I can't prove I'm not a robot
September 3, 2019 10:50 AM   Subscribe

What is the "Prove you're not a robot" human verification image CAPTCHA looking for when it asks a user to click on all the squares that show "cars" or "traffic lights," etc? I find myself getting caught up in doing 5-6 in a row before it believes I'm not a robot, in many different browsers with and without ad blockers and on different computers for as long as I can remember those being a thing. So what is considered suspicious and how can I get through them faster?

I thought maybe it was because I will scan the top row of image squares, left to right, for the requested item in an image, click on it, then go to the next row and repeat, which might be too methodical and "robot like" but clicking randomly doesn't convince it of my humanity either. Then I thought maybe I'm going too fast so I try to wait after clicking each one to see if that square regenerates with another image that has the requested object in it. But no luck, I still get stuck doing the CAPTCHA multiple times until it accepts that I'm not a robot — I'll pick all the images, check the "I am not a robot box", and a new image grid will appear and I'll have to do it all over again, and again, and again. Eventually I must do it "right" and I'll be allowed to login or submit a form or whatever it is I was trying to do.

I googled around and it appears like most people talking about CAPTCHA are talking about how people are circumventing them for nefarious reasons. I'm just a person who wants to login to websites that use them more quickly. I found tips on the "type the distorted words" CAPTCHA but not on the image grids.

Bonus question, I am always stumped by being asked for something like finding all the traffic lights: does the pole or overhead arm of a traffic light counts as a traffic light or if they're literally just wanting the LIGHTS and no other pieces? I've tried both ways and still get stuck.
posted by the thorn bushes have roses to Computers & Internet (20 answers total) 9 users marked this as a favorite
Tom Scott just did a video on how they work. Short version, the more Google knows about you, the less likely you'll get the second step (and presumably, less iterations of it).
posted by hankscorpio83 at 11:03 AM on September 3, 2019

Assuming this is the Google CAPTCHA by that same description, the question of "Why am I caught up doing 5-6 in a row?" has little to do with how you solve it; by the time you see the self-driving car training grid pop up you're already locked into the ride.

In other words, Google uses a whole bunch of heuristics to determine "how confident am I that this is a human, and how much do I need to test them on it?"
Are you using Google Chrome? Are you signed into a Google account with a history of human-like behavior? Do you have Javascript disabled (first or third-party)? etc.

This is v2; v3 dispenses with the traffic grid and just generates a "humanness" score and leaves it up to the website to decide what to do with you.
posted by CrystalDave at 11:06 AM on September 3, 2019 [1 favorite]

Hmmm. I use Firefox with Privacy Badger and UBlock Origin. I almost never have to do these twice. I usually don't have to think about them.

I wonder if you are either missing a lot of the images or if there is something about your browser set-up or habits that is making the algorithm lean more towards thinking you're a bot.
posted by Kutsuwamushi at 11:27 AM on September 3, 2019 [2 favorites]

I wonder if you are either missing a lot of the images or if there is something about your browser set-up or habits that is making the algorithm lean more towards thinking you're a bot.

Yeah, this is exactly what my question is, what about my habits is making me appear like a bot. I am definitely not missing any of the images though. Often once you click one image on the grid often another will appear it its space behind it that I also need to click so I'm in the habit of pausing and checking before I submit for verification.

I'm starting to suspect it's because I am not usually logged into Google on my browsers. This has happened to me in Firefox, Safari, and Chrome on a Mac and when it occurred to me on a PC in the Edge (I think? not a PC user usually sorry not sure) browser earlier today it prompted me to ask this question. I generally do have some kind of privacy blocker on, though not always when I've had this problem, so having it occur under a bunch of different circumstances is what made me wonder if it's the way I'm clicking and not something about my browser set-up.

Can't watch YouTube at the moment but I'll be watching that video with interest later, hankscorpio83!
posted by the thorn bushes have roses at 11:41 AM on September 3, 2019

I'm starting to suspect it's because I am not usually logged into Google on my browsers.

No, it's not this particular thing, because I try not to log into Google on any of my browsers, most of the time, and I rarely have the problem of CAPTCHAs that don't work.
posted by chromium at 11:51 AM on September 3, 2019 [2 favorites]

I am also a person who sometimes has to click on twenty boxes in order to finally get the form to submit or whatever it is. The video that hankscorpio83 doesn't totally know but seems to say that the fewer things Google has access to about you (cookies mainly but maybe other data that Google hangs on to) the more likely it is to give you more boxes. I have Google set to save NONE of my data (to the extent I'm able to) and this rings true for me.
posted by jessamyn at 11:55 AM on September 3, 2019 [1 favorite]

I get 5-6 tries because I click in every square that has any traffic light hardware when asked about traffic lights and every square that has road in it when asked about bicycles because fuck self-driving cars. I suspect I've raised Google's that guy flag.
posted by scruss at 11:55 AM on September 3, 2019 [10 favorites]

I've seen this when accessing Google through open proxies and the like. Are you on shared wifi where there might be lots of users behind the same ip address or some other bad actor on your network? If on a laptop, try from another network and see if that's better.
posted by reptile at 12:13 PM on September 3, 2019

