Comment by iamnothere
1 day ago
> Do you seriously think that if Google sees the same hardware identifier 1000s of times a day they are not going to consider that usage to be fraud?
Phones are very cheap, especially refurbished phones. Just have the phones mimic real life sleep/wake cycles and take occasional breaks. Use 25% more devices to account for the loss in uptime.
Besides, some people (often unemployed or disabled, and possibly with sleep disorders or mania) actually don’t do anything other than scroll on their phone all day and night. So you can’t rely on this as a good signal without creating even more blowback. And you really don’t want too much blowback from troubled people who have infinite free time.
This still doesn't seem very economical for the bot farm. For a device to look legit it has to only use its hardware identifier about as often as a real human would. This massively changes the economics. If you have 1 bot farm customer that wants 20,000 solves in a day, the bot farm would need something like 20000/200=100 phones to provide this. (assuming a real user can do about 200 solves before being flagged).
And the cost for the bot farm being detected is very high because if a phone's root key loses trust it destroys the value of the ~$30 phone they purchased. And of course, I'm sure Google can use the phone's value as another signal for trustworthiness, treating cheaper phones many generations behind as less trusted.
I don't think bot farms will go away completely, but the price will spike massively, which is all you need to discourage many types of abuse. Some Googling show that reCAPTCHA solves are about $0.003 each right now, so quite cheap. With this new reCAPTCHA, I suspect the price will jump massively.