Using Google reCaptcha Could Be Costing Your Company Customers, and May Be A Security Risk

We all hate filling out a CAPTCHA. It needlessly wastes time and energy, and can be frustrating to use. At least in times past, the distorted text was reasonably possible and quick to solve. However, since Google made it easy for developers to quickly add in support for Google image reCAPTCHA, it has been becoming increasingly proliferate across the internet, as well as increasingly impossible for a real human to complete.

Studies have proven that the longer and harder that it takes for a customer to sign up to your service, the less likely they are to use that service and the more frequently customers will abandon the checkout, signup, or login. While this might sound great if it is on a support form which results in drastically lower support requests when people abandon messaging due to difficult or impossible Google reCAPTCHA, the truth is that is the real users are abandoning sending a support request, the company will become blind to the problems as a result of failing to receive the complaints that will inevitably result in lost customers, lost business, and lost revenue.


Studies show that up to 25% of users abandon carts and do not purchase from a website when shopping online solely because the process was too difficult. The complexity or impossibility of Google’s reCAPTCHA is surely a driving factor for this problem today.

CAPTCHAs have proven ineffective at stopping spammers – but great at stopping real humans

CAPTCHA, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” actually does server a real purpose, to eliminate automatic signups. However, not only has CAPTCHA failed to actually eliminate spammers, but the Google image reCAPTCHA is a needlessly difficult solution to the problem that it does not really solve. Moreover, Google’s reCAPTCHA may be even easier for bots to solve than you think. This means that not only are you blocking real humans, but you are also making it easier for bots to get through.

Technology dictates that the easiest solution which promotes the best user experience with the lowest barriers to entry is the best one. This applies to everything from blogs to ecommerce. Unfortunately, the Google CAPTCHA fails this test by making it needlessly complicated, and costing businesses hundreds of millions in revenue annually.

A much simpler solution to the Google CAPTCHA is a simple question that is extraordinarily difficult for a computer to solve, but is simple for a human. For example, you might say, “What is the third letter of the?” It would take an extremely intelligent AI to solve such a question, but a human could solve in an instant without any loss in brainpower or time.


Former types of CAPTCHA may not have been fun, but at least they were always possible for humans to solve and also reliable.

Even if 0.0001% of spammers get through this block, it is far better than losing up to 25% of users who abandon your site when they cannot solve the Google CAPTCHA. Put another way, the minor annoyance of the one spammer a month from a question-based human check or easy-to-solve CAPTCHA is far preferable to one spammer a month while losing 25% of your human user signups who can’t pass the Google reCAPTCHA.

The real reason Google reCAPTCHA rarely works is because Google is collecting more data. Surprise.

Google’s CAPTCHA however serves a much more nefarious purpose than you might think. The reason why Google’s image reCAPTCHA often goes on and on and on even though it was answered correctly, is not because Google actually wants wants to check if you are human. The dark side of the Google CAPTCHA is that Google is using this to teach their AI (artificial intelligence) image recognition program how to comprehend an image at the same level of a human.

Effectively, Google is actually harnessing free slave labor from the masses to teach their AI computer on how to defeat humans. By forcing users to do 3, 10, 50, or even infinite image reCAPTCHAs in a row instead of the 1 actually required, Google is multiplying their benefit. In other words, you are working for Google without even knowing it, and getting paid nothing for the brainpower that you are unknowingly donating to Google’s AI project.


It is not a coincidence that this modern CCTV tracking system looks eerily similar to Google’s reCAPTCHA.

In return for your efforts, Google is acting as a middleman between users and their websites, literally stealing your brainpower to fund their privacy-invading projects that could one day be used to identify people that the government wants to find over CCTV with shocking accuracy. We don’t like to think about this Orwellian horror, but here is a potential scenario.

Suppose you were on business in the middle east. A hacker who compromised Google’s AI could use it to scan all CCTV cameras in the country looking for US citizens. They could then identify you and do what they want, like target you for identity theft. By filling out Google’s image reCAPTCHAs, you have helped teach Google’s AI computer how to find, well, you. Google needs to properly inform people of their real uses of people’s efforts, and what they will do with this information.

Google reCAPTCHA problems are widespread.

Even more, webmasters and business owners need to recognize that they are actually losing a lot of business by implementing these image reCAPTCHAs on their website. It is even worse when not only their signup has the reCAPTCHA, but so does their contact form, and they have no phone number, so they never even know they lost a customer. They blocked a customer from even getting to their website.

It is ironic that Fastmail, a Gmail competitor, is blocking signups in exactly this manner by using their competitor Google’s reCAPTCHA on their site. If you try to sign up for their service, literally as an alternative to gmail, you get hit with a reCAPTCHA roadblock. Many users give up and abandon the signup. If you try to contact them, their contact form also has a Google reCAPTCHA and it won’t let you proceed.

