this post was submitted on 19 Aug 2023
156 points (94.3% liked)

Privacy

31814 readers
247 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod
Yayannick@lemmy.ml
ranok@sopuli.xyz
156
I'm convinced Google uses its reCAPTCHA to promote Chrome (lemmy.sdf.org)
submitted 1 year ago by ExtremeDullard@lemmy.sdf.org to c/privacy@lemmy.ml
61 comments fedilink hide all child comments
 

I use Firefox and Firefox Mobile on the desktop and Android respectively, Chromium with Bromite patches on Android, and infrequently Brave on the desktop to get to sites that only work properly with Chromium (more and more often - another whole separate can of worms too, this...) And I always pay attention to disable google.com and gstatic.com in NoScript and uBlock Origin whenever possible.

I noticed something quite striking: when I hit sites that use those hateful captchas from Google - aka "reCAPTCHA" that I know are from Google because they force me to temporarily reenable google.com and gstatic.com - statistically, Google quite consistently marks the captcha as passed with the green checkmark without even asking me to identify fire hydrants or bicycles once, or perhaps once but the test passes even if I purposedly don't select certain images, and almost never serves me those especially heinous "rolling captchas" that keep coming up with more and more images to identify or not as you click on them until it apparently has annoyed you enough and lets you through.

When I use Firefox however, the captchas never pass without at least one test, sometimes several in a row, and very often rolling captchas. And if I purposedly don't select certain images for the sake of experimentation, the captchas keep on coming and coming and coming forever - and if I keep doing it long enough, they plain never stop and the site become impossible to access.

Only with Firefox. Never with Chromium-based browsers.

I've been experimenting with this informally for months now and it's quite clear to me that Google has a dark pattern in place with its reCAPTCHA system to make Chrome and Chromium-based browsers the path of least resistance.

It's really disgusting...

top 50 comments
sorted by: hot top controversial new old
[–] Dave@lemmy.nz 41 points 1 year ago (2 children)

It's not necessary targeted like that. Remember Chrome sends a lot of information about the user, allowing them to more easily gauge if it's a bot. Firefox hides a lot of information, blocks a lot of third party scripts by default, and even sends fake information for some things. For all intents and purposes, Firefox looks much more like a bot than Chrome.

With that said, I use Firefox exclusively and don't have anywhere near as many issues as you seem to.

[–] ExtremeDullard@lemmy.sdf.org 3 points 1 year ago* (last edited 1 year ago) (5 children)

Remember Chrome sends a lot of information about the user

Remember, I use the equivalent of Bromite on Android and Brave on the desktop. Those are not Chrome: they're heavily privacy enhanced. By your theory, those browsers too should serve you more annoying reCAPTCHA more often, just like Firefox. But they don't: even on those privacy-respecting Chromium forks, you can get past reCAPTCHA much easier.

I use Firefox exclusively and don’t have anywhere near as many issues as you seem to.

Try using Chromium side by side and the subtle extra difficulties of sailing through the Googlespace become quite apparent. As long as you stick to Firefox, you don't realize that the Chromium experience is ever-so-slightly slicker on many websites.

[–] ElBarto@lzrprt.sbs 3 points 1 year ago (1 children)

Brave is a chromium based browser, so maybe chromium sends out something that let's recaptcha know what's going on.

[–] ExtremeDullard@lemmy.sdf.org 3 points 1 year ago (1 children)

maybe chromium sends out something that let’s recaptcha know what’s going on.

Maybe. But in that case, that's not a great sign that Brave respects your privacy. But I wouldn't put it past Brave: they too are a for-profit and I don't quite trust them either.

However, the Bromite fork I run on my deGoogled phone almost certainly doesn't make any privacy compromises and it solves reCAPTCHAs more easily than Firefox Mobile.

[–] ElBarto@lzrprt.sbs 6 points 1 year ago (3 children)

Any Web browser that claims privacy and security while using chromium as its base isn't worth the risk, they may have implemented fixes and added their own proprietary code, but it's still chromium and Google most likely hides a bunch of stuff from devs so they can't mess with it.

[–] ExtremeDullard@lemmy.sdf.org 4 points 1 year ago (1 children)

it’s still chromium and Google most likely hides a bunch of stuff from devs so they can’t mess with it.

