[imtringued]

>This might surprise you, but it actually has to do with what traffic coming out of TOR looks like.

That's a massive load of bullshit. Google has a captcha challenge that only humans can solve. That alone is already sufficient to prevent unwanted traffic. That is how every captcha system works. However google is an exception. If you're logged in to a google account or are using chrome then google can use that information to track your captcha history. Privacy minded people avoid google like the plague and therefore they cannot be tracked.

>Google isn't going out of their way to punish you for trying to protect your privacy. Except this is exactly what happens. It's not "unfortunate". It works like this by design.

If google cannot track you then the captcha will force you to do something that no other captcha system does: give you even more challenges even if you have solved them correctly. You will spend the next 5 minutes solving captchas correctly and then at the end it will tell you you've failed. This again is unique to google: correct answers lead to failure. The problem immediately goes away if you let google track you, it doesn't matter how bot infested the network is. No other captcha system does it this way.

Google is clearly doing this to get free labour to label their datasets, force people to have a google account and encourage them to use chrome.

[cortesoft]

If you are using TOR, and not accepting cookies, they are going to have no way of knowing that you are the same user who just solved the CAPTCHA. Every request is going to appear to be from a new user.

If you do everything you can to prevent google from knowing who you are, don't be surprised when they behave like they don't know who you are.

[Dylan16807]

Tor Browser accepts session cookies. It won't have an established google identity, but it fully supports a temporary "solved the captcha" identity.

[cortesoft]

> The problem immediately goes away if you let google track you

I took that to mean they were blocking cookies

[puzzle]

What prevents a botnet from sharing that same session cookie?

[Dylan16807]

A botnet doesn't need Tor in the first place. And you can limit the use of a single captcha solution. It's not much different from the problem of a legitimate google account being borrowed by a bot.

[darkpuma]

The tile fade-in is also egregious. The only reason that exists is to punish humans.

[Wowfunhappy]

Well, it punishes bots in an equal amount, in that the bots have to wait longer before they can retry.

[darkpuma]

It punishes humans more than computers because computers are more efficient multitaskers. A computer can find a productive way to use the second between each tile fade in, but a human has no realistic way to productively use that second. The human sits there staring at the screen waiting, while the captcha-solving computer does other things (perhaps solve other captchas given to it through other connections.)

[bduerst]

Slight nitpick but past captcha successes are a characteristic of cyborg accounts, which still act as a bot most of the time.

A lot of the behavior that captcha exhibits is in part a function of feature analysis from ML models - features that may seem ridiculous to layman humans but make sense to a neural net plugged into the data.

[sjwright]

> That's a massive load of bullshit. Google has a captcha challenge that only humans can solve. That alone is already sufficient to prevent unwanted traffic.

It's not bullshit, it just depends whether your website is being targeted directly or not. We're targeted directly and the robots hitting us are getting the CAPTCHAs solved, presumably with human help.

[Mirioron]

This sounds like it should be illegal.