Google has begun testing a new reCAPTCHA method that requires users to wave their hand in front of a camera to verify their identity. So, in addition to solving puzzles and reading garbled text, you can now use your computer's camera to pass verification.
Google has begun testing a new reCAPTCHA method that requires users to wave their hand in front of a camera to verify their identity. So, in addition to solving puzzles and reading garbled text, you can now use your computer's camera to pass verification.
When gesture verification is triggered, the browser requests access to the camera and asks you to perform a simple gesture — for example, waving your hand or showing an open palm. Google notes that the system records a short video of this movement and uses AI to capture the coordinates of 21 joints of the hand to complete verification. After that, the video is immediately deleted, and Google assures that it does not store it anywhere, writes Neowin.
This procedure itself may be uncomfortable for those who don't want their biometric data (and a hand scan technically falls into this category) recorded somewhere. But the situation gets even more confusing as early testers discovered that the new hand-wave reCAPTCHA system can be fooled with a regular stock photo.
One of the users of the social network X tested the new check by running a stock image of a hand through the OBS virtual camera, and the system passed it. Journalist Neowin also tested this method. It took him a few tries and a few different stock photos, but in the end he was also able to pass the test. He simply had to adjust the position of the stock image of a person waving in OBS, and Google’s engine recognized it as a legitimate gesture.
Given the simplicity of the process, the entire procedure can be automated in a matter of minutes. A simple Python script is enough to completely eliminate the effectiveness of the new reCAPTCHA method. There is even no need to involve AI bots, which are usually used to solve puzzles and other verification methods.
The new reCAPTCHA method is still in its early stages of development, and Google will hopefully update its AI to at least reject static images. However, this incident, combined with users' initial skepticism about how Google handles their data, is unlikely to get many people waving their cameras around anytime soon.
