Google promotes its reCAPTCHA service as a security tool for websites, but researchers from the University of California, Irvine, claim it’s being used to harvest information and extract billions of dollars worth of human labor.
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It presents puzzles that only humans, not computers, can solve to combat online fraud and automated abuse. These puzzles, which may involve text, images, audio, or behavioral challenges, are ubiquitous online.
Google acquired reCAPTCHA in 2009 and has since updated the service, with reCAPTCHA v2 arriving in 2014 and reCAPTCHA v3 in 2018. Despite v3 being the latest version, v2 is still used by nearly three million websites.
The utility of reCAPTCHA has diminished as AI models now solve CAPTCHA questions nearly as well as humans. Researchers argue that reCAPTCHA should be abandoned due to its diminishing effectiveness, high cost in terms of time and datacenter resources, and vulnerability to bots.
Andrew Searles, lead author of the study “Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHA v2,” asserts that reCAPTCHA’s true purpose is to harvest user information and labor from websites. He claims that the service, which is disliked by users and vulnerable to bots, provides a false sense of security while imposing significant costs in terms of human time and privacy.
The study found that even back in 2016, researchers could defeat reCAPTCHA v2 image challenges 70% of the time, and the checkbox challenge could be defeated 100% of the time. reCAPTCHA v3 has also been compromised, with a 2019 study showing a 97% success rate in breaking its behavior-based challenges.
The study conducted over 13 months in 2022 and 2023 analyzed 9,141 reCAPTCHA v2 sessions and surveyed 108 individuals. Participants found the image version particularly annoying, and the study estimated that 819 million hours of human time have been spent on reCAPTCHA, worth at least $6.1 billion in wages.
Additionally, the traffic from reCAPTCHA consumed 134 petabytes of bandwidth and potentially generated $888 billion in profit for Google from cookies and $8.75–32.3 billion from the sale of labeled data sets.
Google’s reCaptcha has stolen $6.1 billion dollars in labor from the users of the web. It’s invasive, energy intensive, and a major tracker for advertising. We should all stop using it https://t.co/MD5JC1TBcj
— Aram Zucker-Scharff | @(email protected) (@Chronotope) July 23, 2024
Searles argues that the cost of solving these challenges should be borne by Google, not website users. He suggests that the real purpose of reCAPTCHA v2 is to gather free image-labeling labor and tracking data for advertising and profit, masquerading as a security service.
As the debate continues, it becomes evident that the true value and purpose of CAPTCHA systems are under scrutiny.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He’s also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.