RSS

Google's hand-gesture reCAPTCHA wants access to your camera

dotcoma1 pts0 comments

Google’s hand gesture reCAPTCHA test, explained

Back to list

PRIVACY

Google’s hand-gesture reCAPTCHA wants access to your camera

Jeraiza Molina

MEGA Staff

Published on 26 Jun 2026

Google’s latest defence against bots is a hand gesture reCAPTCHA that switches on your camera and asks you to wave. It’s clever, it’s optional, and it asks rather more of your data than the puzzles it replaces.

For two decades, proving you’re human online has meant clicking traffic lights, squinting at warped text, or ticking an “I’m not a robot” box. In June 2026, Google began testing something a little more demanding: a reCAPTCHA that asks you to switch on your camera and wave at your own screen.

The feature, called hand gesture verification, is part of Google’s reCAPTCHA service. It’s rolling out slowly as an option for websites, and it arrives at an awkward moment, just as people are growing more wary about how much of themselves they hand over to pass a routine security check. Ticking a few box was slightly annoying but performing for your webcam is a different ask.

Join the MEGA privacy revolution. Create a free MEGA account and get 20 GB of storage with zero-knowledge encryption.

Sign up for 20 GB free storage

Table of contents<br>What Google is testing<br>What the hand gesture reCAPTCHA captures<br>Is your hand geometry biometric data?<br>Why Google is doing this<br>What it means for your privacy<br>How to protect your privacy online<br>A small ask that adds up<br>Frequently asked questions

What Google is testing

In mid-June 2026, Google added hand gesture verification to reCAPTCHA, its system for telling humans and bots apart. Instead of solving an image puzzle, some users are now asked to grant camera access and perform a simple prompted gesture, such as waving or holding up an open palm.

The test was first reported in the week of 19 June 2026 and is documented by Google in its own reCAPTCHA developer pages. It’s an optional method for now, not a replacement for the familiar image and audio challenges, which remain available for anyone who can’t or would rather not perform for the lens.

A screenshot of the prompt shared on X shows what users actually see. The dialog, headed “Gesture with your hand”, runs through the terms in plain language: “You’ll need to allow temporary camera access to capture your hand movements”, “Copy the hand movements as shown so we can check you’re a real person”, and “Only your hand movements will be captured”. Then a button marked “Next”, and you’re off to wave.

What the hand gesture reCAPTCHA captures

Before you grant that camera access, this is the part worth understanding.

According to Google’s documentation, when the feature is enabled reCAPTCHA records one or more short videos of your hand as you perform the prompted gesture. It then processes the footage to extract hand landmark data: 21 knuckle-point coordinates that map the shape and movement of your hand. That data is what the system uses to judge “liveness”, its term for confirming a real, live person rather than an automated script.

Google says the video is processed in real time, is never linked to your identity, and is deleted as soon as the verification ends. It also says the landmark data is not reused to train models or for any other purpose, and that camera permissions stay under your control in your browser settings.

The on-screen wording is where it gets interesting. The same prompt reassures you that “We’ll use images or videos of your hand for verification purposes. Images from your movements won’t be stored.” Yet the consent line just below reads: “By continuing, I consent to Google processing my hand movements for the purpose of security verification to detect and prevent fraud and abuse. The information we collect will be used and stored in accordance with the Google Privacy Policy.” So nothing is stored, except the information that is, in accordance with a policy you’re invited to go and read.

In short, the company’s position is that nothing meaningful is kept. That’s a reassuring promise. It’s also, by definition, a promise : a statement about what Google chooses to do with the data, not a wall that makes keeping it impossible.

Is your hand geometry biometric data?

This is where the story picks up a legal edge. The shape of your hand is biometric data, the same broad category as a fingerprint or a face scan. Illinois’ Biometric Information Privacy Act, one of the strictest privacy laws in the world, counts a “scan of hand geometry” as a biometric identifier and requires informed consent before a company can collect one.

Whether this reCAPTCHA actually falls under that kind of law is genuinely unsettled. Laws like BIPA are written around biometrics used to identify a person, and Google’s position is that the hand data only checks you’re live, is never linked to your identity, and is deleted the moment the check ends. If that holds, it may sit outside the law’s reach. If it doesn’t, a routine “wave to continue” could...

hand google recaptcha gesture data camera

Related Articles

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

How to Earn a Billion Dollars

kingstoned15 ptsmonth become startup growth years billionaire
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.