Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet IT Technology

Cloudflare Dumps reCAPTCHA as Google Intends To Charge For Its Use (zdnet.com) 81

Internet web infrastructure company Cloudflare announced plans to drop support for Google's reCAPTCHA service and move to a new bot detection provider named hCaptcha. From a report: Cloudflare co-founder and CEO Matthew Prince said the move was motivated by Google's future plans to charge for the use of the reCAPTCHA service, which would have "added millions of dollars in annual costs" for his company, costs that Cloudflare would have undoubtedly had to unload on its customers. "That is entirely within their right," Prince said yesterday. "Cloudflare, given our volume, no doubt imposed significant costs on the reCAPTCHA service, even for Google." "If the value of the image classification training did not exceed those costs, it makes perfect sense for Google to ask for payment for the service they provide," he added.
This discussion has been archived. No new comments can be posted.

Cloudflare Dumps reCAPTCHA as Google Intends To Charge For Its Use

Comments Filter:
  • by SuperKendall ( 25149 ) on Thursday April 09, 2020 @11:52AM (#59925474)

    Love the end of the statement, where they are saying " I guess Google got tired of all the free classification work our users did for them, so they can go pound sand if they want a penny from us".

    I have to say if Google ever comes out with an app to identify crosswalks, that app will do the best damn job anyone has ever done at identifying crosswalks.

    • by Anubis IV ( 1279820 ) on Thursday April 09, 2020 @12:03PM (#59925516)

      I have to say if Google ever comes out with an app to identify crosswalks, that app will do the best damn job anyone has ever done at identifying crosswalks.

      I should hope so, since that "app" is their self-driving car project, and I'd prefer it if their cars didn't take the right of way from pedestrians trying to cross.

      • by Joe_Dragon ( 2206452 ) on Thursday April 09, 2020 @12:05PM (#59925518)

        pedestrians give up there rights to due the EULA when they touch the car or the car touches them

      • by Kohath ( 38547 )

        Just a guess, but autonomous cars will probably stop for pedestrians in the road even when there’s no visible crosswalk. Right of way is just a courtesy and/or a legalism. Robots should do the same thing regardless.

        • autonomous cars will probably stop for pedestrians in the road even when there’s no visible crosswalk.

          Sure, cars shouldn't run people over, but crosswalks aren't just for people who are already in the road. In many parts of the world drivers are required to come to a full stop if there is someone merely waiting on the side to cross. In those locations, you'd want the autonomous car to be able to recognize the crosswalk and its significance. A person standing at a crosswalk requires that the car stop, but a person standing at a random curb does not.

          Right of way is just a courtesy and/or a legalism. Robots should do the same thing regardless.

          Though the concept may be an artificial construct, that does

    • ... " I guess Google got tired of all the free classification work our users did for them, ...

      Rather than "got tired" I imagine Google figured how to do the work w/o people and now can charge for the "service".

      • by Kjella ( 173770 )

        Rather than "got tired" I imagine Google figured how to do the work w/o people and now can charge for the "service".

        Not unlikely. Convolutional neural networks (CNNs) is a moving target and in the last 5 years there's been a huge growth in unsupervised and semi-supervised models. Think of it as the difference between AlphaGo and AlphaZero, the first one used human play to bootstrap itself. Once they were sure the network design was good, they let it start from scratch and figure it out on its own and it turned out much better. It'll be the same with images, instead of starting out with learning "cat vs dog" it'll start l

    • Meet the new google augmented reality assistant.

      It's amazingly well suited at identifying chimneys, crosswalks, traffic lights, stairs, bicycles, cars, buses, storefronts and fire hydrants.

      And that's about it. If you need to identify those things, it's insanely accurate!

    • I don't remember which comic it was on XKCD, somebody could link it... But that CATPCHA challenge: "Click all places humans will hide during an AI uprising".. or something to that effect. =)

    • I have to say if Google ever comes out with an app to identify crosswalks, that app will do the best damn job anyone has ever done at identifying crosswalks.

      Will it, though? I constantly see things like rumble strips that reCaptcha has identified as being a crosswalk and won’t let me continue until I select it.

    • A lot of people never realized that reCAPTCHA was being used for image classification, which also means that the algorithm doesn't know with certainty the "correct" answers to the questions it's asking. For every two correct tiles selected I throw in a bad one just for fun, and it rarely complains.
  • by Sebby ( 238625 )
    Was tired of having to give up my privacy and do the privacy rapist's [urbandictionary.com] AI work.
    • I'm hoping my electric company will dump this as well so I don't get harassed when I want to pay my bill.

