ReCAPTCHA: Difference between revisions

(One intermediate revision by the same user not shown)

Line 15:

A video published by YouTube channel CHUPPL sparked renewed controversy with a video released in December 2024. The video cites and details how reCAPTCHA [[wikipedia:Doxing|doxxes]] users and how resulting user data can end up in the hands of the US government for unknown purposes, claiming exploitation of an intentional loophole in Google's terms of service allowing them to transmit user device and application data under the guise of "general security purposes."<ref>{{Cite web |last=CHUPPL |date=5 Dec 2024 |title=Why reCAPTCHA is Spyware |url=https://www.youtube.com/watch?v=VTsBP21-XpI |via=YouTube |archive-url=https://preservetube.com/watch?v=VTsBP21-XpI |archive-date=22 Feb 2026}}</ref> User data allegedly began being collected in 2014, when Google deployed reCAPTCHA v2, specifically the “No CAPTCHA reCAPTCHA” i.e. "the checkbox CAPTCHA," which primarily uses [[wikipedia:HTTP_cookie|cookies]] to whitelist users who reCAPTCHA identifies as humans. This opens up additional security vulnerabilities as once a user is identified as a human, a bot can take over and be given unrestricted access to all sites using reCAPTCHA without having to fill a CAPTCHA itself.<ref>{{Cite web |last=homakov |date=4 Dec 2014 |title=The No CAPTCHA problem |url=https://homakov.blogspot.com/2014/12/the-no-captcha-problem.html |url-status=live |archive-url=https://web.archive.org/web/20141204133024/https://homakov.blogspot.com/2014/12/the-no-captcha-problem.html |archive-date=4 Dec 2014 |via=Blogger}}</ref>

The type of cookies collected includes, but is not limited to:<ref name=":0">{{Cite web |last=O'Reilly |first=Lara |date=20 Feb 2015 |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015 |website=Business Insider}}</ref>

The type of [[Web_cookie|cookies]] collected includes, but is not limited to:<ref name=":0">{{Cite web |last=O'Reilly |first=Lara |date=20 Feb 2015 |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015 |website=Business Insider}}</ref>

*Screen size and resolution, date, language, browser plug-ins, and all ~~Javascript~~ objects

*Screen size and resolution, date, language, browser plug-ins, and all [[JavaScript]] objects

*IP address

*CSS information from the page you are on

@@ Line 15: / Line 15: @@
 A video published by YouTube channel CHUPPL sparked renewed controversy with a video released in December 2024. The video cites and details how reCAPTCHA [[wikipedia:Doxing|doxxes]] users and how resulting user data can end up in the hands of the US government for unknown purposes, claiming exploitation of an intentional loophole in Google's terms of service allowing them to transmit user device and application data under the guise of "general security purposes."<ref>{{Cite web |last=CHUPPL |date=5 Dec 2024 |title=Why reCAPTCHA is Spyware |url=https://www.youtube.com/watch?v=VTsBP21-XpI |via=YouTube |archive-url=https://preservetube.com/watch?v=VTsBP21-XpI |archive-date=22 Feb 2026}}</ref> User data allegedly began being collected in 2014, when Google deployed reCAPTCHA v2, specifically the “No CAPTCHA reCAPTCHA” i.e. "the checkbox CAPTCHA," which primarily uses [[wikipedia:HTTP_cookie|cookies]] to whitelist users who reCAPTCHA identifies as humans. This opens up additional security vulnerabilities as once a user is identified as a human, a bot can take over and be given unrestricted access to all sites using reCAPTCHA without having to fill a CAPTCHA itself.<ref>{{Cite web |last=homakov |date=4 Dec 2014 |title=The No CAPTCHA problem |url=https://homakov.blogspot.com/2014/12/the-no-captcha-problem.html |url-status=live |archive-url=https://web.archive.org/web/20141204133024/https://homakov.blogspot.com/2014/12/the-no-captcha-problem.html |archive-date=4 Dec 2014 |via=Blogger}}</ref>
-The type of cookies collected includes, but is not limited to:<ref name=":0">{{Cite web |last=O'Reilly |first=Lara |date=20 Feb 2015 |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015 |website=Business Insider}}</ref>
+The type of [[Web_cookie|cookies]] collected includes, but is not limited to:<ref name=":0">{{Cite web |last=O'Reilly |first=Lara |date=20 Feb 2015 |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015 |website=Business Insider}}</ref>
-*Screen size and resolution, date, language, browser plug-ins, and all Javascript objects
+*Screen size and resolution, date, language, browser plug-ins, and all [[JavaScript]] objects
 *IP address
 *CSS information from the page you are on