Due to reCAPTCHA’s reliance on user’s previous behavior (cookies), going incognito brings you to old school Captcha again. Now remember, this is same captcha Google said, and we agree, is not secure anymore.
Egor claims, this hurdle can be come over by low salaried workers or even g-recaptcha-response bots. Basically, in Egor’s words, “Abusing clickjacking we can make the user (a good guy) generate g-recaptcha-response for us – make a click (demo bot for wordpress). Then we can use this g-recaptcha-response to make a valid request to the victim (from our server or from user’s browser).” Do check out Egor’s demo bot that resolves those new and shiny reCAPTCHAs without a hiccup.
Until we see a resolution to these concerns, it is recommended to not jump onto Google’s nocaptcha recaptcha train.