The companies asking already know. They're asking anyway. You've been clicking traffic lights for thirty years for an industry that has spent the same thirty years building dossiers that already prove it. Every click was training data. The bots that broke each generation were trained on your clicks. Below, every CAPTCHA from 1997 to 2026, every widget real where it can be, with the receipt for the labor at the end.
Our search engine has detected significant traffic from automated softwares (so-called "bots" or "spiders"). To prevent further misuse of our URL submission system, we have added a verification step. This will not take long.
Below you will see a graphic containing letters. The letters have been distorted by computer in a way that humans can read but our software cannot. Please type the letters you see into the input box. Letters are case-insensitive.
Click HERE to continue once you have verified.
Each verification you complete helps preserve historical texts. (Or so we said.)
A definitive guide. According to the latest research. Every founder I know swears by #7.
Most knowledge workers waste 1.7 hours a day on context-switching, according to a Microsoft study nobody can find anymore. The fix isn't another app. It's a system. Below, ten hacks I actually use…
[The other nine hacks have been omitted because the actual point of this page is what comes next.]
Around 2014, the words went quiet and the pictures arrived.
Google had retired the two-word reCAPTCHA in stages. In its place: a checkbox that said I'm not a robot, and, if it didn't believe you, a 3×3 grid of street photographs. Click all the squares with traffic lights. Click all the squares with crosswalks. Click all the squares with buses. Stop signs. Bicycles. Fire hydrants.
If the categories sound familiar, it is because they are exactly what an autonomous vehicle's perception stack needs to recognize. The reCAPTCHA grids functioned as a labeling pipeline for self-driving research, including the Waymo program at Google's parent company. You were the annotator. Hundreds of millions of times a day. Across every site that used the widget.
In September 2024, three researchers at ETH Zürich released a paper showing they could solve reCAPTCHA v2 at 100% accuracy using YOLOv8, an open-source object detection model trained on, among other things, the same kinds of street images you spent ten years tagging. The bot that broke the test was a graduate of the school you ran.
6LeIxAcT…ZKhI, intended for developer demos.
Join 50,000 founders, PMs, and engineers reading what matters tomorrow. Curated daily. Free forever.
Unsubscribe one click. By subscribing, you agree to our terms. Protected by reCAPTCHA Enterprise. No challenge will be shown.
In 2018, the test became invisible. The judgment did not.
reCAPTCHA v3 launched in October 2018. There is no checkbox. No image grid. The page loads and v3 begins scoring you on a scale from 0.0 (definitely a bot) to 1.0 (definitely human). It does this using mouse movements, scroll cadence, dwell time, browser fingerprint, and your activity on every other site that ties back to the same identity graph.
A site receives your score in the background and decides what to do with you. You never see the number. You never know what threshold the site set. If you fail, sometimes you get a v2 image grid as a second chance. Sometimes you just get a generic error and never know why.
The contradiction is industry-wide. By 2018, the major platforms each had a signal-rich picture of you: account logins, device sync, browser fingerprints, location, payment history. Together, they knew you were human better than you do. They still asked the websites you visited to ask you anyway. The widget exists because the request itself is the product. Each verification is a fresh handshake confirming a surveillance graph is active on this page, on this visitor, right now. The "humanity check" is the receipt for permissions you don't remember granting.
87 frameworks, 24 templates, and the email sequences our clients used to 12× pipeline. Yours, free.
Enter your details below. We'll send the PDF straight to your inbox.
By downloading, you agree to receive marketing emails from Pipeline.io. Unsubscribe anytime. Protected by hCaptcha.
In 2018, the same grid arrived under a new logo. The labor pipeline kept running.
hCaptcha launched in 2018 as a privacy-conscious alternative to Google's reCAPTCHA, marketed on the premise that Google was the problem. In April 2020, Cloudflare, the largest CDN on the public internet, switched its default verifier from reCAPTCHA to hCaptcha. The reason given was that Google had begun monetizing reCAPTCHA Enterprise. The reason left out was that hCaptcha pays site operators a small kickback per solve. The widget you click in 2026 might be earning the website you're on a fraction of a cent.
The format barely changed. Same 3×3 grid. Same "click all the squares with X." The image categories shifted because the customer paying for the labels shifted, from one autonomous-vehicle stack to a different roster of enterprise customers training their own image classifiers. The labor was the same. The receipt went to a different address.
By 2024, CHEQ.ai industry tests showed GPT-4V solving hCaptcha grids at roughly 80% accuracy across mixed challenges. Specialized solver services advertise 90%+ commercially. The "privacy-first" pitch was real. The "this stops bots" pitch never was.
10000000-…0001.
The widget below is the actual Cloudflare Turnstile, embedded with their public test sitekey. You don't have to do anything. It checks your browser. It checks your behavior. It decides.
1x00000000000000000000AA (always passes). © Cloudflare, Inc. Used per their published testing documentation.By 2026, the bots that broke each generation of CAPTCHA have been trained on the same labels you produced. ETH Zurich solved reCAPTCHA v2 at 100% accuracy in September 2024. Industry tests in 2024 had GPT-4V solving hCaptcha at roughly 80%. Audio CAPTCHAs were broken at 85% in 2017, before Whisper even existed. The arms race never had two sides. There was always one side, and a clock.
The ritual continues because the data harvest never stopped being the point. The companies that own the verification widgets also own the surveillance graphs that make verification redundant. Cloudflare sits in front of 20% of the public internet. The major platforms hold your account logins, device sync, browser fingerprints, location history. Together, they know whether you are a human better than you do. They still ask the websites you visit to ask you, anyway. The widget is the receipt. The receipt is the product.
Every claim above traces to a primary academic paper, a product blog from Google or Cloudflare, or a citable industry benchmark. Three early myths kept out: there is no Manuel Blum 1996 paper (the term was formalized in EUROCRYPT 2003), the often-repeated "o3 solves reCAPTCHA at 100%" claim is unverifiable (the actual 100% benchmark is ETH Zurich's YOLOv8 in Sept 2024), and reCAPTCHA digitized the NYT article archive of around 13M articles, not 200M books.
Three of the widgets on this page are real, embedded with each company's published test sitekeys: Google reCAPTCHA v2 (6LeIxAcT…ZKhI), hCaptcha (10000000-…0001), and Cloudflare Turnstile (1x00…AA). All three load real third-party scripts that send observability signals to those companies, exactly as they would on any normal website. That is the editorial point of this page. The 1997, 2007, and 2018-v3 sections are local recreations, because the original widgets are retired or have no public test sitekey.
Primary sources: Plesner, Vontobel, Wattenhofer — Breaking reCAPTCHAv2 (2024) · Open CaptchaWorld (NeurIPS 2025) · unCaptcha2 (USENIX WOOT 2017) · CAPTCHA EUROCRYPT 2003 · Cloudflare Turnstile testing · Cloudflare on switching to hCaptcha (2020).
Built like this. Quiet inbox. No spam. Unsubscribe one click.