FUCK RECAPTCHA #286
Comments
rowan-m
added
the
service discussion
|
This repo is for the client code for developer that need to verify their response to the API. I understand that the challenges can be frustrating. You might want to consider contacting the sites where you're experiencing this to advise them to update to the v3 version of the service which presents a confidence score rather than blocking with a challenge. |
|
lol hilarious picture was removed |
We're missing ReCaptacha on here to stop angry abusive bots! |
|
While the tone distracts from the overall feedback, the submitter’s concerns are entirely valid. Captcha hurts user experience. ReCaptcha is somewhat broken, with the “fix” only increasing success rates (~85% → 90%). If the problem is to slow down attackers while not unduly harming legitimate user experience, this system, as currently implemented, fails utterly and completely. By comparison, “proof of work” systems such as this can be transparent to the user (“unlock” when focusing the first field) and completed by the time the form is filled out, if legitimately typing as a human do. Additionally, you can adjust the work difficulty based on request rates; clients trying to go too fast can be directly slowed down. (Plus replay / stale use prevention, avoidance of pre-calculation by use of challenges, …) |
I wish I was a bot so it would be justified. On my work laptop I simply skip all websites that require captcha because I know I will spend 10 minutes at least getting it. If I will ever be able to. That is a huge issue and sometimes I it just boils over and I get really angry and vent my frustration (like here). It is incredibly slow, annoyingly vague (lot of the times part of hydrant or traffic lights goes over tile and then what?) and even worse, sometimes if you don't solve it in time, the original website will time you out, issuing another captcha. How utterly ridiculous is that? |
|
The swearing is a bit much! But the sad truth is a university project created a bot that can trick Google ReCaptcha with a success rate of 91% accuracy for V2. You can see the full details here: https://github.com/ecthros/uncaptcha2 I am sure they can get a high success rate with the V3 as well. The things I hate about Google ReCaptcha:
|
|
Enerccio completely agree. |
Why are you not using reCAPTCHA v3 which does not use images? All these concerns and frustration are now gone as it runs invisibly in the background giving you control on the scoring and actions to take now. |
I am not using anything, I am being affected by other websites using this shit, |
u fking retax idt, anything who supports recaptcha is stupid |
no such thing as hilx or not |
|
I would like to reopen this issue as recaptcha is the fucking worst. I will now give up on logging into most websites because of how many series of buses or fire hydrants I need to recognise. I am not here to spend several minutes (no exaggeration, I just went through four series of grid recognition and ended up giving up) to train your AI. Steps to reproduce:
Now, I agree that ranting against open source software without doing anything is not productive, so in my spare time I have worked hard on a fix and I think I got it right. For some reason I cannot commit to a branch, so here are the full steps to reproduce the fix:
Thanks in advance. 👍 |
|
may I just download the code, completely erase it and push it to master and call it the V4 ? PLEASE ! |
|
@tsmith-starcard On one hand, double-posting an expletive-containing comment and cleaning up after yourself. On the other hand, twice as much e-mail dissatisfaction that can't be unsent. On the gripping hand, uncaptcha has been linked several times in this thread, and someone's even done you the favour of packaging it up as a browser extension to eliminate the problem for you, across the web, with the minimum amount of effort possible. But please do RTFM and see the warnings there. |
|
very nicely written article! |
|
I wish it did more than mention Proof-of-Work in a single sentence second paragraph from the end, which I see as the ultimate solution to this problem. Zero friction for real, naturally born humans, since they type at a slow and predictable rate, all the friction for automated agents, dynamically adjustable difficulty for abusive humans (and abusive agents). But otherwise, indeed, a nearly exhaustive summary! Well done! There's two additional non-technical "breaks" in ReCaptcha that are worthy of mention, though: social engineering (putting the captchas you want to automate solving as a gateway to something users don't mind a little friction to access, such as porn), or Amazon's Mechanical Turk by filing HITs to solve the captchas. (Between 5 and 15¢ for 1-1000 solutions.) Both approaches have been utilized in the past. (Notably, a porn site was caught automating Yahoo! Mail captchas this way.) |
|
Seriously Recaptcha is the most stupid verification "solution" existing, neither does it tell if minimally intersecting tiles do count, nor does it even work correctly. And the audio challenges are mostly impossible to understand as human. |
|
Just came here to say fuck captcha, as well. Whoever invented it should have never been born. Ive actually done some math. I spend on average 7 minutes of my life every day solving captchas. With 365 days in the year, thats 42 hours per year; 210 hours in the last 5 years (8.75 days) of my short life here on Earth that I will never get back. Fuck you . 😁 |
Such statements are hilariously self-defeating in their argumentum (reductio) ad absurdum. No corporation cares about the world, that's a silly basis for belief in their behavior. Corporations only have one actual duty: the fiduciary responsibility towards their investors. That's it, period, do not pass go, do not collect $200. And, unfortunately, once something exists and begins being widely adopted and used, it gains momentum. Just imagine all of the SLA contracts Alphabet/Google might be involved with which involve continued support of this system.