      I shouldn't have to pick out the bus to hand over my money. You would think they'd want to get their money as fast as possible.

      • by Cederic ( 9623 )

        Telephone them. Explain on the phone that you're not going through the stress of recaptcha in order to give them money. Offer to pay them over the phone.

        It costs them more to answer the phone call, and if enough people do this, maybe we can teach the fucking twats to stop wasting our time.

    • by GrahamJ ( 241784 )

      Mod up. I hate having to unblock Google in order to log into some services.

  • by sinij ( 911942 ) on Thursday April 09, 2020 @11:57AM (#59925492)
    Every time I see reCAPTCHA I take it as a sign that Google is unable to track me. I see it a lot.
    • That's what they want you to think...

    • Re: (Score:2, Insightful)

      by QuietLagoon ( 813062 )
      I typically have a lot of trouble finishing a google captcha. I have my browser configured in such a manner that google does not like how little data it collects from me. So google, apparently as punishment, actually blocks me from getting to sites.

      .
      There was one site where I had purchased a product, I was logged in to the site, but there was a google captcha presented before I could ask a support question. This was while I already logged in to the site! I was not able to get into the support area.

      • I stopped buying humble bundles because recaptcha didn't work for me, ostensibly for the same reason. They present them even to logged in users before they can make a purchase, which is abusive to begin with. I have an account and an extensive purchase history but I still have to solve a captcha before I can give them money? That's fucking stupid.

        • by Xenx ( 2211586 )
          I buy on that site semi-regularly. I cant even recall if there is even a last time that I had to deal with recaptcha on their site. I can only assume it's something you've done that causes it. That doesn't mean your annoyance is entirely invalidated, just that you're doing it to yourself.
          • Or someone else could have tried to log into my account a bunch of times, but nice victim-blaming there, champ

            • by Xenx ( 2211586 )
              Yeah, ok.. whatever. I merely pointed our that your experience is not their normal experience. You also said that your problems with recaptcha on humble might ostensibly be for the same reason the person you replied to was saying they had problems. IE, browser settings for extra security/privacy. Thus, you were saying it was something you did and I was agreeing with it.
              • There shouldn't be a captcha of any kind there at all. I'm a logged in user. It doesn't make any sense.

                • by Xenx ( 2211586 )
                  There isn't a captcha there for the average user. My assumption would be that they have security checks in place, whether you agree with them or not, and you're likely triggering them with the way you're configured. Like I said, there is nothing wrong with your opinion of them. But, they clearly have them there for a reason. I'm not them, so I don't have the info to determine whether it's a good reason.
        • by gweihir ( 88907 )

          I have an account and an extensive purchase history but I still have to solve a captcha before I can give them money? That's fucking stupid.

          Indeed. There has to be a less annoying way to do this.

        • by Cederic ( 9623 )

          Write to them and complain. I have, several times.

          Comically if you go back the next day it'll often let you pay without a recaptcha. But any time it does, send them a message complaining that you're trying to give them money and that they won't let you.

          • Me on 12/10/2019: "When I try to purchase the bundle, I get "cannot connect to reCAPTCHA" even when logged in. Why are you sending logged in users to reCAPTCHA? Isn't logging in sufficient? I'm unsubscribing."

            Them:

            So yeah. Whatever.

      • by Kjella ( 173770 )

        There was one site where I had purchased a product, I was logged in to the site, but there was a google captcha presented before I could ask a support question. This was while I already logged in to the site! I was not able to get into the support area. I then took my business elsewhere because i did not want to deal with a site that was so cavalier with my data.

        A lot of sites have bot blockers like that, I guess it's because some disgruntled customer/ex-employee decided to run a little DDoS on their support staff. As long as you can sign up for the site and raise a support question without buying anything - totally reasonable IMHO - they need to stop them somewhere. To my knowledge the shop just signs up for a challenge/response, they don't need to pass any customer data to Google. So I'm not sure what's so cavalier about it...

        • }}} --- I guess it's because some disgruntled customer/ex-employee decided to run a little DDoS on their support staff. ---{{{ ... Simple solution. You cannot ask a support question unless you are logged in. If someone abuses support, revoke their account. See, simple.

          .
          imo, there is another reason, a google data gathering reason, that google is so aggressive in getting sites to use captchas.

      • There was a plugin on github that let you solve them with the accessability features of the damn things, and it solved it using google voice to text which was trained using something like this.

    • by MrL0G1C ( 867445 )

      No, it just means they know you're on a VPN and they don't like VPNs. They group punish people when one idiot does some stupid shitty thing, they blacklist the whole IP block.

