I wonder if you used a Google account in good standing for a bot, at what point would they start to detect it was a bot? I imagine if you used it for more than a few CAPTCHAs daily you'd probably end up having to do additional validation.

Which is a bad idea.

I actually have some bots which scrape Google sites (for the purpose of integrating stuff like Google Keep into KRunner), and they just use the Useragent of a regular phone, send normal POST data, etc. Works perfectly fine, and — I just checked — this bot is recognized as normal user by this captcha system. No Captcha input.

I tried it even with a new Google profile and just using cURL to log into Google, then started a new browser session and imported the cookies from cURL. Worked just as well.

I guess this makes it easier for malicious bot-authors...

Interestingly I logged out of my Google account in Chrome and immediately got an old style CAPTCHA. But not when I logged out in Safari (I very rarely use Safari).

Edit- Nevermind, it looks like Safari left some google.com cookie lying around while Chrome deleted it. Deleting it gave me the old CAPTCHA.

I strongly believe it is the bot detection .. They may also added extra checks to already logged users

Wouldn't it be possible to just tune bots easier now instead of having to work with OCR?