Submitted by Internet web infrastructure company Cloudflare announced plans to drop support for Google’s reCAPTCHA service and move to a new bot detection provider named hCaptcha.
Cloudflare co-founder and CEO Matthew Prince said the move was motivated by Google’s future plans to charge for the use of the reCAPTCHA service, which would have “added millions of dollars in annual costs” for his company, costs that Cloudflare would have undoubtedly had to unload on its customers.
Makes sense, and any less dependence on Google – especially when it comes to services like this, which people barely notice but do play a role in data collection.
On the one hand, I’m surprised google would want to charge cloudflare. Recaptcha is a clever way for google to track users without an option to opt out (ie google adscense and google analytics can be blocked with javascript blockers, but blocking google recaptcha results in a denial of service). Sites using recaptcha provide great user tracking value to google.
However when you think about the way cloudflare was using the recaptcha service, google wasn’t able to track user behavior normally because at cloudflare only anomalous activity and heavily biased subset (aka tor users) would even reach the recaptcha prompts. I don’t think the volume was the main issue so much as the lack of quality: google was missing out on “normal activity”, rendering cloudflare hits mostly useless to them.
All and all I’m glad they’re switching away from recaptcha, it hasn’t been good for web privacy or accessibility, and thankfully I see more sites ditching it.
Not exactly true. CAPTTCHAs themselves have not been good for accessibility. The one advantage we had was ReCapttcha’s standardized inclusion of an audio CAPTTCHA for those of us who needed it (I’m one of those by the way). What’s likely to happen is actually a further drop in accessibility as people start implementing their own, visual-only versions again, since no one wants to do the sensible thing and just discontinue CAPTTCHA tests in their current form. This could inadvertantly set web accessibility back several years should other companies follow Cloudflare’s lead.
darknexus,
I understand your opinion, however as someone who was frequently blocked by recaptcha I will shed no tears for it. The trouble with all captchas including recaptcha is that as computers get better, the tests are no longer effective. Consequently captchas got much harder for humans, and even resulted in humans failing the captcha tests. Google adapted to this by putting less weight in the “captcha” and more weight in the heuristics & profiling. As I mentioned to RobG earlier, for some people this works out fine, but others get really screwed by it.
As a human, I was very close to the point where I felt I would have to pay a captcha solving service (yes the very same ones that are used by spammers to solve captchas) to solve these f***ing re/captchas and stop wasting my human time. I won’t link any here since I kind of have mixed feelings about what they do, but they’re actually quite affordable. Fortunately (for me) many of the sites I go to dumped recaptcha before it came to that.
Going forward I think everyone here needs to realize that captchas cannot work in the long term. But maybe that shouldn’t matter because arguably what matters more than whether the connection is coming from a human vs robot is whether the actions of the entity are inline with the community. For example, spam is bad regardless of whether it was from a human or robot and that ought to be what defensive AI can be trained to pick up on. If you have a bot that’s interacting helpfully within the guidelines of the community, then who cares that it’s a bot? Obviously bad guys are developing bots to do bad things, but it’s not the bots that are fundamentally bad so much as the behaviors they’re programed to do. Maybe it’s time we start using AI to detect and stop bad behavior without regards to who/what did them? Just some food for thought, maybe it can lead to an interesting conversation… any bots here want to weigh in 🙂
darknexus,
I’ve given it some more thought. I still don’t think any captchas have a long term success rate, but to the extent that we’re forced to use them, maybe an idea that you would approve of is to actually give the user the choice of which captcha to solve? A “meta-captcha” service could provide this and would minimize captcha specific discrimination. Obviously the meta-captcha is only going to be as effective as its weakest link, the expectation would be that they actually work (which isn’t a given), But assuming it did work I think it would address both of our concerns simultaneously. No more discriminatory google algorithms for me, while you can continue to use them as you prefer! What do you think?
I’m really glad to hear this. Too many Google services, like Recaptcha, only work well in Chrome. In Firefox, any site that uses Recaptcha has to be opened in Chrome to “prove I’m not a Robot”.
RobG,
You’re right. That’s one of the things that not everyone realizes about recaptcha, they think “I use many sites with recaptcha and I rarely have any issue. Sometimes I check the box and it doesn’t even ask me to solve a captcha, I go strait through.“. However not everyone gets the same experience since the heuristics used by google are discriminatory. If you are not on a google device, don’t log into a google account, are not running a google browser, block google ads/tracking, etc, google treats you as a second class citizen insofar as recaptcha is concerned. Some days recaptcha is so bad to the point where I’ve had to give up on completing online transactions.
I’m thankful that osnews turnned off recaptcha after transitioning to wordpress, if they hadn’t I probably would have left out of frustration. I’m not willing to unblock google’s trackers even though I know it makes recaptcha less aggressive.