This is just terrible. In a web development chat room I moderate, we have a rule: you can go off on a tirade about a technology, or even a company (being a faceless non-human entity), but people aren't to be targeted. They're doing their job. You / we might not agree with it, but they still have a job to do. Don't make someone feel terrible for not getting fired, the developer themselves aren't responsible for how the resulting product is used. (Using figures I recall from US military estimates in the 90's, you're claiming that 8.75 days of your life is worth more than the ~1.9 million dollars of the entirety of someone else's life. Good. Lord. I'm hoping you just don't quite realize what you're saying.) |
Life > All. You only live once. Sorry I don't believe in an afterlife. The fact that they designed a product that's main purpose seems to be forcing people to waste their time, is nothing less than evil and cruel. |
Really not sure how you went from my use of military estimates of the sum total value of a human life (combining training costs + lifetime productivity) in relation to you claiming that a tiny fragment of your life is more valuable than the entire life of the developer(s) involved… to an afterlife… says more about you than me, I fear. My use of "Good. Lord." was purely as a generally understood mild expletive of disbelief. In French, there's an even more colourful go-to: tabernac! ;P Yes, Captcha/reCaptcha "sucks". There seems to be a general consensus on that. But there's absolutely no need to specifically target individual human beings with hatred. Ever. Especially, especially when there are automated solutions to eliminating the problem everywhere, for example, the AntiCaptcha browser plugin. (See also the unCaptcha/unCaptcha2 links that have been supplied multiple times throughout this discussion.) I haven't been forced to solve one in two years, excluding one on a Blogger site I tried to "play nice" with to test, and ended up needing to solve just shy of 30 distinct object matches. (Test: failed. Plugin: re-enabled. ;) |
|
It's completely useless against bots (there are 3rd-world click farms to solve it) and it's hostile to real users (why would Google want bots training their self-driving cars?). Additionally the data collected is most likely a huge GDPR violation for any sites that use it. Almost anyone is better off rolling their own captcha. |
Bad math, @amcgregor. 8.75 days... multiplied by the ENTIRETY of the human population is DEFINITELY worth more than "the ~1.9 million dollars of the entirety of someone else's life."
Also. Fuck recaptchas. Also, being a reddit moderator doesn't make you special. |
|
please see: |
|
the biggest issue is that google is too big of a company to lodge ANY customer feedback at all |
|
why are you so mad? Are you developer of this abomination, @sysdl132 ? |
|
Is there any other software system more hated than captcha/recaptcha? If there is then we could just dismiss the anger in this thread as teenage angst. If there isn't then isn't it more likely that this is a completely valid criticism? I understand the goal is to prevent spam. I also understand the benefits of training AI. However, even if captcha/recaptcha could kill two birds with one stone, is it worth pissing off the end user/s? Surely (hopefully?) there are better alternatives that the human mind can create. After all, if it can create something as abominable as captcha/recaptcha, it can create something equally wonderful. Apologies if I went on a rant there. I was just casually and randomly surfing the web (not even encountering a captcha/recaptcha), when I suddenly remembered my utter hatred for this software, googled "fuck recaptcha", then came about this github issue. I just really wanted to let off some steam. |
|
After months of silently ranting about recaptcha and increasingly avoiding websites using it, I finally found this issue. |
|
@Enerccio Can you see this->code of conduct |
maybe you should look into it under harassment (I am not sure it is there cause I refuse to read non technical documentation). |
|
@PNeigel Pull up a copy of HTTP: The Definitive Guide — by disabling a standard function of HTTP and browser interaction, you are literally shooting yourself in the foot. PEBKAC. Guess what robots do? Don't persist cookies, typically, so you intentionally made yourself look more like a machine. A cookie is used to implement site security policies ("known device"—known by presence of a cookie) and session authentication. Please understand what cookies actually are, and how they are dominantly actually used before disabling core parts of the web. Investigate better solutions than full disabling: only accept "first-party" cookies—sessions, not analytics tracking, for example. Also look into EverCookie. People don't need cookies to track you; there's about 30 different techniques, some incredibly non-obvious. (Like the colors present in an image cached by your browser… or the Excessive paranoia will ruin your experience of the internet.
