Are we human? Or are we reCAPTCHA?
"The 2 squiggly word captcha that you know and hate will die by 3/31/2018."
The Web is dark and full of bots, and there is one undisputed leader in defending against them. You probably use reCAPTCHA every day but you don't even know it! Aaron Malenfant is the lead software engineer for reCAPTCHA and he explained its past, present, and future at GDG DevFest NYC. reCAPTCHA is secretive by its very nature, so it is a rare look into how this essential piece of web technology works.
Part 1: High level details
What I Learned
- 2 million weekly active sites
- 1 billion CAPTCHA solutions a week
- Nocaptcha saves millions of hours a day
The reCAPTCHA Machine learning engine categorizes incoming requests on a spectrum of difficulty levels from "just a checkbox" to "select all images with cars" (image classification) to "select all squares with vehicles" (image localization) to "ok you're definitely a bot".
Integrating into -your- site
Head to https://www.google.com/recaptcha/admin#list and answer a few simple questions!
You will have a few options:
- Visible: Script tag and a div
- Invisible: script tag and a button with a callback
- Invisible: script tag with a div to have control when you execute
Yes, there is such a thing as Invisible reCAPTCHA! more below. Also look up more docs at the DevGuide.
Don't forget to integrate with serverside
- make HTTP POST to <www.google.com/recaptcha/api/siteverify> with POST params of
responseyou get from reCAPTCHA
Part 2: Past, present and future
RIP 2 word Captcha (reCAPTCHA v1)
AI has advanced to the point that it can solve the hardest CAPTCHAs at 99.8% accuracy, but humans can only solve them 33% of the time. So it is time to put it to bed.
the "i am a human" checkbox you've clicked dozens of times - this is actually called the "NoCAPTCHA" - for more details, see implementation options in Part 1 above.
Invisible reCAPTCHA - launched on 3/8/2017
For low risk traffic, no user interaction is required at all to detect if you are a bot!
reCAPTCHA Android API
Included as part of Google Play Services SafetyNet - again, no user interaction required to verify you are human.
Future of reCAPTCHA (v3)
v3 is in Closed Beta now:
- puts you in control of when we show a challenge
- integration siilar to V2 Invisible
- In admin console, get a view into the riskiness of your traffic
Signup for reCAPTCHA v3 beta announcements at http://g.co/recaptcha/v3!