Google’s reCAPTCHA Lead To 819 Million Hours Of Wasted Human Time – And Billions In Profit

People are increasingly exposing Google’s reCAPTCHA, once thought to be a necessary security tool, as ineffective against bots and a massive privacy invasion tool.

Tests known as captchas compel users to recognize jumbled text, to work out what kind of situation a certain kind of picture illustrates, or to indicate which image (of many) fits a certain description. These tests have long been known to be a nuisance. But it now appears that they are not just a nuisance but also an investigation of sorts, with the results going into a database. And what’s worse, they are justified under the guise of security.

The YouTuber Chuppl recently disclosed that reCAPTCHA v2 and v3, Google’s popular bot-detection tests, are not very effective at stopping bots. “If you have any Google product, you can probably use the same data to train a neural net,” Chuppl says in his March 2023 video. “So what are we doing? We’re funding Google. We’re giving them a huge amount of money for what? For stopping bots? They’re not stopping any bots. They’re just tracking users.”

Investigations have established that AI-driven bots effortlessly outshine people when it comes to acing these tests. Studies carried out at the University of California, Irvine (2023) showed that bots can slip by even reCAPTCHA v3’s seemingly simple checkbox with almost 100% accuracy. The notion that this test assesses for human-like mouse movement has been thoroughly demolished—Chuppl created a bot that passed it on the very first attempt. Other researchers verified that reCAPTCHA primarily gulps down user agent data and other tracking bits, allowing it to focus on data harvesting rather than security.

Users who try to safeguard their privacy—by using VPNs, for example, or by blocking trackers—often find themselves facing the opposite problem: They can’t get past tests like Google’s reCAPTCHA. This directly contradicts the narrative that these tests are good for user security. Moreover, we know that Google is using reCAPTCHA (and, by extension, us) to train its AI. A lawsuit revealed that it was using the outputs from reCAPTCHA in just this way, effectively amounting to $6.1 billion in unpaid labor. Is it time to retire for good? Google’s so-called security test, reCAPTCHA, when federal courts, like Austria’s, are banning it under the GDPR?