Then you look like a robot. Get used to it? 🤔 But also scroll up. Solutions are available to automate ReCaptcha out of your life; I haven't seen one in years. |
|
All of this is nice but I do not have cookies disabled yet I trigger captcha more than I want. And after one failure it will be slow as molasses which is infuriating. Reason? I do not use google chrome, instead I use firefox. Blame me, eh? Or I should outsource my captcha to china, is that the solution? How about google fixing captcha instead? |
|
@Enerccio Your browser of choice is irrelevant. You failed to look up and see the solutions linked. If you're not going to expend effort to solve your problem, neither will I. Involving "China" in your argument is unfortunately telling about the level of your paranoia, its effectiveness, and its (and your) likely origin or influence.
Nor will I expend any further effort to understand the words being thrown together. Good luck. Honestly; sounds like you've got a buggy machine beyond potential self-imposed additional problems. If you feel I'm blaming you, then I'm blaming you. It's all your fault for being a bad user. (Not really! But yikes, man. Don't take this stuff so personally! Software doesn't have intent, nor intent do do you, specifically, harm.) Huh; that might be part of the issue in terms of the vociferously negative reactions, often expletive-laden. People think they're being targeted individually, when they're absolutely not. You are just a number. Captcha and other solutions are there to try to help identify that you're a human being who waited in line with a number, and not a machine jumping the line with a fake one. Of course, the automated solutions you aren't bothering to look into to simplify your life as a real solution vs. tampering with (or pointing in the direction of) cookie behavior, mean ReCaptcha simply fails at its one actual job. But not against you. A human being failing to use the wetware that distinguishes them from a machine to distinguish themselves from a machine by using it. (Using that automation and never encountering a Captcha again.)
More like: humans can ambulate upon two extremities, robots have extreme difficulty with coordinated walking motion. Please walk. ✅ The current physical state of your legs don't matter if you can prove you can walk. These image recognition challenges are virtually identical: computers have extreme difficulty with abstract pattern recognition, something your entire neocortex (the major contributor towards you being human) was wired to do. And it's not like the machine knows the answer beforehand; it's asking you (and thousands of others on the same image) and comparing the results between humans. ("Oh, 6000 people picked tile A3 and C2? Those are probably the cars we were asking for…") |
|
@amcgregor so your solution is to pay someone to solve captcha for me? Is that really your solution to the problem, really?
Ye, I am being targeted. Specifically, my configuration is. Something google does not like (it started when I set it up to max privacy once and then it followed me like wet slime). I do not want a new profile since that would erase all my data. I also copied the profile into completely new machine and new environment. Guess what, captcha problems disappeared, I was getting green ticks! For about a week, then went back to bullshit. I would not mind it much if the failure rate of me being human wasn't that high because how dumb captcha is designed, see next paragraph:
Except humans know shit. Look at the captcha right now. You have images that have part of the image in two tiles. Did humans as concesus decided that both tiles apply or either? There are three options therefore I would assume 33% consensus. So 2/3 failure rate with either choice. This is why captcha is BAD. Letter based one before with two challenges was much better. Also delay after one single failure is unacceptable. It's like having 30s timeout after single bad password input or like retarded banks have, three failures and you have to unlock your account via phone. That is complete bullshit and you know it. Also there are some really deranged website out there that tie login with captcha AND time it. So unless you solve captcha fast (ie first try) then it will "time out" and you can log in again (which will also reset captcha so you have to do it again). For instance webirc for freenode. This is why I stopped using it. |
|
Also, @amcgregor
You do realize you quoted two different people, right? In my case I have no cookies disabled yet I get hit by the captcha. |
|
I have created a PR which should solve current issues mentioned in this thread, reducing ReCAPTCHA challenges to less than 1% of interactions. Please post any thoughts/improvements and leave a thumbs up if you support the changes in PR #400. |
|
It's mildly amusing to me how such low-effort |
|
@amcgregor well guess what, people are frustrated. And only solution google and their employees have is "just buy anticaptcha services and send your history to some random company". |
|
@Enerccio Your failure to read the comments in this thread containing actual documented, working solutions, is itself well documented by this thread. 🤔 Also the quip about two different people was oddly amusing: two people, same issue, same response. You do realize the two of you were saying the same things, right? (Commenting about cookies, and intentionally disabling them, which is a self-inflicted foot shot that only makes you look more like a machine. Great job!) Paranoia and conspiracy when there's a simple (free, as if that were actually a concern) solution you are choosing not to use becomes quite boggling to the mind after a while. Noticing a trend this week; more effort willing to be expended complaining, than actually solving the problem for oneself. I do not grok. |
|
