How does new ReCAPTCHA work?

Question

I was wondering how the new google reCAPTCHA could verify the user is not a bot, just by clicking a button?!

See link here:https://developers.google.com/recaptcha/intro

Answer 1

I explain little on the new google behaviour captcha, but you might find the richer explanation in here.

1. The supplied JavaScript captcha api code accumulates the cues of human activities (or its absence) on a web page even before a user (client) approaches the reCaptcha itself.
2. When a user moves to and ticks the “I’m not a robot” checkbox, that behaviour drives even more browser events. These are caught by the same script and a request with encoded payload is sent to the Google server, the user’s fingerprints are recorded and his cookies stored.
3. The behaviour analysis system on the Google server analyses the data provided and returns an encoded value to the client page. This value is user and time dependent.
4. In case of confusion (or bot-like behavior) Google’s server will ask the client to complete an additional image-check CAPTCHA (see picture below) to further verify if the user is a bot or not.
5. The encoded value bears the hidden info if user is verified or not. But then you need to know whether Google has verified that user or not on that page. To check it, you send a POST (ajax) request with the following parameters: the returned encoded value, the secret key and end user ip (the last one is optional). Read the details on how to fetch and verify the user’s response.