      And they're not sure where the traffic lights are.

      • by Kjella ( 173770 )

        blacklist the whole IP block.

        Maybe, but I think they try to avoid the ban hammer because that causes accusations of censorship. But what happens easily is that you end up on a shit list - your captchas are much worse, the tolerances for errors much smaller and for some reason it'll ask you multiple captchas in a row even though you're sure the last one was correct. It's very noticeable but what are you going to do, complain that you failed a captcha?

  • Why can't a big player like Cloudflare not develop a reCaptcha of it's own?
    It's really not that complex.
    Cloudfare is just too lazy.
    And reCaptcha is lot better than doing all the classification of images for Googles.
    Google glorified AI is nothing but an oversimplified AI that freaks out when there is an elephant in the image.

  • by AndyKron ( 937105 ) on Thursday April 09, 2020 @12:03PM (#59925514)
    Please click on all the pictures that contain BULLSHIT. Sorry you missed one try again.
    • by MrL0G1C ( 867445 )

      I swear the fire hydrant ones are a wind-up. Anyway, I hope they charge a dollar a pop for the opportunity to train their self-driving vehicle AI systems and that will be the last we see of them. They made an art out of being bloody annoying.

    • Please click on all the pictures that contain BULLSHIT. Sorry you missed one try again.

      I find it genuinely confusing how people can't identify traffic lights and pedestrian crossings. But then I look at how people drive and it kind of makes sense.

      • When I'm on VPN for whatever reason, I purposefully answer these wrong. I dream about robotic cars running over people on sidewalks

  • Cloudflare, given our volume, no doubt imposed significant costs on the reCAPTCHA service, even for Google.

    And this won't be a problem for hCaptcha, as they're bigger than Google or something?

    • As per their website [hcaptcha.com], hCaptcha pay money:

      Stop more bots. Start getting paid.
      Do you use a captcha to keep out bots? hCaptcha protects user privacy, rewards websites, and helps companies get their data labeled. It is a drop-in replacement for reCAPTCHA: you can switch within minutes.

  • Google has enough image data for their AI research.
    • by lgw ( 121541 )

      Or, being Google, they're about to drop the project.

      Re your sig: not him, either.

      • If they're going to kill it charging is a clever way to do it. All sorts of sites will at least pay in the short-term as they roll out replacement solutions. It's also super shady. Like Google has replaced the "Don't be evil" with, "What would Larry Ellison do?"

    • by GrahamJ ( 241784 )

      Yep, as Prince alluded to. Leave it to Google to offer a useful service for “free” then drop it when it outlives their own purposes.

  • Good (Score:3, Insightful)

    by Opportunist ( 166417 ) on Thursday April 09, 2020 @12:31PM (#59925600)

    I'd rather deal with spam than having to identify another traffic light or bus.

    • Not only that, but having to figure out which traffic light or bus or crosswalk Google doesn't know is in a picture they're sending you.

      • It's even worse than that. I get pictures of crosswalks and traffic lights in foreign countries that often ain't quite the same we have at home. And the pictures are also often quite blurry or grainy, so figuring out whether the captcha thinks that is a crosswalk is a matter of luck anyway.

        But at least I can easily identify crosswalks and busses all over the world...

    • I'd rather deal with spam than having to identify another traffic light or bus.

      You only say that because it's been a while since you've experienced some serious spam ;-)

  • by FeelGood314 ( 2516288 ) on Thursday April 09, 2020 @12:49PM (#59925656)
    He said he wasn't going to continue using Google's service but he didn't whine or make lame excuses. He sounds alike a grown up business man that I would want to do business with. Cloudflares business model relies on preventing bots from spamming servers. A way of telling humans from computers that is as non-intrusive as possible is part of that. I don't get all the negative comments on here.
    • by MrL0G1C ( 867445 )

      I don't get all the negative comments on here.

      Block cookies, run an adblocker, don't use chrome, use a VPN.

      Do that for a month.

      Come back and tell us how you feel about being google AIs bitch.

      Crosswalks, buses, traffic lights, stairs, chimneys, bridges, bicycles, fire hydrants WHY SO MANY FUCKING FIRE HYDRANTS, can't google just hire a fucking dog?

      • Perhaps one of the bots designing the CAPTCHAs is attracted to fire hydrants?
      • Come back and tell us how you feel about being google AIs bitch.

        Google's AI will remember this. No doubt you'll be the first to get run over when the AI cars get sick of people. Me? We'll they'll avoid me because I'm standing on a pedestrian crossing.

