Google recently announced an enterprise anti-bot solution called, reCAPTCHA Enterprise. It is currently in a free beta trial. The service promises to stop scrapers, hackers and other software-based attacks. The service can be implemented on a website or a mobile app.
reCAPTCHA Enterprise
This service is focused on stopping automated attacks. But it can also be adjusted to give escalating levels of challenges to determine if a visitor is a bot or a user.
From the official Google reCAPTCHA Enterprise overview:
“reCAPTCHA focuses on detecting automated attacks. These attacks could originate from scripts, emulators, bots, or even humans. As a site owner, you embed a snippet of JavaScript on your pages which enables signal collection between reCAPTCHA Enterprise servers and the end user’s machine.”
reCAPTCHA Enterprise Versus Scrapers
One of the biggest nuisances on the web is scrapers. A scraper is an automated bot that downloads a website’s content. Generally the purpose is to republish the content on a spam website.
The negative effect of the plagiarism itself is debatable. However the load on a server from thousands of scraper bots hitting a site can be significant.
Aggressive bots downloading content can slow a server down and negatively impact Google’s ability to properly index your website. If your server is straining to serve content because of rogue bots, then your site may not have enough server resources to serve content to Google.
This is how Google’s reCAPTCHA Enterprise page describes their solution:
“With reCAPTCHA Enterprise, you can defend your website against fraudulent activity like scraping, credential stuffing, and automated account creation and help prevent costly exploits from automated bots.
How Does reCAPTCHA Enterprise Work?
The service uses a training model that adapts specifically to the traffic reaching your website. The system is designed to not affect legitimate site visitors.
Among the features, it allows an administrator to view the various scores, to set actions based on thresholds based on those scores. For example, visitors with a certain score may be required to provide to-factor authentication or email verification.
The system can also learn from the false positives in order to become better at discerning between bot behavior and normal behavior.
According to the announcement:
“Tune the service to your website’s needs
You can tune your site specific model by sending reCAPTCHA IDs back to Google labeled as false positives or false negatives. And reCAPTCHAs adaptive risk analysis engine will adapt future scores to fit your site.”
Requirements for the reCAPTCHA Enterprise
Google did not describe what criteria they are using when choosing who gets to participate in the free beta program. According to the free trial sign-up page, web publishers will at minimum need an email address. There is also a space for providing a Google Cloud Project Number and a reCAPTCHA v3 key, but they are not required.
Google’s reCAPTCHA Enterprise sign up form.Should Google Release this for Everyone?
This is a useful tool. Google is calling it an Enterprise tool. That means it’s meant for a large website with presumably a huge amount of traffic. But it could be useful for all sites, regardless of size. How do you feel about it? Should Google create a version for all websites?
