I feel a sense of dread whenever I see this box. Is it going to let me through, or am I going to spend the next few minutes futilely clicking signs and lights, only to give up and leave the site?
just preemtively say no and leave the site. this is just another tracking vector for google and it should be discouraged.
i'm generally against this type of gating, where the people doing the right thing get punished disproportionately (even small slices of time add up to wasting thousands of human-years over the population) just to combat the tiny number of bad actors. target the bad actors directly.
it's the same for tsa security theater. let's put all those humans to work training dogs of all sorts and filtering them through people at the airport. the money for those privacy invading scanners can be put toward training and housing the dogs. our collective time is not wasted on silliness and standing in line, and we'd probably save a lot of tax dollars that way.
Sadly, the parcel tracking functionality of the Royal Mail's site here in the UK uses it, so I have little choice but to go through this rigmarole a few times a week.
On the one hand, fuck Google for wanting another vector with which to track me, on the other hand, why can't it remember that I proved to it that I'm human (allegedly) two days ago?
I was being a bit pithy, but in that case, surely there's some sequence of smart fuzzily-heuristic analysis that can be played out to check that my humanised identification isn't acting like a bot?
> I have also trained myself to wait a few seconds before clicking the box, which seems to help assert my humanity.
I wonder how many different weird rituals are out there for 'beating' CAPTCHA?
For me, I usually make some effort to keep moving my mouse and being "active" after clicking the box, on the idea that an isolated click event looks less human. It's based on a friend's tip and it seems to help, but I have no confidence that it's actually relevant in such a complex system. I sort of suspect Google has created a new generation of meaningless routines fit to rival historical standouts like sports rituals.
Yeah, the extreme comments that we see whenever the topic of ReCaptcha comes up are especially amusing because HN uses it on its own register/login page.
Yeah it's ironic. It's more convenient to use the phone to get my balance, even if you count the time spent listening to the recorded message telling me how much better my life would be if I used Internet banking.
yes, the problem is prevalent and (small) forum operators bear the pain acutely. i'm not so dogmatic that i can't sympathize with your need for a working, if imperfect, solution, or as a user, needing to jump through the captcha hoops occasionally.
this is a subtle externality borne from scale combined with zero marginal cost. we need to find a way to make the bad actors bear the cost of that externality rather than the rest of us.
it's a hard problem that resists simple solutions like captchas, certificate signing, delivery fees, taxes, or even just outlawing the practice. as a lowly consumer, one of the few levers i have is curtailing my use of services employing (google) captchas.
I do this after being blackholed by goolgles captcha a dozen times. If your site reli3s on google you are the problem at this point. I am not a data point. I am a free man.
Counter anecdote: I was actually never rejected though I’ve been subjected to the picture test multiple times. Most of the time I just get through, though it is hard not to sigh and roll your eyes when presented with one.
Annoying as they are, I don’t really see a better alternative. They’re also pretty easily circumvented with cheap labour like mechanical turk and similar services.
As superficial as it seems, this kind of stuff drives me away from businesses. I almost changed my mind about opening a retirement account with Charles Schwab purely because they block access to their site from the VPN that I used at the time. That said, for services from which I gain a lot of benefit, the annoyance is worth it, so it ultimately doesn't matter.
Why? My time is valuable. If they want such detailed feedback (i.e. free business advice) from me, they can compensate me for it. I would get nothing in return for spending my time explaining why I'm not going to give them any more of my money.
Presumably they'll already make you waste time talking to a human when you close your account. Might as well mention the captcha to make public the distaste for recaptcha as we are now on this forum.
I hardly ever get to just check the box. I think uBlock Origin and Safari's intelligent cookie blocking removes a lot of identifying details, and ReCAPTCHA relies a lot on browsing history and cookies.
I use Firefox with containers (so ReCaptcha can’t see my Google cookies) and also uBlock Origin + a few more extensions. I don’t use NoScript or similar. I get the manual test for ReCaptcha pretty much 100% of the time.
Personally, I've reached the point where this is the first thing that I do. If a site is presenting a CAPTCHA (especially one run by Google) to me, then 90% of the time, that's a site I'm better off avoiding anyway.
That last 10% can be infuriating, though, and I certainly won't feel positively about it.
And if you have a vision issue like me and you try to use the audio version you will often get "Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help page" and be unable to continue.
I'm willing to bet if you record how long you spend clicking signs and lights on average, it's going to be more like several seconds than a few minutes. This must be hyperbole. There are the outlier cases where it gets fairly annoying but otherwise, I'm not sure I understand the hostility toward such a benign system that actually does thwart bots very effectively.
> I'm willing to bet if you record how long you spend clicking signs and lights on average, it's going to be more like several seconds than a few minutes.
How much, and at what odds?
The length of the average Google CATPCHA has been steadily going up for me. I haven't pulled out a stopwatch, but I do count how many image sets I go through. I basically never get through on the checkbox unless I've done one on another site shortly before. I sometimes succeed after one set, but if I don't it's consistently 3+. The worst case I've seen was 10 layers of slow-loading images without success, at which point I gave up and tried on another device. (If it had been a site I didn't need, I'd have given up after 5 - which I do fairly often, so I don't have an average count needed to succeed!)
I'm fully aware that average users don't have this much trouble, or people would be furious. But I also see that captcha ramps up to an extremely long process in the face of even modest privacy-protection efforts like not running Javascript or allowing third party trackers by default. (God forbid you're using a VPN for any reason.) It's not assessing your humanity but your familiarity, using the same fingerprinting tools as any site that wants to track you.
Spam is a real problem, and a hard one to solve, but I admit I'm hostile to Google's captcha. Partly because it really is a significant time sink for me. Partly because it lacks any progress indicator or fallback option so it's an indefinite hurdle to accessing sites I'm already committed to using. But largely because, despite what I really believe are good intentions, it's yet another force pushing people to give up privacy and even security if they want websites to work tolerably.
Effective or not, I wouldn't exactly call it benign when it's aggressively fingerprinting you based on every bit of data it can access.
I disable most scripts using uBlock, but I have to make an exception for reCaptcha if I want to interact with half the web. I'm pretty sure due to that alone Google is able to track where I go.
Someone is suing Apple for making 2FA too annoying, I only hope Google can be next for the significantly greater time being wasted on their stupid CAPTCHA. Why should any of us even care if someone accesses a website programmatically?
It's almost definitely not my problem, and it's not even necessarily a problem it's just a way to access pages, made easier by Google in fact because it's a perfectly legitimate way to navigate the internet and Google themselves depend on it. If anyone wants to discourage it just provide an official API to use instead of pages, which are a defacto API for humans.
Apple's 2FA cannot be disabled, beyond that if you ever had two devices connected to your account, good luck getting them to use your verified phone instead... I was trying to get rid of a "your apple account... please sign in" via the app store, and the advice was to sign out then back in again... my only other apple device was in another city...
Phone calls to GF, to get her to login, similar issue, it was now signed out, and after another attempt, one of them showed the 2FA window, which got me in. At no point was I able to use the phone number also associated with my account, and it was a huge, long, pain in the ass. It's actually a huge part of why I won't buy an iPhone.
