Why can't the bot check the 'I'm not a robot' checkbox?

How complicated can a small checkbox be? You cannot imagine it.

Google invented a virtual machine, basically a simulated computer inside another computer, just to run that checkbox. That virtual machine uses Google's own language, then encrypts it twice.

But this is not a simple coding process. Usually, when the password protects something, you can use the key to decode it. The language of Google is decoded by a key, changes with the process of reading the language and the language itself also changes when read.

Google associates (or hashes) that key with the web address you are visiting, so you cannot use CAPTCHA from one website to bypass another. It works in conjunction with the fingerprint from the browser, capturing microscopic variations in the computer - which bots will struggle to copy (such as CSS rules).

All this is done just to make it difficult for you to understand what Google is doing. You need to write down tools to analyze it (fortunately someone already does that).

It turns out that these checkboxes record and analyze a lot of data, including: Computer time and time, IP address and location, screen size and resolution, your browser and plugins. used, how long the page took to display, how many keystrokes, clicks and touches / scrolls were performed, along with some other things we couldn't understand.

These boxes require the browser to draw an invisible image and send it to Google for verification. Image contains things like a pointless font. The 3D image is then added to a special texture, to give different results between computers.

Finally, these seemingly simple little boxes combine all the data with their knowledge of computer users. Almost everyone on the Internet uses something owned by Google - search, mail, ads, maps - and as you know, Google keeps track of all your things. When you click on that checkbox, Google will review your browser history to see if that is the real person.

This is very easy, because Google constantly observes the behavior of billions of real people.

How exactly Google checks all this information is unknown, but it is almost certain that Google uses machine learning (or AI) on its own server that outsiders cannot copy.

So why is all this so difficult for a bot? Because now, you have created a huge number of human, messy behaviors that are almost impossible to know and keep changing. If you want to have this set of behaviors, the bot has to sign up for Google and use it convincingly on one computer, so that it is different from the computers of other bots, in a way you can't understand. .

The bot should have a delay between keystrokes, scrolls and mouse movements just like a human. All of this is extremely hard to crack and teach a computer. This complexity leads to the cost of spammers. They may break it for a while, but if suppose to pay $ 1 for each successful attempt, it might not be worth it.