Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google ReCAPTCHA and it's ability to predict if someone is human #39

Open
Mattcessability opened this issue Jul 10, 2018 · 1 comment
Open

Google ReCAPTCHA and it's ability to predict if someone is human #39

Mattcessability opened this issue Jul 10, 2018 · 1 comment

Comments

@Mattcessability
Copy link

Mattcessability commented Jul 10, 2018
edited
Loading

Hi Scott, Janina and Michael,

Thanks for putting this together, I've been hearing about this research from Dr.Scott and it's great to finally have it in writing.

Google's ReCAPTCHA (Anecdotally seen as the "Best" option for CAPTCHA) was touched on in this draft, and one note was that there was no definite research if it is the best CAPTCHA. I would like to see more research to determine if it actually is the best option in every scenario, but I do have some additional concerns about ReCAPTCHA that wasn't mentioned.

Google's ReCAPTCHA of course has characteristics similar to other inaccessible CAPTCHA's which can make it inaccessible, but Google's ReCAPTCHA has some additional concerns:

  1. How can it tell from an assistive technology user and a robot?

Some users may use a keyboard to navigate the website and therefore will not rely on mouse movement, I have a theory that this could make Google ReCAPTCHA flag assistive technology users as a robot, assuming that robots navigate in a similar manner to a keyboard-only user. Has there been any research as to how robots actually interact with a website, and whether or not this is could be confused with someone with a disability?

This would be particularly bad as it would mean assistive technologies users are more likely to receive the inaccessible CAPTCHA rather than the nice and easy checkbox.

  1. Privacy

The draft says that Google ReCAPTCHA will look through heuristics to figure out if someone is a human or not (such as browser history). Doesn't this present a privacy issue which could be added as another reason why Google's ReCAPTCHA has some concerns? Privacy is mentioned when discussing Public-key infrastructure solutions but how Google ReCAPTCHA does things is just as concerning.

Cheers,
Matthew Putland
@LJWatson
Copy link

@Logarek wrote:

The draft says that Google ReCAPTCHA will look through heuristics to figure out if someone is a human or not (such as browser history). Doesn't this present a privacy issue which could be added as another reason why Google's ReCAPTCHA has some concerns? Privacy is mentioned when discussing Public-key infrastructure solutions but how Google ReCAPTCHA does things is just as concerning.>

This is a really good point, and one that deserves more investigation. There are several things happening at the moment, that will make disability fingerprinting a common thing on the web (it's already possible in native apps on mobile devices). This is a huge concern.

@ruoxiran ruoxiran transferred this issue from w3c/apa Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LJWatson @Mattcessability