I try to not post or react to posts which are -in my opinion- too overtly emotional or attempting to elicit an emotional response. However, this is such a post.

After spending about $1500 on games, signing in from the same email for over 4 years and being generally well-behaved in the forums, I still have to occasionally fill out a reCaptcha to access the site. reCaptcha. The verification gate which asks you to identify items in images which are often too low-resolution to acccurately see what is in them. The security device which claims to block bots but will fail answers which notice tiny details. On the site which is routinely flooded with obvious spam.

I began this with the mention of emotion because this process (reCaptcha) triggers something near rage when it appears. Most of the time, if something goes wrong with the site, I think, "eh, they'll fix it after awhile" and move on. I've even found a working solution to the reCaptcha problem: Just don't sign in for a day or two. But, sometimes, the appearance of of the reCaptcha box summons a line of thought such as "Word of Curse! I have copies of everything I spent money on, I'm tired of this, I'm deleting my account!". Every time this has happened so far, I've walked myself back down to to a state of reasonable acceptance. Maybe one of these days though. . . What is more likely is buying more games from Els(t)e(am)where and fewer from here.

Sigh.

The main cause for this overreaction is probably that none of ther other sites which I regularly visit, free or paid services, ask for the reCaptcha. Same browsers (Brave and Firefox), same settings (delete all cookies upon close, uBlock Origin with most of it's lists and many custom filters), same email, no VPN. If you have a practical suggestion, it will be considered.

Anyway, thank you for your attention and have a nice day.

Some examples.

What drives me to rage with reCaptcha, are overly pixelated images, and the fade out and replace with new images.
When Google shoves those in my face, I will deliberately, angrily, fail that garbage.
Repeatedly.
Until it shows something that is properly static, clear, and human solveable.

What i hate most with reCaptcha are those "click all images with motorcycles" or whatever questions where like 2 pixels of the motorcycle are on a new tile. Am i supposed to click them too? What about the people driving them, do they count as part of the vehicle as well? The task is often times very vaguely defined and that's extremely annoying.

Yes, good example. Here is another. In U.S., the Volkswagen Transporter is usually called VW Bus. So which bus is meant?

That's how they are designed on purpose :) They are specifically made in a way that the decision is not always clear. An automatism would always decide the same way, human's don't. There isn't really a "right" or "wrong". It usually accepts both choices. I think it's more about evaluating when or how often the same user or client decides which way. Rumor was for a while that google used the data and metadata of these captchas to train a AI.

Don't recall being asked nor consenting to participation in a "statistical heuristic" AI training exercise as prerequisite to access my paid account.

Actually the GOG privacy declaration (part of the terms of service) states, that some of their sites will use reCAPTCHA and how these work is up to Google. That basically means that how that data is used depends on your google settings.
And yes, they were more than once accused not to be in line with the european GDPR by transmitting informations to the US without permission.

Nah it's bullshit

But someone has decided that internet uptime and anti-spam requires this inconvenience.

It's not obvious that they're right but it's hard to show them they are wrong and what to do instead.

Don't ever delete cookies for gog.com and related domains. Don't ever log out.

ReCaptcha overthinking has become an Internet meme. Of course. Like everything else, too.

Obligatory link to the wishlist entry:
Nip google Captcha in the bud

So my understanding is that GOG's implementation is supposed to prevent fraudulent automatic purchases via some hushed muttering, handwave, or something like that, right? But the thing is, if we've all proven ourselves to be actual users, especially long lived as we are, why are we being thrown the gauntlet and not new users setting up?

If this is some kind of "It keeps our insurance rates down" racket, One could at least apply something saner.


https://source.netsyms.com/Netsyms/Captcheck

Or you know, at least something that doesn't send data off to a faceless megacorp.

How good the system works you can see every weekend when the forum moderators have a few days off.

A recaptcha for a site like this one is only good for preventing a password guessing brute force attack really. But that could also be done by limiting the login attempts per hour and having a short lockout timer after each try.

Or you know, a proper 2FA with Time-based one-time password? Maybe a QR code, a semaphore flag match?