Do a quick internet search for “can’t pass the Google CAPTCHA” or a similar search, and you’ll see masses of people so upset about it they spent even more time just complaining about it on online forums. It is clear the problem is very widespread. But what webmasters are not aware of is just how much business they are losing by implementing this CAPTCHA instead of a simple human check.


Google reCAPTCHA fails to adhere to internet disability laws.

It’s even worse for disabled users, which makes it a nightmare for accessibility and compliance (and might actually be illegal since it violates several disabilities laws). Users who have poor eyesight might be tempted to click the audio. Instead of delivering crisp audio to help a human make it out, it is completely and utterly unintelligible – sometimes may not even be in the correct language. The audio reCAPTCHA is an unintelligible mumbling mess that is even more impossible to solve than the images.

Moreover, the majority of time if you try to switch from the images to audio, it will result in an instant IP ban, and the reCAPTCHA will simply tell the disabled human, “sorry, but you’re a bot and we can’t let you through” immediately upon clicking the audio icon. When this happens, the user can’t even attempt any images or audio again, because now their IP is banned. The workaround is to use a VPN or Tor, but that’s also problematic.

Audio reCAPTCHA is utterly broken, or perhaps this is intentional to try to force users to use the broken image reCAPTCHA so Google can collect more AI data for their artificial intelligence image recognition program.

Google reCAPTCHA is a threat to website security & privacy.

While many websites have already stopped using Google reCAPTCHA, still some websites have not yet removed it. This poses a security risk to websites which still have it. Unfortunately, for users who use Tor or a VPN for privacy, Google has blacklisted them and made it impossible for them to signup, login, or contact any site which has the roadblock of a Google image reCAPTCHA.

Worse, however, is the threat to consumer privacy. Google is using their reCAPTCHA as a way to wage war on any users who want to protect their right to privacy, by blocking them from using services without compromising their privacy and security by, say, turning off their VPN.

A VPN can add an extra layer of security and encryption when accessing public internet. Unfortunately, this may also block customers from logging in if the website uses a Google reCAPTCHA, which could open up both the website and the customer to security risks and liability.

Why might a user legitimately use a VPN? A prime example is a user who is at a coffee shop who wants to log in to check their email, who would be wise to use a VPN (such as TorGuard) as an extra layer of security to a public and insecure network like a coffee shop. While it isn’t foolproof, a VPN’s extra layer of security by encrypting a user’s network traffic is far better than using it openly.

If a user is forced to turn off their VPN to access their personal or business accounts on public networks just to get past the Google reCAPTCHA, they are opening themselves up to a greater risk of identity theft, malware, and traffic interception by nefarious parties and hackers on the same network, which is quite common in coffee shops and public internet locations.

On this premise alone, not to mention the lost customers, companies who actually care about their customers should remove the Google CAPTCHA from their site to protect their users from Google’s massive collection of consumer data, as well as limiting their liability (in the case of hacking) and improving the safety of their customers.

Google reCAPTCHA is harmful, insecure, and ineffective.

Overall, Google’s reCAPTCHA is more than just a public nuisance; it has proven to do far more harm than good. It also is not really effective at stopping spammers, the one task it is supposed to do. Governments, banks, and high-security websites are unable to use reCAPTCHA because it fails compliance. It makes you wonder why anyone uses it if it fails to adhere to legal compliance for the world’s banks and finance corporations.

Fortunately, many webmasters, business owners, and website owners have already begun removing it from their websites. Removing Google reCAPTCHA is highly recommended for all websites and companies, especially since the data shows that companies lose business and signups immediately after implementing the Google reCAPTCHA – not to mention the fact that it simply doesn’t work for blocking spammers.

Have you had problems using Google’s reCAPTCHA? What do you think about what Google is doing with your data? Share your comments below.

Share this:


Your email address will not be published. Required fields are marked *

2 thoughts on “Using Google reCaptcha Could Be Costing Your Company Customers, and May Be A Security Risk

  1. Hi John –

    Great stuff here! I removed my Google Captcha a good while back and really just got annoyed with it on other sites. It does hurt business for website owners if they are using it. People are bouncing off left and right while being annoyed with this not so secure method.

    Doesn’t surprise me that they are collecting data. As an SEOer I cannot believe I have gotten myself into this field sometimes. Google, Facebook, Amazon, they are all super annoying privacy killers!

    Thanks for sharing my friend…will be back…good stuff here!


  2. As of March 2019, TORGuard now uses image reCAPTCHA on their customer login page.
    Looks like they’re either hopeless amateurs, or in the pipeline for kickbacks at some point in the chain.
    Caveat Emptor…


Welcome my friend, Helper Cat says you need to register for that! :)