whether you are a robot

after dozens of failed attempts.

@aral they not only know you're human but also *which* human

@aral recaptcha v3 also reads as very non compliant w gdpr.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!