Concerns over reCAPTCHA ..
Not available in China
Can't access reCAPTCHA from Beijing -- post
Even if this works I don't see any guarantee that it will work in the future. The reCAPTCHA scripts can be updated by Google at any time.
reCAPTCHA invades privacy
ReCAPTCHA has been analyzed and observed to upload css, scripts, scrape the DOM, and grab unique information about the browser's (like a fingerprint). Fortunately, many web-site frameworks do not provide a global pointer into its memory so, in those cases, much of the data used by most apps will be unavailable. Therefore, privacy may be added by simply removing the form elements in the DOM before loading reCAPTCHA. Unfortunately, I only see a few sites that are removing the form data before showing the reCAPTCHA.
The reCAPTCHA uses a cookie under the google domains that developers can't remove for you. That browser will provide that cookie to all sites sourcing other google scripts under the same domain. This may be combined with an IP address and browser fingerprinting to identify and covertly track us. It is probably no coincidence that the reCAPTCHA code is hosted under generic domains used to host much of google's work: gstatic.com and google.com. This increases the scope of tracking cookies.
If used, at the very least, use reCAPTCHA in a web app where where the global window variable and the DOM does not contain user-provided information.
I was able to find a paid service that auto-completes reCAPTCHA. I have also seen reports of hacks and outsourcing. But overall it may be the most effective solution for a captcha. The incentives work against us, Google appears to want our data and build out their machine learning and therefore they have invested stolen money (some or much include government subsidies) to implement this kind of technology. End-users must educate themselves to the point where enough people and enough resources are available to produce a better solution. Obviously we need to stop using their currency and prevent theft too. In parallel, we can settle for second-best but we should educate and do this with confidence.
Aids machine learning potential use in nefarious technology
It appears that Google may be using the data to train nefarious technology intended to illegally violate life, liberty, and the pursuit of happiness. Driverless cars, for example, could implement a china-style social credit score and deny services or detain men or women for arbitrary reasons (also known as victimless crimes). Based on what I have seen so far, something along these lines is absolutely inevitable.
As a developer, it is these concerns that drive me to do all extra work when I encounter a reCAPTCHA site. Over the years I have incrementally built up a more advanced methods and I apply automation when practical. I would love to see this automated and done in ways that are better than what I'm describing here.
The user may clear the cookies for google domains. A browser plugin can help automate this process. I feature that would clear a list of domains automatically upon leaving a site would help.
Additionally, use a something like a VPN to help privatize the IP address getting compromised. There are many more applications for adding some chance of IP address privacy.
I leave these domains blocked in my system's host file:
127.0.0.1 www.google.com 127.0.0.1 gstatic.com 127.0.0.1 www.gstatic.com
It is awkward because I don't know if a site is expecting a reCAPTCHA in advance. So every-time I get a form (or login) that does not work, I open the browser's console then reload the page and look at the browser console's network request and see it is trying to load reCAPTCHA from any of the above domains. I did this so often I finally scripted it out.
If so, I then I unblock the Google domains (remove those entries from my host file) then I clear any data in the form and reload the page again so the reCAPTCHA appears. I mess up the captcha at least 10 times in ways that will feed the algorithm the worst data possible (images that look like what they are asking for) then eventually I complete it to the point where hopefully the machine learning algorithm will accept some inaccurate data at the same time.
Finally, I re-block the google domains and fill in the form quickly (sometimes having the form's data prepared in advanced) then submit the form before the reCAPTCHA expires. Unfortunately for Linux user's, there delay before the Linux host system picks up the host file again (and pressure to do this quickly) so this may be in-perfect. The idea of course is that I don't wan the form data I just entered getting broadcasted to google.com or gstatic.com.
The Bigger Picture (beyond reCAPTCHA)
Trust me there is a bigger agenda at play and it gets pretty evil. We have had to put up with this type of stuff for so long, serious psychological problems are inevitable. I'm willing to say that if someone is affected in this way, then either they have been well trained or they have not been exposed (are vulnerable). My opinion is that most people are either really fortunate (with proper education) or they could really benefit from breaking down and really look into how they "might" have been indoctrinated.
I see it all the time. It is common for people to get out of denial (see the issue, again?) then go into anger. Many run away at this point, however lets not go there. When that happens I just remember it really does not work very well to be angry (that does not motivate for long so don't get stuck there), so I have to take a next step and be willing to justify it from the adversary's side (see it from both sides). I really can't be that angry if I can see how I might act this way in different circumstances. Clearly that is not enough to fix anything, so I rationalize about the larger problem at a higher level but only long enough to see why the problem persists and how it functions. Finally I need to accept it or I'm going to fall back into anger or victim-hood. Accepting something and living with it is basically total and complete defeat (so, don't fall into apathy) so finally there is a the holy grail: be rational. Being rational is where all the good stuff happens. It is the motivation, wisdom, skill and practice of changing the world by changing yourself. If I feel weak on any of these steps I re-visit them and jump around (may skip steps). If I don't complete the entire process I'm defeated because not enough change will come of it. If you see that I'm stuck somewhere in this process, you can just tell me I'm "acting like" a useless eater and I'll know exactly what your talking about.
What works for me: learn from independent media sources you trust that will challenge myself to break into this on what ever step I need to practice. I expect this to be a process as described above. I find it helpful to remember to take breaks or back-off and lighten up when appropriate but I always remember to be diligent (too much stress and anxiety serves no one, keep coming back to it). When I do this well, with respect to the people around me, I achieve motivation, efficiency and have less need and desire to turn out. This agenda is obviously very advanced and came about through generations of hard work; we need to compete.
We can have accountability, there is no room for fear here. We change ourselves first, which at scale, changes the world. We can apply the following to the growing list of all technology being used against life, liberty, and the pursuit of happiness. This means we need to go through a process and become our true selves: love ♡ and free of fear. Even in the face of pure evil we can achieve an enlighten state. It takes practice and involves questioning everything we learn and know.
If this is new to you, you may really have to really re-think stuff like this; it is another way we are oppressed and our thinking is influenced by current negative experiences (judges and courts for example) and lack of education on these topics. Here it is! Moral law still exists and, from what I gather, there have been many points in history where law was widely practiced on the side of the people. What many people did not know is that the corporation (which includes the modern government) is a sub-jurisdiction and subject to the laws of their higher jurisdiction. I think you'll find, as I have, that higher jurisdictions are very inline with the non-aggression principal; they require a victim and sworn statement for there to be a crime. No victim no crime. It is only by way of contracting into sub-jurisdictions that they hold us to all these arbitrary rules and laws. On top of all that, they don't tell us we are contracting so we get scammed into this. The thing is, in the higher-jurisdiction a contract under fraud or force is not a valid contract. It is truly a house of cards.
We will have no problem finding rights violations and victims to testify and no problem finding fraud and force used to form invalid contracts. The only question left in my mind, when will most of humanity overcome fear, learn this, and put this into practice? People (including Judges) if coached and compelled (notify them they can be held accountable), can operate in higher jurisdictions. The higher the jurisdiction the more principled the laws become. For nearly everyone these laws are intuitive. Further, there is no rule to use these higher jurisdictions but it is certainly easier as much of the hard work has been done. It also has the benefit of being the adversaries parent jurisdiction.
This means we need to be willing to take on different types of risks. Know how to hold our ground. We must know how to speak our knowledge.