“What is a Captcha?”
CAPTCHA stands for Completely Automated Public Turing test. They are used across the internet to help websites determine whether a site visitor is a real human or an automated bot. The most common type of CAPTCHA on the web is Google reCAPTCHA, there are various types of Google reCAPTCHA, the most common are V2 and V3. Captcha's appear extensively on sites heavily targeted by bots, these include sites such as Nike, Shopify, Adidas, Yeezysupply, Ticketmaster and more.
“How can your software beat Captcha?”
There are many ways to beat captcha, firstly you can offload any captchas to real humans and allow your software to wait until its completed for it, this can be done by yourself or through services where others do captcha for you. However, this way is often slow and resource intensive. The best way for your software to beat Google reCAPTCHA is by logging into a Google account. Google checks to see if your software's session is logged into a trusted Google account, if so it either automatically succeeds reCAPTCHA or issues a very simple 'One Click' reCAPTCHA - these can be easily automated. As such, the best way to beat reCAPTCHA is to have trusted Google accounts and get your software to log into them before doing any activity.
“How do you get trusted Google accounts?”
As mentioned, the best way to beat reCAPTCHA is to first sign into trusted Google accounts. However, it's not that easy, each account has a limit on the number of 'easy' reCAPTCHA's they can get and this is often based on ther accounts 'trust score' which is made up from a number of factors including account age, account usage, sign-in IP address and account creation method. As such, to get accounts which can pass reCAPTCHA, your account must score highly on all the most or all of the measured factors. The best way to help accounts achieve this is by 'farming' them with software designed to generate Google account activity, the most popular of these on the market is AYCD. When farming accounts with software you need to ensure each account is assigned a unique, unflagged IP address - this is where we come in. We provide unflagged IP addresses for account activity generate and allow for multi-month renewal, meaning your accounts will have a consistent IP address and its 'trust score' will increase.
" What are three most important factors to Google activity generation?”
The three most important factors to advancing account's 'trust scores' are having accounts that were responsibly made, having a consistent IP address and using activity generation software that isn't flagged by Google.
First, you must either buy or create Google accounts to generate activity on. To ensure you have a high 'trust score' you will need to ensure these accounts were made responsibly, since some are made with automated methods that are flagged by Google. The simplest way to generate accounts responsibly is to do so manually, however tiresome that may be, when doing so you will need to ensure each account has a unique phone number, creation IP address and is made in a unique session. You can purchase accounts from others but make sure its a reputable seller who fufills these criteria. When buying you will often find accounts split into 'fresh' and 'aged', with very different pricing, this is because aged accounts are inherently more trusted by Google and easier to build trust on. If you need to buy accounts and have the money, we recommend getting aged accounts.
Next, you will need to get proxies with IP addresses that are unflagged by Google and from sellers who can provide you the same IP with month-to-month consistency. You should attach each of these proxies to a single Google account and it should remain that accounts IP address forever. Increasing the number of accounts attached to a single IP will dramatically increase the risk of being flagged by Google. Furthermore, you should never access the Google accounts with an IP address other than the one that is assigned to it, this will again increase the risk of possibly flagging and decrease your trust score. You can buy Captcha Proxies here.
Finally, you will need get software which generates account activity for you, there are a number on the market, including AYCD & Kodia Essentials. At Ping Proxies we currently use and recommend AYCD.
"What are other best practices when generating activity?"
There are a number of other best practices when using account generation software. By following these you will further increase your chances of having highly trusted Google accounts
Firstly, ensure you don't test accounts on reCAPTCHA in the software too much. We recommend testing accounts a maximum of once a week. Overtesting may lead to Google being able to flag your account.
Don't overuse accounts for reCAPTCHA. You should make sure to adequately rest your accounts before and after using them to pass reCAPTCH's, if you don't, you risk your account being flagged for suspicious account activity since its a big red flag for a single account to be used against so many reCAPTCHA's. This often becomes a problem for those using accounts to pass reCAPTCHA on sneaker drops since on a single day there can be a number of drops with multiple websites releasing each model. While it may be tempting to use the same accounts for all of these drops, we recommend segmenting your account and resting them between drops for a number of hours. This will help improve 'trust score', decrease your risk of being flagged and ensure account longevity.
Ensure accounts have good security settings throughout. You should go through all your accounts and ensure they do not have any security alerts on them. By ensuring account security is kept to a high standard your 'trust score' will increase since Google see's the account as less of a risk. You can see your account security alerts or 'checkups' here.
Have the correct software settings when generating account activity. It is essential you have the correct settings implemented when generating activity for your accounts, if you don't you risk your accounts being flagged. You should ask your software developer for details on the correct settings, for example, in AYCD the correct settings are the default. This ensures activity generated looks real, for instance, by 'sleeping' the accounts since it shouldn't be generating activity 24 hours a day.
Enable 2FA on all your accounts. This is an incredibly quick way to generate Google trust on your account.
Be patient. You won't get highly trusted accounts overnight, its a long process with many steps, some easy to get wrong. Throughout the process you need to act responsibly and follow the rules concerning the accounts at all times. If you do, you should start to see change in account trust over time. Our inhouse data shows that between week 2-3 of correctly farming accounts is often where you start to see results.
“V2 vs V3?”
The main two Google reCAPTCHA methods can be split into V2 and V3. V2 is the most commonly used form of reCAPTCHA on the web and is often known for it's "I'm not a robot" Checkbox. V3 is Googles latest reCAPTCHA method and instead or providing users with 'One Clicks' or a test to show you aren't a human, it scores the users session on a 0.1-1 scale - the closer to 1, the better and more likely you are to pass into the site.
Googles V3 system often highly flucuates and has a tendency to be quite inconsistent when rating user sessions. While we don't know all the factors on how it scores user sessions, we do know the V3 has a heavy empathise on IP address and succeed sessions if the IP address has been used alot that day for V3 reCAPTCHA's, this is known as 'temp-banning'.
Both types of reCAPTCHA heavily benefit from having trusted Google accounts logged in on the same session. However, on sneaker-releases, such as Yeezysupply, V3 drops are often long and very reCAPTCHA intensive since everytime you access the page you have to pass reCAPTCHA rather than V2 where you normally only have to complete the challenge on checkout or add to cart. As such, to avoid 'temp-banning' we advise to have seperate accounts for V3 releases and to attach them to a rotating residential proxy. This means on every reCAPTCHA attempt, there is a new session IP address, this increases your chances of passing V3 reCAPTCHA. These Google accounts do not need to be as heavily farmed as those used for V2. Furthermore, we warn against using your Google account activity generation proxies for V3 drops because since the drops are often very reCAPTCHA intesnive, it risks flagging the IP along with getting it temp banned.
“Should I have the same set-up for all my accounts?”
No, when starting out the process we recommend having diversity in your set-up, this can be implemented by using a range of proxy providers, different source accounts and a variety of software. Yes, you we recommend using other proxy providers along us! You should been note of which accounts have switch characteristics and on a weekly basis monitor their growth. This should help you to cross-reference which are working and which aren't - as they say, don't have your eggs all in one basket. Once you know what works, you can expand from there.
If you have any other questions or would like some help before purchasing feel free to contact us via email at firstname.lastname@example.org or via Discord through this link.