How does Google's reCAPTCHA distinguish humans from bots?

The certification system " reCAPTCHA " of the website that Google can proceed with development is a system for distinguishing humans from bots. Many systems that distinguish between humans and bots so far were distinguished by tasks such as reading distorted characters manually or selecting multiple images suitable for the conditions, but such tests are very annoying for the user thing. Therefore, Google develops reCAPTCHA which is clickable and does not require character input or image selection. Oliver Emberton , CEO of Silktide , a software company, explains how reCAPTCHA distinguishes humans from bots on what mechanism.

`Oliver Emberton's answer to Why can not bots check" I am not a robot "checkboxes? - Quora

Emberton replied, "Why is Google having a huge amount of data on human behavior patterns?" About why it is difficult for Bot to clear Google's reCAPTCHA. It is said that reCAPTCHA is judging whether reCAPTCHA is a human or a bot by checking many elements such as how to manipulate the computer, how often and how frequently the web service is used, and the like.

To analyze whether it is a human or a bot, at least Google reCAPTCHA v2 seems to check the following elements.

· Time zone and time of the computer you are using · IP address and approximate location · Screen size and resolution of the computer you are using · Web browser you are using · Plug-in you are using · Extended functions · Time taken to display the page · Number of times you clicked the mouse and the number of taps and scrolls

Also, Google is doing that it draws invisible text and images called "Fingerprint (fingerprint)" in the web browser and sends it to Google for confirmation. By analyzing the display speed of this Fingerprint and its result on Google's server, it seems that you get clues to distinguish humans from bots.

And it is the enormous amount of Google data accumulated so far that is used to analyze all of the data collected in this way. Many people on the Internet use services provided by Google such as search, mail, advertisement, map and so on. When you click on the checkbox, Google will check the history of the browser and also check if you are using Google's services on a personal level. Mr. Emberton says that it is very easy to analyze because the scale of human data that Google is acquiring is over billions of people because it is thought that such a thing is a human being or not? It is.

It is impossible for Google to know exactly how to check this information and it is almost certain that outsiders can not copy Google's reCAPTCHA system because they use machine learning on a private server And that. Although it seems impossible to clear CAPTCHA if it evolves so far, it is still in a state of trembling, such as research announced that program can capture reCAPTHCA . While Google develops reCAPTCHA with an approach to distinguishing humans from bots, Emberton insists that evolving AI technology is suitable for fooling reCAPTCHA.

by Duncan Rawlinson - - @ thelastminute

However, the mechanism that Mr. Emberton describes is only at the time of Google reCAPTCHA v2. Emberton says he does not have any clue as to how the latest Google reCAPTCHA v3 is working at the time of writing, and how it works.

in Software,   Security, Posted by log1i_yk