placeholder

Google’s new reCAPTCHA has a dark side

The latest version of the bot detector reCaptcha is invisible to users and has spread to more than 650,000 websites. It’s great for security—but not so great for your privacy.

Click to view the original at fastcompany.com

Hasnain says:

Discusses classic security versus privacy tradeoffs in the context of the new recaptcha mechanism.

Oh and also usability! Since "legitimate" users often have to do less here.

"Google encouraging site admins to put reCaptcha all over their sites, and then sharing the resulting risk scores with those admins is great for security, Perona thinks, because he says it “gives site owners more control and visibility over what’s going on” with potential scammer and bot attacks, and the system will give admins more accurate scores than if reCaptcha is only using data from a single webpage to analyze user behavior. But there’s the trade-off. “It makes sense and makes it more user-friendly, but it also gives Google more data,” he says. Google would not clarify what it does with the data it captures about user behavior via reCaptcha, only that it is used for improving reCaptcha and general security purposes."

Posted on 2019-06-28T14:00:49+0000