6

Wanting to avoid bots registering on a website, I might use reCAPTCHA by Google. Since the algorithm behind reCAPTCHA is not open source, I'm wondering what user information they actually collect about the person registering on the website.

In my researches, I found out that they probably check at :

  • IP
  • Loaded resources
  • Whether you have a google account or not
  • Behavior on the page
  • Past history and cookies

Which is already a good list of information. But is it also possible that they look at the information the user filled the form with?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Raka
  • 69
  • 1
  • 3

2 Answers2

2

Google's documentation walks you through the process:

Front end, the client loads the javascript, it executes (looking at whatever data locally), then sends the token to you .

Server side, you send to Google the user's response token. You can optionally send the user's IP.

From the documents, nothing is sent to Google itself from the front-end. Please make sure you read the documents from the source.

schroeder
  • 123,438
  • 55
  • 284
  • 319
0

They can definitely look at form contents on the page. In fact, keyboard & mouse events is one of the signals they use to decide whether the user is a robot or human.

What they do with this information is up to them. It all depends on how much would you trust a company not to snoop when their whole business model is based on snooping.

André Borie
  • 12,706
  • 3
  • 39
  • 76