      • WHY SO MANY FUCKING FIRE HYDRANTS, can't google just hire a fucking dog?

        Maybe they already did, which would explains WHY SO MANY FUCKING FIRE HYDRANTS.

    • by rho ( 6063 )

      A way of telling humans from computers that is as non-intrusive as possible is part of that.

      Anything that centralizes some aspect of the Internet is bad and should be avoided.

      I don't care if it's their business model to centralize some aspect of the Internet.

  • by slashkitty ( 21637 ) on Thursday April 09, 2020 @01:33PM (#59925794) Homepage
    Has anyone gotten through it? I've tried for a long long time, can't get through this broken captcha. Seriously, screw them.
  • The more widgets not on your website the more problems clients have.

    Although i speak english - i have no regional context of what a crosswalk is when i do get a google challenge.

    • So you don't know what a pedestrian crossing is, either? Or you can't infer from the context and given images?

      Since you speak English, or at least claim to, just say "I'm an idiot" next time, it conveys the same point without all the unnecessary other words.

  • by ftobin ( 48814 ) on Thursday April 09, 2020 @03:30PM (#59926122) Homepage

    The biggest benefit of them switching is that hCaptcha will support Cloudflare's Privacy Pass, which is a very slick approach to getting "tickets" you can save spend at sites to bypass Captchas automatically via a browser extension. You get 30 or so tickets every time you solve a captcha. This is very useful for anyone coming from Tor exit nodes or VPNs.

    The cryptography behind Privacy Pass is very interesting.

    When an internet challenge is solved correctly by a user, Privacy Pass will generate a number of random nonces that will be used as tokens. These tokens will be cryptographically blinded and then sent to the challenge provider. If the solution is valid, the provider will sign the blinded tokens and return them to the client. Privacy Pass will unblind the tokens and store them for future use.

    Privacy Pass will detect when an internet challenge is required in the future for the same provider. In these cases, an unblinded, signed token will be embedded into a privacy pass that will be sent to the challenge provider. The provider will verify the signature on the unblinded token, if this check passes the challenge will not be invoked.

    This protocol allows a client to bypass a number of internet challenges proportional to the number of tokens that are signed. The blinding feature used in the signing process preserves the anonymity of the user involved by randomising the tokens that are signed â" rendering them unlinkable from the tokens that are redeemed.

    https://privacypass.github.io/ [github.io]

    • by fred911 ( 83970 )

      " This is very useful for anyone coming from Tor exit nodes or VPNs."

      Cloudflare always fucks with any connectivity from Tor exit nodes. I've never found it to be a pleasant experience. But even worse than that is when I was issued a a dynamic IP from my ISP that apparently had been flagged by them . No matter what I did, Cloudflare prevented my connectivity.

      After 30 minutes of investigation to assure my intranet wasn't being a bad actor, I called my ISP. After 30 seconds of "uhh? and what? from support at t

      • by ftobin ( 48814 )

        Cloudflare always fucks with any connectivity from Tor exit nodes. I've never found it to be a pleasant experience. But even worse than that is when I was issued a a dynamic IP from my ISP that apparently had been flagged by them . No matter what I did, Cloudflare prevented my connectivity.

        Which is why Privacy Pass is an excellent solution.

  • Sometimes, you know that one of the image given as a valid choice is completely wrong, but you can't do anything about it. There used to be a button to flag it as bad, but since it's been gone, you can't fix their errors.

    Which is probably why the value of the classified images has been going downhill.

  • When a site puts up "I am not a robot" with reCaptcha, I want a box beside it that I can check that says, "I am no longer a customer".

    Yesterday, I was presented with "click on boats". That one seems to be unsolvable, because it presented a picture of a lump that looked kind of like a boat on a trailer with a plastic cover, but at the resolution being displayed, it could have also been a baseball field with a tarp on it. Or a beached orca.

    If I hadn't needed to get on the site (license renewal), I would have

  • reCAPTCHA and hCaptcha both suck.

    Both display tiny images - and the popup is so tall it doesn't fit on a 1920x1080 screen. When this screen is a 13" laptop - you're going to have a bad time. It was probably designed to work on a portrait mode screen, but Javascript can easily detect this and the popup could easily use CSS to have the images presented in a more horizontal manner.

    The hCaptcha pictures are pretty shitty and unclear in some cases. reCAPTCHA - you better hope it doesn't decide to display the pic

  • At least twice now I've hit CAPTCHAs that have replaced googles re-crap-at-cha. Ha, fuck you google.

Genius is ten percent inspiration and fifty percent capital gains.

Working...