I've built the same in the past to solve ReCaptchas and my question is:
Why on earth did they publish this?
I've kept it secret because Google will close this loophole and probably make it more difficult for disabled people to verify that they're humans. And Google is not dumb: They already know that speech recognition "breaks" their bot detection, just like screen readers - this is about accessibility. Publishing stuff like this will increase the pressure so they will be forced to "improve" their bot detection system - which simply means that even more people won't be able to solve those captchas.
Heck, some weeks ago I've tried to solve a ReCaptcha for literally 10 minutes! My answers were right, it was a matter of discrimination. My point is: My bot automation is able to solve a Captcha faster than a human being. This is silly and ineffective.
And about the people who've published this: they think they do someone a favor with this. But I can't see how it's in anybody's interest to release this into the public (especially on a site like HN where Googlers are reading).
If they would propose a better solution for website owners to secure their sites, fine.
But everyone who's talking about "vulnerabilities" like this makes it more difficult for real people to access the websites that they want to use. I know disabled people who can't solve those captchas - it's just too much of a hassle while it's easy for my bot automation to do it.
We should really ask ourselves what we're really trying to improve here.
Why on earth did they publish this?
I've kept it secret because Google will close this loophole and probably make it more difficult for disabled people to verify that they're humans. And Google is not dumb: They already know that speech recognition "breaks" their bot detection, just like screen readers - this is about accessibility. Publishing stuff like this will increase the pressure so they will be forced to "improve" their bot detection system - which simply means that even more people won't be able to solve those captchas.
Heck, some weeks ago I've tried to solve a ReCaptcha for literally 10 minutes! My answers were right, it was a matter of discrimination. My point is: My bot automation is able to solve a Captcha faster than a human being. This is silly and ineffective.
And about the people who've published this: they think they do someone a favor with this. But I can't see how it's in anybody's interest to release this into the public (especially on a site like HN where Googlers are reading). If they would propose a better solution for website owners to secure their sites, fine.
But everyone who's talking about "vulnerabilities" like this makes it more difficult for real people to access the websites that they want to use. I know disabled people who can't solve those captchas - it's just too much of a hassle while it's easy for my bot automation to do it.
We should really ask ourselves what we're really trying to improve here.