Google’s CAPTCHA-ring all your data

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
If you’ve ever gone on the internet you’ve probably encountered CAPTCHA — an intelligence system that uses tests like identifying pictures to prove users aren’t robots. You may have also noticed the CAPTCHA system has evolved; now, users only need to check a box labeled “I’m not a robot,” all thanks to Google.

But have you ever wondered how Google can distinguish bot from human with one simple click? It’s easy — Google already knows you’re human before you even click anything.

Google’s simplified CAPTCHA — ironically called “No CAPTCHA reCAPTCHA” — uses Botguard technology and employs encryption to conceal its activity. Here’s how it works: Botguard determines whether a user has a Google cookie on the machine. It then proceeds to drop its own Google cookie into your browser and extracts personally identifiable information like screen resolution, date, language, browser plug-ins, Javascript objects, IP address, CSS information and mouse movement patterns. Java itself, embedded in almost all web pages, can track a user’s keystrokes and the position of their cursor without making any kind of visual display; all of this information is being pulled in the background unknown to users.

So what is Google doing with all of this personal information? Why are they asking you to click on anything when their tech already knows you’re a human and not a robot? Google is most likely doing exactly what it’s done with its reCAPTCHA system in the past: finding a way to profit massively and discreetly.

When Google bought CAPTCHA in 2009, we thought that in answering the security questions we were proving we weren’t a robot — in reality, we did far more than that. The blotched words and numbers we typed helped Google’s AI system transcribe a variety of documents, from books to addresses. In doing so, Google made millions off its users under false pretenses, and it’s geared to do it again.

Researchers at Stanford reported in March 2018 how digital tracks left by a computer mouse may reveal involuntary tremors or shakes, most commonly attributed to Parkinson’s disease. Eric Horvitz, one of the researchers, believes this information, along with other user web search data, could help diagnose Parkinson’s in people before they’re even aware of it. Or, Google could indirectly raise premiums by alerting that individual’s insurance company.

In reference to the newly advanced and simplified CAPTCHA system, Vinay Shet, product manager for Google’s CAPTCHA team, revealed that human users can be discerned by using subtly ingenious clues, like a user’s mouse movements in the brief moments before flagging themselves as human. With the new ability of AI to detect Parkinson’s via mouse movements, it’s within Google’s interest and capacity to move toward a disease-detecting CAPTCHA. Much like it has done in the past, Google will try and sell that information to the highest bidder: your insurance company or maybe even your employer.

Insurance companies would undoubtedly pay top dollar to predict their clients’ future health risks, proceeding to either raise premiums or drop clients entirely, and they would never have to disclose why. Our searches, mouse patterns, IP addresses are all inextricably linked with us in a personal, distinguishable way. Google already knows who you are, but now it can know details and characteristics about you which you may never know yourself.

Google may know you have a life-changing disease before you do, and it will make money off your medical data while keeping you in the dark.

When Google was planning to go public in 2004, its code of conduct included the words “don’t be evil” — they have since been removed from Google’s corporate philosophy. By its own silent admission, it’s not a question of whether Google will use this technology against us, or even when. It’s a question of how.


A very intriguing read
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
How does this explain the countless fire hydrants/buses/stairs/traffic lights/crosswalks/vehicles/traffic lights/bicycles/chimneys/motorcycles/tractors I have to identify before I see "success".
 
  • Like
Reactions: Venustus
4

436880927

How does this explain the countless fire hydrants/buses/stairs/traffic lights/crosswalks/vehicles/traffic lights/bicycles/chimneys/motorcycles/tractors I have to identify before I see "success".
If you're wondering about how you'd be helping their own AIs determine between different objects in a picture since you have to identify them yourself and it would need to know the answer to tell you that you've gotten it right, the truth is that the captcha system doesn't have one definitive answer that must be met.

I believe that the captcha system is aware of which pieces are definitely not part of the answer, but has difficulty determining which parts are only definitely part of the answer... and so by answering the questions, hopefully correctly, it would theoretically become stronger at knowing which ones are definitely part of the answer, as opposed to "almost" near the correct pieces.

As the AI gets stronger, people answering them "almost correctly" and not "completely correctly" according to old collected data can be used to tie people to potentially having eyesight difficulty as well. So not just the medical condition example in the original post. There's a lot of potential for tying people to different circumstances based on weeks, months or years of captcha code collection. The longer-term profile for a specific person (even if it is only a few captcha's every few months) is also very valuable.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top