This issue comes up for me occasionally, and I'm fairly sure it's because (due to using a VPN) I occasionally appear to be coming from some block of IP addresses that Google has previously flagged as problematic. I also block cookies and javascript as much as possible, and have tried to plug up most other holes that leak unique ID info through the browser, so when this does happen I usually have to wade through a few iterations before Google decides to let me pass.
posted by Greg_Ace at 12:22 PM on September 3, 2019

I also find this happens much more when I'm using a VPN.
posted by pipeski at 12:30 PM on September 3, 2019

This happens to me when I'm using my employer's internet - I think it has to do with many requests apparently coming from the same IP address. Sometimes I can't even get an opportunity to CAPTCHA and have to try again later.
posted by momus_window at 12:35 PM on September 3, 2019

I get this a lot too, and I’m logged in to Google on Chrome. I use an ad blocker and a VPN.
I recommend you do the captcha thing slowly and be careful to click only once on "I’m not a robot" and then wait. Sometimes I’ve had to do more than one captcha in a row when I clicked too fast.
posted by bitteschoen at 12:38 PM on September 3, 2019

Many captcha break down into two pieces. Thing the captcha already knows, and a thing it's gathering information about. The distorted words captcha often include a sample of text that can't currently be OCR'd, and the robot is crowdsourcing the correct information.

Similarly the picture captcha rely on consensus. If most people click on a square, then it's probably correct. If few people click on a square then it's probably wrong. Each click basically contributes to a score, so you click on enough squares with positive scores associated with them and you'll get through.

Don't click the light post. A stop light is the light, the light post is the post, and the captcha is only asking for one of those things.

Only vaguely related, John Mulaney does a bit called the Robot Test. I love it dearly.
posted by Zudz at 4:28 PM on September 3, 2019 [1 favorite]

I saw on a thread about a contest that if you click too quickly, you'll show up as more likely to be a bot. I tried clicking slower and waiting a moment or two between clicks. It's helped me so far. It's frustrating to slow down but you don't go through photo after photo so it's faster in the end.
posted by stray thoughts at 7:30 PM on September 3, 2019

Don't click the light post. A stop light is the light, the light post is the post, and the captcha is only asking for one of those things.

Not my experience. I click on any square that broadly fits the ask. Doesn't seem to object, I generally get through on the first set, sometimes have to do a second, and very rarely a third. I also move slowly, maybe that helps.
posted by GeeEmm at 7:57 PM on September 3, 2019

At least (most of) you are asked to recognise things from your own country! I’m in the UK and we’re asked to recognise “crosswalks”, whatever they are, and fire hydrants that we don’t have, and traffic light hardware that doesn’t look like our traffic lights... It’s not only trying to check you’re human, but that you’re a human who is familiar with US streets.
posted by fabius at 4:43 AM on September 4, 2019 [1 favorite]

I can speak to "what is considered suspicious" or why you might be getting targeted so frequently.

Most websites use infrastructure to protect them from attacks, including using a WAF (web application firewall) which creates a set of rules that aim to protect against vulnerabilities by filtering out malicious traffic.

A common WAF policy is to ask for verification from requests coming from specific IP ranges they considered suspicious (particularly entire country ranges). It is very common for users from, say, Russia to see CAPTCHA requests more frequently than US/UK users.

The site can also restrict your specific IP address if it's known to have malicious activity. This site can help you determine if your IP address shows problematic activity: https://www.projecthoneypot.org/search_ip.php

VPNs are common triggers since the volume of traffic coming from that IP looks like bot behavior. Cookie blocking also makes it harder for sites to identify you and might trigger CAPTCHA.

Less common behavior that might trigger this-- do you upload large files often (common attack vector)?
posted by edgybelle27 at 8:09 PM on September 4, 2019

Less common behavior that might trigger this-- do you upload large files often (common attack vector)?

YES! I work from home and transfer large files constantly to clients and have for the past 8 years at least. Super interesting, thank you!

I marked as best answer the two answers that fascinated me but this is all helpful and I’m loving learning more and hope more folks weigh in if they have more ideas/info!
posted by the thorn bushes have roses at 8:29 PM on September 4, 2019 [1 favorite]

ah, yeah that will likely do it! One more thing-- the number of failed CAPTCHA attempts can also cause sites to mark you as suspicious, so you might be in a bit of a feedback loop until you get better at the box-clicking ones :/

Good luck!
posted by edgybelle27 at 6:06 AM on September 5, 2019

I was reminded of another kind of captcha, and so of this thread.

One of the modern captcha methods is just a box that you check that says "I am not a robot." The way this works is by watching your cursor. Basically, if you ask a person to click on a thing, the mouse will move aimlessly as they figure out where it is on the screen, then it will move towards the target. A mouse, touchpad, trackball, or other pointing device, will all behave in pretty predictable ways.

A machine can read the prompt, and then teleport the cursor to the click spot, and then click. That will not work. In fact, clicking on the mark too quickly (i.e. if your cursor just happens to be directly over the checkbox when it renders)will also not work. You have to be kind of bad at directly clicking on the thing, like a human. Efficiency is punished. Usually by requiring you to click again, or by redirection to a more traditional form of captcha.
posted by Zudz at 12:34 PM on September 6, 2019 [1 favorite]

« Older What are the limits of post relationship ethics?   |   Illustrate the cannabis industry, but don't... Newer »

You are not logged in, either login or create an account to post comments