Full disclosure: I'm from the team behind a leading CAPTCHA alternative and our concerns are two-fold -- privacy and vulnerabilities.
a) New reCAPTCHA relying on a 'black box' to verify users is of course, naturally concerning privacy wise.
b) the technology that has been implemented to cater to this black box has actually opened the door to more vulnerabilities.
Our Design Director explains the reasoning behind the concern regarding the 'black box' here: http://www.funcaptcha.co/2014/12/04/killing-the-captcha-with...
And I myself go into more detail about Egor Homakov's findings regarding the new vulnerabilities here: http://www.funcaptcha.co/2014/12/04/killing-the-captcha-with...
Apologies if this feels promotional - if you have any questions, I'd be happy to answer them. This is an area of web sec that we're, obviously, very dedicated to.
Full disclosure: I'm from the team behind a leading CAPTCHA alternative and our concerns are two-fold -- privacy and vulnerabilities.
a) New reCAPTCHA relying on a 'black box' to verify users is of course, naturally concerning privacy wise.
b) the technology that has been implemented to cater to this black box has actually opened the door to more vulnerabilities.
Our Design Director explains the reasoning behind the concern regarding the 'black box' here: http://www.funcaptcha.co/2014/12/04/killing-the-captcha-with...
And I myself go into more detail about Egor Homakov's findings regarding the new vulnerabilities here: http://www.funcaptcha.co/2014/12/04/killing-the-captcha-with...
Apologies if this feels promotional - if you have any questions, I'd be happy to answer them. This is an area of web sec that we're, obviously, very dedicated to.