Chromium is open source.

[–] ElBarto@lzrprt.sbs 4 points 1 year ago

It's still made by Google, tho, so can you really trust that there's no hidden shit? This is a company that is trying to create a monopoly over website access.

[–] ReversalHatchery@beehaw.org 2 points 1 year ago* (last edited 1 year ago)

Bromite is not proprietary. But yeah, the chromium codebase is huge, it may be possible that certain bad parts were not found by the fork maintainer

load more comments (1 replies)
load more comments (4 replies)
[–] jonne@infosec.pub 3 points 1 year ago

You're most likely logged into the browser with your Google account in Chrome. I'm sure they take that into account as well.

[–] skullgiver@popplesburger.hilciferous.nl 34 points 1 year ago* (last edited 11 months ago) (2 children)

[This comment has been deleted by an automated system]

[–] possiblylinux127@lemmy.zip 1 points 1 year ago (3 children)

I disagree. reCAPTCHA requires the use of non free JavaScript that is pretty much spyware. Such software should never be force on a user.

The other issue is that you are forcing users to do work. If I'm going to improve google maps then pay me

[–] cobra89@beehaw.org 4 points 1 year ago (1 children)

How often are you going to a site that has a reCAPTCHA but doesn't use JavaScript?...

[–] possiblylinux127@lemmy.zip 3 points 1 year ago

The issue for me isn't the JavaScript but the black box nature of it. I want code to be libre so I can study and modify it to my needs

[–] skullgiver@popplesburger.hilciferous.nl 3 points 1 year ago* (last edited 11 months ago) (1 children)

[This comment has been deleted by an automated system]

[–] possiblylinux127@lemmy.zip 2 points 1 year ago

What we need is a better internet...

[–] polskilumalo@lemmygrad.ml 1 points 1 year ago

Mega based

[–] crispy_kilt@feddit.de 1 points 1 year ago (1 children)

Why does nobody want the cloudflare solution? Sounds neat

[–] skullgiver@popplesburger.hilciferous.nl 5 points 1 year ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]

[–] JonEFive@midwest.social 33 points 1 year ago* (last edited 1 year ago) (1 children)

Keep in mind that basic bots don't render or process certain page elements - like javascript. So VPN plus noScript/uBlock plus obscured data plus no preexisting cookies and possibly unique fingerprint from all your previous interactions (depending on your privacy settings)... It all adds to possible bot behavior. In my mind, getting caprcha'd is a good thing. It may mean google has low confidence that it knows who I am.

[–] ExtremeDullard@lemmy.sdf.org 11 points 1 year ago* (last edited 1 year ago) (1 children)

In my mind, getting caprcha’d is a good thing. It may mean google has low confidence that it knows who I am.

That is possibly the most unique outlook I've read about today.

There's nothing good about captchas: it's an insult to human intelligence, it's forced unpair labor and each time I get one, I want to murder someone.

In a normal world, your statement would be utterly insane. But in our dystopian surveillance economy society, it's actually a rational and interesting point of view, and one that turns captchas into a useful indicator of how well you manage to evade said corporate surveillance.

Interesting. Thank you for that.

However, If you're right and Googles serves fewer captchas to those they can track better and not just those who run Chromium as I suspect, it also means privacy-enhanced Chromium-based browsers don't hold a candle to Firefox. That's not great news considering Chromium is the new de-factor standard and some websites only work okay in Chromium.

[–] droans@lemmy.world 8 points 1 year ago

You've never operated a public-facing website, have you?

In the past 24 hours alone, I've had at least 344 bot attempts on my personal site. A handful are harmless crawlers but most are hoping to hit a vulnerability.

Captchas are necessary to prevent malicious bot activity. It's unfortunate that it also means it'll be a pain for users.

[–] prole@sh.itjust.works 14 points 1 year ago* (last edited 1 year ago) (2 children)

You may have turned on a setting in Firefox that is meant to obscure your browser fingerprint. For me, it seems to force more captchas for me.

I kept the feature on though, because when I signed into Google and got the notification of a new sign-in on my phone, it thought my OS was Windows NT (it's Linux) so it seems to at least kind of work.

I forget what the setting was off the top of my head (in about.config I think), but could look into it if anyone is curious.

