Why can’t a bot tick the "I'm not a robot" box? (Quora)

How complicated can one little checkbox be? I mean it’s just OH MY GOD YOU CAN’T EVEN IMAGINE.

For starters, Google invented an entire virtual machine – essentially a simulated computer inside a computer – just to run that checkbox.

That virtual machine uses their own language, which they encrypt twice.

This is no simple encryption. Normally when you password protect something, you might use a key to decode it. Google’s invented language is decoded with a key that is changed by the process of reading the language, and the language also changes as it is read.

Google combines (hashes) that key with the web address you’re visiting, so you can’t use a CAPTCHA from one website to bypass another. It further combines that with fingerprints from your browser, catching microscopic variations in your computer that a bot would struggle to replicate (like CSS rules).

All this is just to make it hard for you to understand what Google is even doing. You need to write tools just to analyse it. Fortunately people did just that. (...)

https://www.quora.com/Why-can-t-a-bot-tick-the-Im-not-a-robot-box/answer/Oliver-Emberton?share=1