Google wants to make the internet a happier place by taking an irksome security step and—poof!—turning it invisible.
Like going through airport security and taking off your shoes, filling out a CAPTCHA field is an annoyance: You have to squint and transcribe distorted letters or numbers to prove you’re not a malicious robot when doing something benign like opening a new email account. Google’s version of this internet time-suck is called reCAPTCHA, the previous iteration of which involves just checking a box that says “I’m not a robot.” But now you might not even have to face the tyranny of clicking that box.
On Wednesday, Google launched “Invisible reCAPTCHA,” a service that works as a background bot-sniffer—without a human having to do anything. (The beta version launched last November, according to Google.)
“Powering these advances is a combination of machine learning and advanced risk analysis that adapt to new and emerging threats,” the company said in a video. Whether a website makes use of the new, invisible reCAPTCHA or just the box-checking version, Google says that if they think something’s fishy, a user will still face more challenges.
Shuman Ghosemajumder, the chief technology officer at Shape Security in Mountain View, Calif., and a former Google employee (he helped roll out Gmail during a career there that spanned 2003 to 2010) said that the search giant is interested in making the internet a little more frictionless.
“ReCAPTCHA is one of the most popular, if not the most popular, CAPTCHA mechanism on the internet today,” he says of the free service. “Google in general—and this is certainly a philosophy that we adhered to when I was there—believed that anything that is good for the internet, is good for Google.”
Making the service invisible, he says, is chiefly “to improve the user experience across the web.”
The new invisibility system likely looks at factors like how a user moves the mouse around, Ghosemajumder says. “Google also has a history of information that’s associated with that particular IP address,” he adds, pointing out that if the user is also logged into a Google account, the company will know even more about what is or isn’t normal activity.
As for that synthetically distorted text you’ve no doubt had to fill more times than you’d care to remember? Remarkably, Google said that by 2014, computers were far better at identifying the trickiest distorted text from a CAPTCHA than a human was anyway. “It was the worst of all possible worlds, in terms of most humans experiencing something that was very frustrating, and most bots not encountering any real friction at all, if they were sufficiently advanced,” Ghosemajumder says.
This latest iteration, he says, “creates a new sort of challenge that very advanced bots can still get around, but introduces a lot less friction to the legitimate human.”