Then perhaps it's after a few times regardless of legality, and perhaps the number of times depends on your credibility in Google's eyes (I don't think they are particularly fond of cardinals).

Nope, I was asked to pick pictures from the very first time it was introduced, so don't think that's how it works either, but have no idea how and why people have different experiences with it.

I guess one's credibility in Google's eyes depends on how much one lets them spy on them and collect data. Hmmm... perhaps using Chrome plays a role?

It might explain HSL (disabled/blocked JavaScript?), but in my case the first five (?) times I clicked the checkbox and that was enough, after that I clicked the checkbox and then got the pictures (all in the same browser session). Update: Tried again now and the pictures are gone.

Well, I had both google.com and gstatic.com enabled (for unrelated reasons) from before, and still got the pictures. Pretty sure it's allowing unconditional spying that makes the difference. Yep, sticking with that. And the pictures.

On a more serious note, Google's logic is amazing - no human would ever opt for selectively allowing/disallowing JavaScript on every single site they visit.

You are still missing the point. The checkout system has no way of knowing your intent or the method by which you obtained the code to be redeemed before you get to the captcha check. Even then, the only check it does is whether or not the code itself is valid. In order to allow for your specific scenario to bypass the captcha check, GOG would have to create an exploitable and basically blind exception to the captcha system that would leave the entire system open for bad actors to abuse exactly as I described above. I know you are not talking about buying codes, but the exception you would allow could be used to abuse purchases rather than smply provide the incremental convenience of not checking a box on a freebie.

The only way an exception like this would work is if GOG does a complete overhaul of the checkout system to create something new and unique to GOG and no other online retailer. It would need some kind of database system of every code issued, along with details of the methods used to obtain the code (bought, gifted, freebie) so that the checkout system could determine which codes require a captcha challenge and which ones do not. Then GOG would have to hope and pray that they never have a glitch or no one finds a loophole that lets someone abuse this new and far more complex system. All so you and maybe a few others don't waste the mouse clicking energy on a single check box. That would be an unbelievably stupid waste of time and resources as it gains GOG and its customers next to nothing, while making what is currently a relatively simple and secure system far more complex (greater complexity, greater risk). Easier and much safer to just make the captcha challenge standard on all checkouts. Eat a Tic-Tac before you check out next time, just to be sure you don't faint from exhaustion while clicking that box.

How about you actually describe how such an "exception" could be seriously abused. You have claimed this abuse possibility the umpteenth time now but never said how this abuse is supposed to work. Throwing around words like "exploitable" is pointless unless you actually describe such an exploit.
Please note that I do not want to discuss how difficult it might possibly be for GOG web designers/programmers to make said system. I make no claims in this regard.

So basically you agree with me now? (Whether your claims about what GOG would have to do are correct or not I do not know.)


Did you miss the point about the autumn sale? Most people participating will get at least one code. Compared with the number of regular/frequent customers this certainly is not consistent with my understanding of the word "few". Furthermore repeating what I and others wrote: The single click applies only to some percentage of users. Others are harassed with nasty pictures from various categories.

Also @GOG: I would rather pay 1% more for all games and have a captcha-free experience.

maybe they want to give you 5-90% off and captcha you for good. :)

That was the one I saw. I have no idea how it works.

This is ridiculous. I have explained precisely how this exploit based on the exception to the captcha rules that you want would work with GOG's current system, but you obviously have no interest in understanding it. You have petty and insignificant reasons for compromising GOG's already limited security and you apparently lack a basic understanding of how security works in the first place, either that or the only reason you are continuing to behave like a brick wall is because you are trolling. I do not agree with you in the slightest, you just (once again) fail to understand what would be involved in doing what you want, the complexity of it and how much riskier it would be than simply having the check box we already have. I did not miss the point of the autumn sale, what you have missed is that this sale and any of the others GOG has account for maybe three weeks worth of business out of the year and not every sale includes freebies. At least 354 days out of the year your nuisance issue is not a problem for anyone, anytime, yet you want GOG to risk problems on those 354+ days just so you don't have to whine during a sale that happens to include freebies? You don't like that you have to check that box at checkout ("nasty" pictures? That's a load of bullshit) well I, and likely the vast majority of GOG users, think that is a small price to pay if it prevents even some fraud.

That's it, i've said my peace, if you still don't get it, that's your problem. Good day, sir!

Clearly you have not. If so - why dont you just quote it. Or link to the post where you did this "explaining". Also I did in no way imply how GOG should go about implementing a captcha-free system - ie all your talk about "exceptions".

Quoting you from above: " All so you and maybe a few others don't waste the mouse clicking energy on a single check box." I pointed out that this (your former statement) is obviously and objectively a false statement. Considering this your reply to my reply is completely out-of-whack. Furthermore it is also probably wrong and misleading as well - I can explain in more detail why that is so but you seem to have lost interest so I will skip that.

It didnt sound very peaceful. In fact it sounded like you were upset.

I wish people would be so emphatic when wishing me a good day; however, it sounds like they were not upset, just a bit at wit's end; more frustration than anger. I do believe you were wished a good day.

Ok. I am no expert in terms of empathy-over-the-internet.

I also really dont understand how one can even argue the necessity of this captcha. I should be trivial (like a button choice on the main page) to simply allow the user to add the "free" game to the library.

That's probably because Google is able to locate Google cookies in your browser as well as obtain your fingerprint: Source: http://uk.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2