An update on reCAPTCHA V3

We have added reCAPTCHA v3 support almost 2 years ago. reCAPTCHA v3 evolves all this time so as our bypassing algorythms. Now we have changed it again and want to tell you more about it.

Summary

  1. It works good,
  2. You pay only for valid tokens which worked well for you,
  3. It works good but initially you have to send from 500 to 2000 captchas before it start working.
  4. You have to send reportgood\reportbad requests.

Details

First we'd like to remind you that reCAPTCHA V3 is not a captcha as we know it. It's a human/robot probability estimate, based on IP address, user browsing history and his behaviour on a website. reCAPTCHA V3 can't know if you are a robot or a human, but it could determine a probability of being a human with certain imprecision.
Interesting thing about reCAPTCHA V3 is it could give a different score for a given browser with one set of cookies from the same IP address for different pages of a given website. And of course the score will be different for different websites. Unfortunately for two years fail to find a way to determine what score will receive a given PC for a certain website.
Last time we were using a probability model, which works as "if one recognition from this PC worked with 5 websites and didn't work with 6th website, then most likely it will work for 7th". But now we decided to discontinue it because sometimes it wasn't working at all. However, if one recognition of certain PC worked with some website, then likely this PC's recognitions will work 5-50 times more.

What we did now

We have implemented AllowList and BlockList of workers' PCs for every customer. Initially we send your requests to different PC of our workers. But then when you send us reportgood and reportbad requests, we sort our workers amont this lists based on your requests. When your AllowList contains at least 50 online PCs, half of your requests is sent to these workers. When this list has 500 online PCs, all next requests is distibuted only among these in your AllowList.
If your captcha request wasn't solved, we return it cost to your balance, as always. If you send us reportbad request, we now return this captcha cost to your balance, as we did before with certain limitations.

What you need to do

Make sure you are sending reportgood and reportbad requests. Because if you do then you will receive more valid tokens and you will also get refunds when you send reportbad requests.

How payment works

We charge you, as usual, every time you send us a captcha.
Refund will be issued if a token didn't work and you send us reportbad request.
Refund also will be issued if we didn't came up with a resolution and you receive ERROR_CAPTCHA_UNSOLVABLE.

Does it work? Any proofs?

We have customers who need to solve v3 on a websites with incorrect configured reCAPTCHA. It takes half of real visitors as robots. Only 4.5% of our workers provide valid resolutions for these websites. So when a customer starts to send us requests he is receiving only 4.5% of valid tokens. But eventually after about 1500 requests he is getting almost 50% of valid tokens. And after 10000 requests the percentage of valid tokens hits 80%! As for other websites with properly configured v3, you may count on 90% valid tokens from the beginning, 95% after one hundred requests and almost 99% after 1000 captchas.

What if I send requests for different websites. Can I have different lists?

Unfortunately, for now you can only have one pair of access lists. But you may have more than one account and use different 2captcha accounts for different v3 websites.

Why can't you do a pair of lists for every domain instead?

We can't because if one customer make mistake while sending reportgood/reportbad requests he will affect other customers solving captcha on the same host.

Do I need to indicate score when sending request to API?

Yes. We have different algorythms implemented for different score ranges. For example, there is no difference between 0.4 and 0.9. But 0.3 and 0.4 has difference.

How long will you keep the data?

Two days only. We could expand this later, but for now it is two days only.

What if I put all workers in a BlockList?

Until now noone was able do that. Not even 10% of our workers. But if you are working on it, you are obviously doing something wrong.

I have a question!

If you have questions regarding bypassing reCAPTCHA v3, you are advised to address it on our forum here or reach our Support team.