“Easy on Humans, Hard on Bots” is what Google says about their reCAPTCHA services, but in fact their captcha service does the exact opposite and it’s getting everyone frustrated.
First some background, Captcha stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. The system originally was supposed to be “when you solve a reCAPTCHA, you help preserve literature by deciphering a word that was not readable by computers.”. reCAPTCHA was developed by a team at Carnegie Mellon University in 2002 according to The Philadelphia Inquirer, the captcha website says the year was 2000, so it is unclear exactly when reCAPTCHA was started.
In 2009, reCAPTCHA was acquired by Google, neither parties say how much it was acquired for. In the announcement post, Google says they will be using reCAPTCHA to “increase fraud and spam protection for Google products but also to improve our books and newspaper scanning process.”
In 2012, Google began to add photos of house numbers (taken from Google’s Street View project) to reCAPTCHA. A Google spokesperson said that it is currently an experiment and it isn’t limited to street addresses but also street names and traffic signs “to improve Google maps with useful information”, according to TechCrunch.
In 2017, only 2 years after adding house numbers Google decided to change things up (according to Wired), they announced that reCAPTCHA will be reduced to nothing more than a single checkbox. Google said that for smartphone and tablet users, it will show a few images and ask them to select one or more images from a selection of nine images.
As of the time of writing, most users who must interact with reCAPTCHA must select one or more images (out of a selection) and it can be really difficult for many users. Just look at #captchafail and #reCAPTCHAfail on Twitter and see what some people must deal with.
So, why should you not include reCAPTCHA on your website?
– It frustrates the people who want to contact you: If someone wants to contact you and you have a reCAPTCHA on your website it will take them more time to complete the reCAPTCHA, and in that time they may decide to go with a different company (they will justify it by saying it is difficult to contact you).
– Accessibility: reCAPTCHA only works for those who can see the reCAPTCHA, yes there is an audio version but sometimes it doesn’t work (or gets blocked for some reason). While Google does say that they care about accessibility and that reCAPTCHA works with the major screen readers. That doesn’t work for those who are colour-blind, low-sighted, or physically impaired (might not be able to complete fine motor, simultaneous, or closely-timed actions). You may not think that a visitor of yours has one of these accessibilities, but you never know and you won’t know unless the visitor tells you. “If captcha’s were forbidden outright (from Web Content Accessibility Guidelines), Web sites would choose not to conform to WCAG rather than abandon captcha“. If you don’t know of any alternatives, check out the list of alternative methods to perform human verification and establish identity that WCAG Working Group put together.
– reCAPTCHA doesn’t stop bots: In 2017 a team from the University of Maryland created unCaptcha which is an automated system that can solve reCAPTCHA’s with around 90% accuracy (was originally 85.15% accuracy but less than a year later, and after Google updated their audio challenge it was made easier). In December 2018, Armin Sebastian created buster which is an extension that you add to your browser to solve captcha’s for you. It uses reCAPTCHA’s audio challenge and automatic speech recognition to complete the reCAPTCHA for you.
– reCAPTCHA slows down your website: There has been various posts online about reCAPTCHA slowing down their website, while it will slow down your website because the reCAPTCHA needs to load, the actual results may vary.
– reCAPTCHA doesn’t work where Google is blocked: In most places around the world Google is freely accessible, but there are some places in the world that Google is blocked (or Google blocks you). As of the time of writing Argentina, China, and some parts of Italy are having trouble connecting to Google, which means they most likely won’t be able to complete the reCAPTCHA. If you require a reCAPTCHA completion on a contact form then they won’t be able to contact you.
– It makes people work for free: When you complete a reCAPTCHA, the answer you give is stored in a database and is used however Google wants (who knows exactly what Google does with it, they say they will use it to improve their book and newspaper scanning process), in addition to help with the digitization of the entire New York Times archive (all the way back to 1851). It has been said around the internet that the same data was given to Internet Archive but the Internet Archive says they have never received any data from reCAPTCHA. There are also many people on fiverr who will complete any sort of captcha for you for a low price.
– Annoying for anyone who protects their privacy: When reCAPTCHA loads it gives each person their own score to determine if they are human or bot. Google doesn’t reveal what determines the score (the team at Google have repeatedly said to put the reCAPTCHA code on every page to best determine a user’s score), but if you are trying to protect your privacy then you will get a lower score (the scores go from 1.0 – most likely human to 0.0 – most likely bot) and if you get below 0.7 then the website owner can determine what to do. The simplest thing can cause your score to go lower, like changing one setting.
After all those frustrations and things which could cause someone not be able to complete an reCAPTCHA what do you do to stop spam? You could either have a different challenge (text, picture, honeypot, 2fa / multi-factor, or sms challenge are just some examples) or you can remove the reCAPTCHA and deal with the spam. What you want to do depends on your business, website and those who visit your website. Anything is better than reCAPTCHA.
