In this post I will talk about the exciting new version of Google reCaptcha, the invisible reCaptcha (well, almost invisible)! Also, I will demonstrate how to integrate it with a typical Spring Boot web app and then do some customizations to better control its behavior.
Please note there are many ways and many places in your application in which you can integrate with reCaptcha, so I won’t go into much detail about the actual implementation as it varies and there is no one correct answer. Instead, I’m focusing on how to make the integration more user friendly and controllable.
As you might already know, CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" and it comes handy when you need to protects your site from spam and bot abuse. One of the best Captcha services in the market is reCaptcha which was originally developed by university students and later was acquired by Google.
reCAPTCHA is free and easy to integrate with any application. The latest version of reCaptcha is invisible. Yes, you read it right. It’s invisible! At least to most humans!
Basically, a significant number of users can now prove they are human without having to solve a CAPTCHA. Instead with just a single click they’ll confirm they are not a robot. Only the most suspicious traffic will be prompted to solve a captcha.
How does reCapatch work behind the scene?
Well, Google doesn't go into much detail on how it works, only saying that the system uses "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats".
Anyway, don’t expect details to pop up anytime soon, because more detailed information on how the system works would probably also help bot-makers crack it.
Fun fact
One fact that I did not know before, is by using reCaptcha we are teaching machines to be better at their job!
Hundreds of millions of CAPTCHAs are solved by people every day. Google makes a positive use of this human effort by channeling the time spent solving CAPTCHAs into digitizing text, annotating images, building machine learning datasets. This in turn helps preserve books, improve maps, and solve hard AI problems.
Some have criticized Google for using reCAPTCHA as a source of unpaid labor. Personally, I think the “unpaid labor” point view just lawyer’s talk. I mean, come on! It’s really cool and productive to make use of this human effort of solving Captchas to make the world a better place.
Just imagine how awful it would be if Google came up with a butler-robot which you bought. However, it recognized your little chihuahua as a rat and tried to terminate it.
The Simple integration
After you finish setting up your reCaptcha account, you will be provided with all the steps you need to do the simplest form of integration. Basically, all you need to do is:
1- Client side integration where recaptcha script decides whether to ask the user for a challenge or not, and then sends a verification code every time the form is submitted to the server within a parameter called “g-recaptcha-response”.
Github code snippet
2- Server side integration where you make a POST call to a Google url to verify the response
Github code snippet
For a working example with Spring boot web app, you can go to the following GitHub repo.
Ways to make reCaptcha behavior more controllable in your app:
Limitations: Once you get a feel for reCaptcha you will notice the following :
1- Google does not provide a way that you can simply turn on/off the use of recaptcha without making a code change. It would be nice if they provide a switch in their settings to do just that.
2- In some cases, users of your application might need to submit the captcha enabled forms multiple times in one single session. So it would be more convenient if you can guarantee that users won’t be captcha-verified more than once per browser session.
3- There is nowhere in reCaptcha settings where we can implement a custom logic that is specific to certain variables in your app. For example, what if I want to only show captcha for users in specific regions, ip addresses , or certain browser types, etc.
Working around the limitations:
For the above reasons, I made some changes the original application (see the code on GitHub) to include the following features:
Disable and Enable reCaptcha without making code change: one way to accomplish that is by having an environment variable that you can change on the fly.
Implementing our own Risk Analysis using: in my example I used it to track users using their session. In addition I use to disable reCaptcha after user’s first successful attempt.
Hi everyone! I wish I had been able to finish a new quilt for this fall's Blogger's Quilt Festival, but with our recent move and the fact that we are living in temporary housing (just for 2 more weeks!), that just hasn't been possible. cheap digitizing embroidery
ReplyDeleteI constantly spent my half an hour to read this website's Articles or reviews everyday along with a mug of coffee. Browse around this website: You Knew How To Password Protect Folder But You Forgot.
ReplyDeleteBe that as it may, the need of great importance is to burrow further and reveal more extravagant experiences like client conduct, designs and so on. Data Analytics Course in Bangalore
ReplyDeleteVery Informative Article
ReplyDeleteData Science Interview Questions