Edit: went and found info on it. It is not just "Enhanced Tracking Protection." It is specifically about blocking your browser fingerprint: https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting

[–] NotSteve_@lemmy.ca 3 points 1 year ago (2 children)

It's probably enhanced tracking protection you're talking about. I keep it on as well but damn those captchas are annoying. I'd prefer to go back to the unreadable distorted text over the endless AI training ones.

[–] prole@sh.itjust.works 2 points 1 year ago (1 children)
[–] NotSteve_@lemmy.ca 2 points 1 year ago (1 children)

Oh interesting! I don't have that enabled but will be turning it on

[–] prole@sh.itjust.works 2 points 1 year ago

Yeah, with that, the enhanced tracking protection, and always-on VPN, I have to solve captchas almost constantly lol... Worth it.

[–] arin@lemmy.world 2 points 1 year ago

Select the picture with a keyboard (all pictures have weird AI shit that is absolutely not a keyboard) captcha failed

[–] Pantherina@feddit.de 1 points 1 year ago* (last edited 1 year ago)

Rfp, arkenfox, Mull, torbrowser, Librewolf

[–] Lobo6780@lemm.ee 10 points 1 year ago (3 children)

I just use captcha buster extension in Firefox, captchas are just stupid and it makes more problems for humans than for robots.

[–] Dubious_Fart@lemmy.ml 6 points 1 year ago

especially the newer ones that look like trying to see nipples on scrambled cable in the 90s.

My eyes are already shit that I can barely make out the normal images, how the fuck do you expect me to make out this god damn LSD fever dream shit?

[–] Pantherina@feddit.de 2 points 1 year ago

Damn thats a thing? Nice!

[–] JonEFive@midwest.social 2 points 1 year ago

Tell that to anyone running a website with a pubic facing form - including register and login forms.

[–] mtchristo@lemm.ee 8 points 1 year ago (1 children)

My experience was that when solving captchas where you select pics on the grid and other pics load and replace the selected ones within the same round. in firefox it tends to play those fade-in fade-out very slowly. while on chrome they appear instantly.

Unfortunatly I can't expand my obveservation just based on my own anecdotal experience. have you noticed the same behaviour ?

load more comments (1 replies)
[–] blkpws@lemmy.ml 5 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah, it's true but with https://github.com/dessant/buster I don't give a fuck with their reCAPTCHA xDD

[–] refurbishedrefurbisher@lemmy.sdf.org 4 points 1 year ago (2 children)

Do you use a VPN by chance? I get really annoying CAPTCHAs with my VPN on.

Google doesn't like things that make the user less identifiable, so they strike back however they can without it being too obvious.

[–] ExtremeDullard@lemmy.sdf.org 1 points 1 year ago

No VPN. I hit those websites from work or from my work cellphone.

Google doesn’t like things that make the user less identifiable, so they strike back however they can without it being too obvious.

I reckon so too.

And also, I believe they coax people into adopting Chrome or Chromium-based browsers by making alternatives harder or more annoying to use, so that the browser landscape eventually becomes a monoculture they can control. Once Gecko-based browsers are finally extinct, they'll go after the Chromium forks.

[–] TurtleTourParty@midwest.social 1 points 1 year ago

I have to do a captcha on basically every cloudflare site with my VPN on.

[–] wtypstanaccount04@hexbear.net 3 points 1 year ago

I deal with that BS all the time, although I don't have the issue when I don't use a VPN

[–] redimk@lemmy.dbzer0.com 3 points 1 year ago

That's weird, I use Waterfox and I occasionally get to do some kind of "puzzle", but other times I just need to click the reCaptcha and it will confirm itself (with the green check)

Ironically, when I use Vivaldi, the captcha doesn't even load, and when it loads, it says it's wrong regardless of the answer I give it, so I'm always locked and that's quite literally the only reason I stopped using Vivaldi.

On Edge I need to fill in puzzles ALL THE TIME, that's also why I stopped using Edge (apart from the bloatware and the uBlock not working there)

[–] EddieTee77@lemdro.id 1 points 1 year ago (1 children)

Side note - Firefox for Android recently freezes and crashes when you use the Google search in the private view. Also seems intentional

[–] Pantherina@feddit.de 2 points 1 year ago

Private mode is useless, change my mind

load more comments
view more: next ›