- Dec 30, 2012
- 4,809
If you’ve ever gone on the internet you’ve probably encountered CAPTCHA — an intelligence system that uses tests like identifying pictures to prove users aren’t robots. You may have also noticed the CAPTCHA system has evolved; now, users only need to check a box labeled “I’m not a robot,” all thanks to Google.
But have you ever wondered how Google can distinguish bot from human with one simple click? It’s easy — Google already knows you’re human before you even click anything.
Google’s simplified CAPTCHA — ironically called “No CAPTCHA reCAPTCHA” — uses Botguard technology and employs encryption to conceal its activity. Here’s how it works: Botguard determines whether a user has a Google cookie on the machine. It then proceeds to drop its own Google cookie into your browser and extracts personally identifiable information like screen resolution, date, language, browser plug-ins, Javascript objects, IP address, CSS information and mouse movement patterns. Java itself, embedded in almost all web pages, can track a user’s keystrokes and the position of their cursor without making any kind of visual display; all of this information is being pulled in the background unknown to users.
So what is Google doing with all of this personal information? Why are they asking you to click on anything when their tech already knows you’re a human and not a robot? Google is most likely doing exactly what it’s done with its reCAPTCHA system in the past: finding a way to profit massively and discreetly.
When Google bought CAPTCHA in 2009, we thought that in answering the security questions we were proving we weren’t a robot — in reality, we did far more than that. The blotched words and numbers we typed helped Google’s AI system transcribe a variety of documents, from books to addresses. In doing so, Google made millions off its users under false pretenses, and it’s geared to do it again.
Researchers at Stanford reported in March 2018 how digital tracks left by a computer mouse may reveal involuntary tremors or shakes, most commonly attributed to Parkinson’s disease. Eric Horvitz, one of the researchers, believes this information, along with other user web search data, could help diagnose Parkinson’s in people before they’re even aware of it. Or, Google could indirectly raise premiums by alerting that individual’s insurance company.
In reference to the newly advanced and simplified CAPTCHA system, Vinay Shet, product manager for Google’s CAPTCHA team, revealed that human users can be discerned by using subtly ingenious clues, like a user’s mouse movements in the brief moments before flagging themselves as human. With the new ability of AI to detect Parkinson’s via mouse movements, it’s within Google’s interest and capacity to move toward a disease-detecting CAPTCHA. Much like it has done in the past, Google will try and sell that information to the highest bidder: your insurance company or maybe even your employer.
Insurance companies would undoubtedly pay top dollar to predict their clients’ future health risks, proceeding to either raise premiums or drop clients entirely, and they would never have to disclose why. Our searches, mouse patterns, IP addresses are all inextricably linked with us in a personal, distinguishable way. Google already knows who you are, but now it can know details and characteristics about you which you may never know yourself.
Google may know you have a life-changing disease before you do, and it will make money off your medical data while keeping you in the dark.
When Google was planning to go public in 2004, its code of conduct included the words “don’t be evil” — they have since been removed from Google’s corporate philosophy. By its own silent admission, it’s not a question of whether Google will use this technology against us, or even when. It’s a question of how.
A very intriguing read
But have you ever wondered how Google can distinguish bot from human with one simple click? It’s easy — Google already knows you’re human before you even click anything.
Google’s simplified CAPTCHA — ironically called “No CAPTCHA reCAPTCHA” — uses Botguard technology and employs encryption to conceal its activity. Here’s how it works: Botguard determines whether a user has a Google cookie on the machine. It then proceeds to drop its own Google cookie into your browser and extracts personally identifiable information like screen resolution, date, language, browser plug-ins, Javascript objects, IP address, CSS information and mouse movement patterns. Java itself, embedded in almost all web pages, can track a user’s keystrokes and the position of their cursor without making any kind of visual display; all of this information is being pulled in the background unknown to users.
So what is Google doing with all of this personal information? Why are they asking you to click on anything when their tech already knows you’re a human and not a robot? Google is most likely doing exactly what it’s done with its reCAPTCHA system in the past: finding a way to profit massively and discreetly.
When Google bought CAPTCHA in 2009, we thought that in answering the security questions we were proving we weren’t a robot — in reality, we did far more than that. The blotched words and numbers we typed helped Google’s AI system transcribe a variety of documents, from books to addresses. In doing so, Google made millions off its users under false pretenses, and it’s geared to do it again.
Researchers at Stanford reported in March 2018 how digital tracks left by a computer mouse may reveal involuntary tremors or shakes, most commonly attributed to Parkinson’s disease. Eric Horvitz, one of the researchers, believes this information, along with other user web search data, could help diagnose Parkinson’s in people before they’re even aware of it. Or, Google could indirectly raise premiums by alerting that individual’s insurance company.
In reference to the newly advanced and simplified CAPTCHA system, Vinay Shet, product manager for Google’s CAPTCHA team, revealed that human users can be discerned by using subtly ingenious clues, like a user’s mouse movements in the brief moments before flagging themselves as human. With the new ability of AI to detect Parkinson’s via mouse movements, it’s within Google’s interest and capacity to move toward a disease-detecting CAPTCHA. Much like it has done in the past, Google will try and sell that information to the highest bidder: your insurance company or maybe even your employer.
Insurance companies would undoubtedly pay top dollar to predict their clients’ future health risks, proceeding to either raise premiums or drop clients entirely, and they would never have to disclose why. Our searches, mouse patterns, IP addresses are all inextricably linked with us in a personal, distinguishable way. Google already knows who you are, but now it can know details and characteristics about you which you may never know yourself.
Google may know you have a life-changing disease before you do, and it will make money off your medical data while keeping you in the dark.
When Google was planning to go public in 2004, its code of conduct included the words “don’t be evil” — they have since been removed from Google’s corporate philosophy. By its own silent admission, it’s not a question of whether Google will use this technology against us, or even when. It’s a question of how.
A very intriguing read