@amcgregor If I am so dumb can you pinpoint your solutions then? Please, for the dumb me, what can I do? I quipped about two people because you addressed to me that I have disabled cookies and this is why recaptcha is not working. But I have cookies enabled so how was that addressed to me? I have no privacy options enabled, I did for like a week years ago and since then recaptcha is fucking with me and I can't stop it even if I do no longer have any privacy options. |
The fact that you have to justify yourself to the software for taking measures to protect your privacy is already a valid point of criticism. The fact that Google uses captchas to make large parts of the Internet unusable for users who do not want to reveal their surfing behavior to Google is disturbing. |
|
@amcgregor you sound like you would be fun to hang out with. This thread clearly demonstrates that a large number of people hate ReCAPTCHA, and the anti-spam service it allegedly provides is actually harming user experience. I am using the latest vanilla Firefox version, no adblockers, VPNs or similar extensions installed, yet I see ReCAPTCHA several times a day when trying to use Google. By the time this 'service' is flagging a large number of false positives, it is time to either improve it or get rid of it. The other problem is the clear conflict of interest between the advertised functionality of ReCAPTCHA, and the motives of Google - it pays Google to make a less efficient captcha service, as that just means more human computational power for training their machine vision models or similar. I could have just posted a comment like "Hey @rowan-m, please pass my message on to the ReCAPTCHA team: 'Go fuck yourselves'", though there are multiple previous examples of this in the thread, so instead I thought I would inject a bit of humour with a PR that was clearly a bit of a joke. Unfortunately you appear to have a sense of humour comparable to that of a doorstop, and are only interested in making excuses for this pile of crap software and parroting off non-solutions to anyone that dare criticise. |
|
Also, an extra 'fuck you' to the person that added those fade in/fade out images. They don't work most of the time, the implementation is buggy and doesn't show up half the time, it's infuriating as hell, and a case study in everything that you could possibly do wrong in a piece of software. |
And also highlights that none of them recognize that this fact does not matter, blinded by their selfish hatred.
This point seems to be widely agreed upon.
Which was neither funny nor original. "Juvenile" would be the term I'd use, and a rather abhorrent waste of the time and effort of Google engineers to clean up after. I almost used a winking emoji here, but no, it's actually not funny at all. It's abusive. Additionally, the code of conduct has been linked several times.
I'm interested in productive open collaboration and a generally positive support environment. Part of why I initially commented with a moderate standpoint (the OP isn't wrong) and advocated for the thread to not be deleted outright after it initially disappeared. I do regret not advocating harder for it to be locked, however. Essentially all that's left to be said, by anyone, is "me too" to various points already given, to discover solutions linked herein, or provide further unhinged rants or disruptive behavior such as frivolous pull requests and demonstrations of an inability to use browser search functionality.
Your words, not mine. ⌃F, F3, or ⌘F, start typing See also my follow up on Jul 3, 2019, where I link to a browser extension, specifically, that's done the work for you, but you can search for the underlying tool on whatever browser extension site you desire. Witness the at least five independent mentions of the solution, counted right there, in the search input. |
From the links github repo and I quote `Download audio challenge'. So this will only work with audio captcha which as unfortunate aspect that sometimes it will claim that I |
|
I love this issue as much as a fucking hate that software ! Here is an extra fuck you to all the team developing this shit for the 25 MINUTES I wasted trying (because I gave up) to enter my rockstar account ! |
|
If i am forced to use this, is there a way to tell their dev team to go fuck themselves? I have never seen anything as bad as this, and it it is getting worse. |
|
@amcgregor are you disabled? why you are disliking every post? ohhh i found because you think captcha is the best LMAO |
|
For me, trying to integrate Recaptcha into a website or form is the most frustrating and rage inducing process. I'm looking at Recaptcha alternatives, I have a good feeling that they'll work. 3 years ago it was much easier. Now, its like Sisyphus being crushed by the rock |
|
This is some of the worst software ever created, only second to Lotus Notes. The fix for this issue should be a PR that erases the repo! |
|
i mean cloudflare's hcaptcha is literally clone of recaptcha but better, it doesnt say there was an error or you did incorrectly blah blah even if you do it right |
|
Fuck ReCaptcha, and fuck the people who wrote it, and the bigger fools who promote it. |
|
@rowan-m reCAPTCHA infuriates me on a daily basis. It is truly an abomination. It makes me despise Google and everything related to the company. It has ruined the modern web. I look forward to the day reCAPTCHA is erased from the annals of history. |
|
"Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help page" This is a huge load of donkey shit. |
and others
This is honestly the WORST fucking thing imaginable. According to it I am robot most of the fucking time. Not only it uses terrible images (how the fuck do I determine what is a storefront when I see kanji crap etc) it fails almost all the time, it won't detect corner cases like (like does fucking pedestrian traffic light apply? Do you select tile if just part of fucking thing is in the view?). It's absolutely fucking retarded. I would rather have fucking bots posting spam everywhere but this shit. Delete this google and start again.
The text was updated successfully, but these errors were encountered: