[immibis]

Note that Google's version of this was determined to be checking whether you had a 9-day-old tracking cookie.

The researcher who discovered this was able to generate 60,000 "I am not a bot" cookies per day, and use them up about 15 times each in a bot before it started getting captchas.

That was in 2016 though.

[rixed]

Couldn't the content of that cookie be used to validate its actual age? Like, just signing the date of generation?

[immibis]

That's probably what it was. So they accessed some page over and over, pretending to not have the cookie yet, got a bunch of cookies, and 9 days later, used them to bypass captchas.

[gruez]

...or generate a bunch and wait 9 days?