Recaptcha v3 always returns a 0.9 score

[AOlivar]

I have a problem with recaptcha V3, always return request is 0.9 score and this a problem? keep sending the form.

[hugobarbato]

+1 SAME

[john-larson]

It has been almost 3 years since this issue was opened. So, I would like to ask for everyone's opinion on the current status of the problem. Does v3 get to a stable point after some time in the production environment so that it effectively tells bots from humans? Or is it still totally useless and we should use v2 instead? It would really help if you could share your experience after some time of using it. Which way did you go?

[xmontero]

We kept to be in v2. I would expect someone from the recaptcha team to explain how to reproduce a "failure" from a selenium or so. Until having it clear, we are in v2.

[rddrdhd]

+1 same I tried using Selenium and JS code for submitting form every 5 seconds. Everytime my score was 0.9 Looks like I'll have to use v2

[mrmacpholea]

Google shouldn't be advertising Google Recaptcha v3 as "reCAPTCHA protects your website from fraud and abuse." and "Proven". I am on the same boat as everybody above - a simple selenium script will get you a 0.9 score 100% of the times .... I just can't imagine how many webmasters think "they're protected" by Google recaptcha and their sites are being spammed with bots ... And why is the issue "Closed"??

[felixmeziere]

Exact same problem here, getting 0.9 score with my cypress bot every single time... is ReCaptcha v3 even serious?

[digityne]

I've just implemented v3 on one button on one page of my site and over a couple of days I submitted the same form a few times and got scores of 0.9. OK. My site has 2-5 requests per day, most of which are me testing it, all 0.9 score. Then on one random day there were 150+ requests, so I assume "definitely some spamming there from God knows where, I bet it's marked some of those down!" All 0.9. How is it actually supposed to work? What exactly is it supposed to be detecting? Those 150 requests weren't valid form submissions; they didn't carry through nor send an e-mail, and I really doubt they were all human. I just don't get how a score can even change at this point.

[fabioselau077]

+1

[robo-monk]

+1 - why is this issue closed?

[lucasbasquerotto]

It was closed with the comment:

This is more of a question with the reCAPTCHA service rather than the client library, but that said I'll add a personal opinion.

So, this isn't a definitive answer, but I wouldn't be worried about not receiving a 1. Consider it like a probability score where 1 would mean with absolute certainty this is not a bot. That can never be guaranteed, so a 1 would never happen. It's probably safe to work on the assumption you're getting a probability score rounded down to the nearest 0.1.

It seems that this was closed because this repository is about the PHP client of recaptcha, rather than the recaptcha service. If I search in my browser for google recaptcha v3 github, the first link that I see points to this repository, so it seems there isn't a github repository about the recaptcha service.

It would be good to know where to open an issue then, although, wherever it is, it would have probably much less visibility and activity than here in github. For example, I was using an HTTP rest request in java without any libraries/sdk, but due to the results from the API it seemed to me that something was wrong, and seeing this issue was important for me, because I had similar problems to the people here.

About the 2nd part of the quoted text, rounding down to the nearest 0.1 would do no good if all scores are high.

For now I'm sticking to recaptcha v2.

[paulshorey]

Is there any alternative to Google's invisible v3? Does anyone know of any script or hack to tell if it's a real person browsing the site/app? If not, I'm going to build it.

[mrmacpholea]

Is there any alternative to Google's invisible v3? Does anyone know of any script or hack to tell if it's a real person browsing the site/app? If not, I'm going to build it.

hcaptcha

[paulshorey]

Ooh! Thanks! They have an "invisible" mode now. That's new. https://docs.hcaptcha.com/invisible/

On Wed, Feb 2, 2022 at 12:17 PM marcelopham @.***> wrote:

Is there any alternative to Google's invisible v3? Does anyone know of any script or hack to tell if it's a real person browsing the site/app? If not, I'm going to build it.

hcaptcha

— Reply to this email directly, view it on GitHub https://github.com/google/recaptcha/issues/235#issuecomment-1028222142, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABZM5YMYRWN5B5YXIFQWRNTUZFYMVANCNFSM4FCBGDOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

[shagimuratov]

Try https://cleantalk.org. It is completely invisible and doesn't fire any confirmation requests (bot/human) for the visitors.

[paulshorey]

Thanks. Cleantalk.org looks great for PHP websites. But I was hoping for an invisible captcha alternative like Google's, JavaScript, for any site, that monitors if the user scrolls naturally and clicks things, or if likely an automation calling events rather than actually clicking.

On Wed, Feb 2, 2022 at 12:42 PM Denis Shagimuratov @.***> wrote:

Try https://cleantalk.org. It is completely invisible and doesn't fire any confirmation requests (bot/human) for the visitors.

— Reply to this email directly, view it on GitHub https://github.com/google/recaptcha/issues/235#issuecomment-1028243778, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABZM5YJ63HRMQAVIAV5N3ODUZF3LHANCNFSM4FCBGDOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

[harshagarwal00]

Guys does ReCaptcha Enterprise help in any way?

[washowasho]

Hello - Any resolution or advice for this? I am still getting 0.9 as well... no matter what I do.

[XiaoxiaYao]

Yeah...I used it on iOS app. Always return 0.9. How to test 0.1?

[k407]

Same issue, ReCaptcha Enterprise always returns score 0.8999999761581421

[thotho19]

ReCaptcha = garbage

[DelinWorks]

I think the good old way of generating deformed characters and asking the user to input those is the best approach

[ShigShag]

I can confirm that the 0.9 score issue persists in 2024. Using this Puppeteer bot i receive a consistent 0.9 score.

const puppeteer = require('puppeteer');

(async () => {
    const browser = await puppeteer.launch({
        headless: false,
        args: ['--start-maximized'],
    });

    const page = await browser.newPage();

    const { width, height } = await page.evaluate(() => {
        return {
          width: screen.width,
          height: screen.height
        };
      });

      await page.setViewport({ width, height });

    await page.goto('domain');

    await new Promise(resolve => setTimeout(resolve, 1000));

    await page.click('xpath=/html/body/div/main/form/button')
})();

[yossi-chen]

Did anyone get around this? Also getting the 0.8999999761581421 score for automated tests

[scottsus]

+1 same issue

[PeterKvayt]

+1

[dukedaily]

+1

[alexmercerind]

+1

[Kevin-Aaaquil]

+1