CAPTCHA, Cookies, and Data Security

By July 17, 2018December 5th, 2023No Comments
human or robot captcha banner

The action of the European Commission to strengthen data protection and enhance the rights of citizens by reforming privacy policies resulted in the creation of the General Data Protection Regulation (GDPR), taking effect 25th May 2018. This evolution in internet privacy and rights is a much-needed one after severe breaches in online privacy have been occurring in the past several years.

But before the General Data Protection Regulation—which concerns EU citizens, those under the European Economic Area (EEA), and those who interact with EU citizens—there were already several online security measures such as Cloud Encryption, Firewalling and the likes. But when explicitly referring to security measures in dealing with personal information, the most common of all would be to prevent users from adopting weak passwords by requiring them to use alphanumeric, case-sensitive codes and special characters. Aside from this, the next primary security measure would be to use two-factor authentication, two-step verification or a multi-factor authentication tool which requires further details necessary to proceed with your intentions.

It is through this two-factor or multi-factor verification that people are asking whether tools such as CAPTCHA and reCAPTCHA and even the use of Cookies are compliant with GDPR. As the GDPR requires, users should first be given the option to consent on data collection and where these shall be used, before providing their personal information for the website owner and third parties to use. It is because of that, doing site maintenance through fixes and updates are necessary not only to fulfil GDPR requirements but more so to keep the websites in top shape and therefore incorruptible and invulnerable to security breaches where possible.

What are CAPTCHA and reCAPTCHA?

Completely Automated Public Test to tell Computers and Humans Apart, or most commonly known as CAPTCHA, is a system that differentiates humans from computer bots and blocks the latter from accessing forms and getting inside the system. The differentiation is done through a challenge or a series of tests with numbers and images that only humans and not bots can read, understand and solve.

A CAPTCHA can be used in a lot of ways, but its two primary purposes include Blocking Spam Mails and Blocking Spam Comments. Spam Mails are those unsolicited bulk messages that usually use email addresses gathered as part of distribution lists. Some spammed emails and comments are legitimate, but most are from fake businesses whose intention is to harm the email recipient be it by spreading a computer virus or by luring the person into a scam such as Fraud.

There are various types of CAPTCHA available so that bots with the intention to spam your email won’t be able to recognise a particular pattern in the software or the plugin that shall make them breach security. From Mathematical Equations to Alphanumeric Characters and Image Recognition, all these CAPTCHAs are to eliminate submissions by computers from humans ones and safeguarding data, especially submitted personal information. Some types of CAPTCHA include the following:

math captcha sample

Mathematical Equation

icon select captcha

Character Code

code captcha sample

Alphanumeric Code

image select captcha sample

Image Recognition

ad injected captcha sample

Ad-Injected CAPTCHA

type captcha sample


Google’s reCAPTCHA

On the other hand, reCAPTCHA s a web service created by Google that serves the same functions as a CAPTCHA but with the addition of being able to assist in the digitisation of text, an annotation of images, and in building datasets for learning machines. This system evolved from the Distorted Word or Number with the Audio Option, to the I’m Not a Robot option which is now more commonly known as the No CAPTCHA reCAPTCHA by Google.

recaptcha sample

Distorted Word with Audio Option

google recaptcha sample

I'm Not A Robot


Google’s No CAPTCHA reCAPTCHA is an invisible type of security feature which is embedded in the code of the site. This reCAPTCHA does not require users to answer or solve problems every time as originally required but the new version of their reCAPTCHA looks at other aspects such as mouse movement to see human behaviour and assess whether the user is human or not.

Due to this, some people are calling out Google since their No CAPTCHA reCAPTCHA poses real concerns to data privacy; for some say that whenever users tick the I’m Not a Robot box, they unknowingly agree to the implications of the matter—being that Google leaves Cookies on your computer, and collect undisclosed data information and actions so that they can analyse whether the user is really human or not. GDPR states that this should be outlined as part of the Privacy Policy.

What are Cookies?

Another method commonly used by websites are Cookies which is a small tracking identifier so companies can gather information and form statistics so that websites can display a customised or a personalised view for their users. When a user goes online and does its searches, the web browser will gather information and check Cookies for websites that the user visits so that they can create a personal profile that can be used for things such as advertisements to the user upon its next visit.

Cookies do not scan your computer to gather information, but they can store data from what a user inputs through forms they submit in a website. It is because of this that websites have pop-up notifications to alert users and give them the option to consent to their site’s use of Cookies and to where data can be shared with and used afterwards.

Cookies are also used for efficiency—mainly to make websites function properly by allowing a site to cross reference choices and options a visitor has selected so as to create a user-friendly web experience. Aside from that, websites also use Cookies for Business Analytics so that they can be used study the data and improve on their services; such is the case of Cookies used in the European Union as guided by GDPR.

Without the use of Cookies, most sites would not be able to remember things such as previous visits you have made or viewing patterns to see what you are interested in. Every visit you make, without a Cookie, would be ‘new’ to the site so it could not assist you with things like remembering usernames and such.

cookies website notification sample

How can CAPTCHA, reCAPTCHA and Cookies, be tools for Data Security?

CAPTCHA, reCAPTCHA, Cookies, and similar tools can be tools for data security provided that they administer options for consent before proceeding with gathering data for their two-factor authentication, their multi-factor verification, or for their personalised content. As long as CAPTCHAs are kept updated with the latest dynamic versions, the tool can surely serve as the front line of defence when it comes to computer bots wanting to access personal information which they can use for malicious or harmful purposes.

With the continuous research and development to make the online experience a user-friendly one while still safeguarding data privacy and security, Google’s No CAPTCHA reCAPTCHA can still be used as tools for data security since the system still fulfils its primary function which is to differentiate between humans and robots so that it can block spam comments and spam emails. But when talking about No CAPTCHA reCAPTCHA as the perfect program to use for data security, Google still has some points to improve on especially in terms of disclosing information before having users consent to their features.

So long as users are given information as to what types of Cookies are used by browsers and to what extent these are used, Cookies can be considered as tools for Data Security since websites tailor their search results or their advertisements to only things that the user is concerned with and therefore lessening the probability of encountering harmful points on the internet. Users should be given the option to opt-out of using Cookies so that the site wouldn’t leave a trace behind that could be used to run analytics of sites visited or such (think of banking portals!).

Having an active and user-friendly website is an integral part of any business strategy because this is the most efficient way of reaching your audience in this digital age. Aside from using a strong password and a two-form authentication or a multi-form verification, or using Cloud Encryption and having a strong firewall, other online security measures which everyone should implement include updating the site software and monitoring your network, using Network Intrusion Prevention & Detection software, using Secure Certificates and making sure even things like your Browser is up to date.

recaptcha sample

At Bureauserv, not only do we do website maintenance but we also make sure that existing and new websites are equipped with the appropriate tools necessary for correct operation and SEO friendly. Our various packages cater to different degrees of site maintenance but all with the intention of having your website be up to date with the latest versions of programs, plugins and the like. We ensure that we are subscribing to the latest features and tools to make sure that the websites we manage are not only SEO or user-friendly but are also secured.