As if Google didn’t have enough personal information about you from reading your emails, keeping records of all your Google searches, listening to your Google Voice questions and tracking your daily location activity via their Android operating system, here comes the latest Google’s reCAPTCHA v3:
reCAPTCHA is a free service that protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.
if you didn’t understand it by now, every time you see the word ‘free’ coming from a tech giant, especially Google, you should already realize that if something looks too good to be true, it probably is.
While being a great online evil activity prevention service for any website owner, recAPTCHA always had a privacy related dark side:
First, its important to know one of the ways that Google recAPTCHA determines whether you’re a malicious user or not is by checking whether you already have a Google cookie installed on your browser. if you are/were logged in to any of Google services you will have this cookie and likely to get a lower risk score, meaning you are probably not a malicious user.
Second, it requires website administrators using this service to embed reCaptcha v3 code on ALL pages of their website.
Third, reCAPTCHA is invisible to the naked eye so there is no clear indication if its working in the background on the site you visited.
“According to tech statistics website Built With, more than 650,000 websites are already using reCaptcha v3; overall, there are at least 4.5 million websites use reCaptcha, including 25% of the top 10,000 sites. “
So… if you’re signed into your Google account there’s more than a good chance that Google is getting data about every single webpage you visit that have reCaptcha v3 embedded without you knowing its happening – meaning, tracking your online activity to the max of their abilities.
“Google would not clarify what it does with the data it captures about user behavior via reCaptcha, only that it is used for improving reCaptcha and general security purposes.” says technology consultant Marcos Perona.
additionally its good to know that every time you, a regular internet user, solve a reCAPTCHA puzzle you basically work for Google to improve their AI capabilities, which is something usually a company would pay employees to do.
As explained nicely by a quora user James McAlliste:
“Because of the millions of us doing that every day, Google was able to scan tens of millions of books to build their Google Books platform relatively quickly. They can now take an image containing text, recognize the letters and words, and build documents from it extremely quickly.
Now, we’re most commonly given images to recognize – images from Google’s Street View. When you tell Google through your captcha that this image is a car or this image is a storefront, you are training their AI and the neural networks behind them. Each person that fills out a captcha helps their image recognition algorithm become stronger.
Typically, companies would turn to something like Amazon’s Mechanical Turk for tasks like these that computers can’t do on their own. However, Google has a collection of hundreds of millions of people who will happily train their algorithms for free. A nice deal, isn’t it?
Google doesn’t make money from reCapthca directly, however it does use reCaptcha to improve other products.”