Google will defeat its own captchas for you

Originally published at:


Me: You realize the entire point of captchas is to render themselves obsolete by teaching machines to answer questions that currently only humans can?

People: What? That doesn’t make sense.

Me: [Links to this post]


Don’t stop there!

Train Google’s TensorFlow to recognize bits of traffic signs, automobiles and storefronts.




Soon Google will plug this hole by inserting some signature noise into its audible prompts that its speech to text engine will recognize and refuse to process. I’m frankly quite astonished they didn’t take care of this loophole already.

But that just means you have to use someone else’s speech to text processor for your comment spam bot.




Why stop there? Translate them into Urdu, and then back again!


I haven’t seen “play this captcha as audio” in a long time. It’s always “click here” and “identify the images” and so on lately.

Remember that all-too-brief interval when the random words spawned by captchas formed the basis of humor? Click for album:


At 91%, it’s success rate is about twice mine at solving the damn things.


I still see “play an audio version” or some such every so often. Depends on the company producing the captcha, I think, but some of them definitely provide a visually impaired, audio option.

What I don’t understand about these, is if I try to just randomly click through, or intentionally get it wrong, it knows, and won’t let me through until I do it right. What is the AI learning if it already knows the correct answer?


That’s why there’s two words.

One is known, the other is unknown. If you get the known one right, then it assumes you got the unknown one right as well.

It also doesn’t just rate its confidence in the whole unknown word. If you plug something in that doesn’t match any of the letters its guessed for the unknown word then it assumes you’re poisoning the dataset.


I was talking about the traffic ones, like when it says “click all bicycles,” if I just randomly click some squares or intentionally leave out a bicycle, traffic light, etc. it knows I did it wrong and won’t let me through until I do it right. What is it learning if it already knows where all the bicycles in the picture are?


Oh, that one I couldn’t say.

1 Like

My thought is that some of those images have already been checked by other humans so the machine is confident due to those other humans. It’s similar to the text thing, some images it already knows for this or that reason, and if you get both the known and unknown ones wrong, it discards your answers

1 Like

Modern CAPTCHAs often don’t require you to click anything, or will let you just check a box. I gather they are monitoring stuff like keyboard and mouse events on the page and can identify bots based on the timing of scrolls and clicks and what not. Those patterns are specific to the page, and hard to fake without empirical data from real users, which the page owner has but bots don’t.

When they do ask you questions, it may be mostly or entirely for their own selfish purposes. They show you some pictures they’re confident about (positive or negative), mixed in with some where they’re less confident. If you disagree with them on a confident match then you’re a witch. If not, they will take your opinion on the non-confident matches, and combine it with a bunch of other people’s opinions to get some useful training data. Potentially, since they’re tracking the shit out of you, they can eventually weight your answers based on how good you are at identifying things.

Basically, they’re not asking you “what is this image?”, they’re asking you to vote on whether the decision they’ve already made is correct.


This variety drives me mad. They are shit. Living in UK I am supposed to know what a ‘crosswalk’ is? That ‘click all bicycles’ actually means ‘click any box in which even a single pixel of something that might be a bicycle appears’?


Obviously, you guys never used Tor. When you try to search anything in Google while using TorBrowser, not only will you be hit with CAPTCHA almost every time, Google will also sometimes refuse to show you CAPTCHA, or will show it, but refuse to let you use audio CAPTCHA. And even if it let’s you do the test, it will claim multiple times that your performance is inadequate and force you to repeat the test. Then, when you pass, it will sometimes hit you with CAPTCHA again. Why? Hell if I know.

This got so bad that I almost never use Google with Tor these days, making do with DuckDuckGo.



1 Like

Isn’t it obvious? It’s learning about US.:skull:

1 Like