Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human.

Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It uses risk analysis and challenge-based verification to help organizations identify automated activity and suspicious behavior.

The service is commonly deployed on login pages, registration forms, password reset pages, and checkout systems, where it can allow an interaction to proceed, require additional verification, or block the request.

How hand gesture verification works

When the hand gesture feature is enabled, reCAPTCHA analyzes one or more videos of a user’s hand as they perform prompted gestures. The videos are processed to extract hand landmark data, including 21 hand-knuckle coordinates.

Google says the videos are not associated with a user’s identity, audio is not recorded, and the videos are deleted after the verification process.

Hand gesture verification requires camera access and prompts users to perform specific gestures. The videos are processed only for security verification, camera permissions can be revoked at any time, and related data is not shared with third parties.

Users who cannot complete hand gesture verification because of accessibility needs can continue using reCAPTCHA’s visual and audio challenges. Google says it is developing additional accessibility-focused verification methods.