A new technological development from Google, officially named “hand gesture verification” (HGV), is designed to modernize the security algorithms of the reCAPTCHA system using biometric facial recognition tools.
However, the initial testing phases have demonstrated its complete failure. Critics also highlight significant threats to user privacy arising from the need to grant large tech corporations access to users’ biometric data.
Read also: AERONAUT – everything that flies above the ground: aviation, UAVs and drones, rockets, and space
According to Google’s explanation, the HGV system relies on a mandatory connection to the device’s webcam, which is supposed to capture one or more short video clips of the user’s palm. To pass the verification successfully, a person must wave their hand or perform other specific gestures in front of the camera. This footage is then analyzed by algorithms to identify key biometric markers, which are intended to verify the user’s authenticity and filter out automated systems.

Despite the developers’ hopes that biometrics would enhance security, real-world tests proved HGV to be ineffective. Researchers found that this security measure can be easily bypassed using ordinary stock photos and the virtual camera tool in OBS Studio. Attackers simply need to replicate the required gesture using a static image, and the OBS software allows them to completely bypass the need for a physical optical sensor on the computer. Modern machine learning methods make it easy to automate this workaround by combining the Python programming language with pre-made images of hands.
Beyond the obvious technical flaws, the HGV initiative raises serious concerns among privacy advocates. They point out that such innovations are gradually turning constant background surveillance by tech giants into a social norm, forcing people to grant access to their cameras just to browse the web.
BREAKING: Google introduces a new CAPTCHA that can be completely bypassed using stock images 👀 https://t.co/dPWiy5GwTLpic.twitter.com/nMQQPDqIqG
– PatRyk (@Patrosi73) June 28, 2026
In response to the allegations, Google asserts that the recorded video footage is used exclusively for palm motion recognition and is immediately deleted upon the completion of the session. It also claims that the recordings are not linked to any specific individual’s personal data, and that no audio is recorded at all. However, a recent incident involving the recovery of supposedly deleted video files on the Nest service proves that the company’s cloud infrastructure is capable of storing large amounts of data even when customers lose access to it. Despite any provisions in user agreements, the Mountain View-based corporation will likely attempt to gather as much data as possible to train its own Gemini model, disregarding potential privacy risks.
Read also:
- A Revolution in the Status Bar: Google Reveals How Android Halo Will Change the Way We Interact with AI
- Google has released Gemini Spark, a revolutionary AI agent for Mac
