We will be updating the Forum on Tuesday, 19th of March between 09:00 and 11:00 (UTC) (see the time in your time zone). During this time you may experience some downtime. Thanks in advance for your patience. 🙂
Google reCAPTCHA and Vivaldi Privacy Policy
-
Jon Von Tetzchner said he was increasingly concerned about data collection and tracking by tech giants like Google and Facebook. [Reuters]
I am also increasingly concerned about Google tracking and I appreciate Jon's clear position.
Therefore I was very surprised when a few days ago the access to this site was blocked by Google-ReCaptcha for me.By ticking the ReCaptcha check box, Google receives a unique browser and system fingerprint. Google can recognize users and track their activities. InsideReCaptcha shows the obfuscated JavaScript design of the ReCaptcha version launched in 2014.
Google Invisible ReCaptcha [1] was rolled out in 2017: Google performs fully automated analysis of user behavior and IP in the background. Google does not disclose which data is transferred exactly during this process. Google advertises this service with a cute little kitten.
The Captcha will only be visible if Google algorithms do not identify the user as a human visitor. At the latest then a fingerprint will be transferred to Google. The procedure is intransparent and problematic for privacy.
As part of its Terms of Use agreement, Google requires websites that use its ReCaptcha service to include a Privacy Policy. Websites which use ReCaptcha generally contain this declaration.
When visiting the website forum.vivaldi.net Google-ReCaptcha is requested in nodebb.min.js:
www.google.com/recaptcha/api.js?onload=__nodebbSpamBeGoneCreateCaptcha__&render=explicit
Two questions:
- Why are users not informed about this in Vivaldi Privacy Policy?
- Why does Vivaldi use Google services with obvious tracking properties on the one hand and condemns them on the other?
-
@gwen-dragon Thanks for your immediate response.
I've added a corresponding note to the German Arch-Wiki (Vivaldi). -
Googles new recaptcha is incredibly annoying. I use a VPN so I constantly end up having to solve them. And even when you solve them correctly it doesn't always let you past it, so I've resorted to just randomly clicking on it until it lets me through.
From a privacy perspective, someone really needs to come up with an alternative system, even it if behaves similarly, just so that it can make a dent in Google's pervasiveness.
-
@lonm You realize it's not in Googles interest if you use VPNs, so no motivation to mitigate this annoyance, right? Many privacy measures achieve the same ... effect.
As machines are able to solve CAPTCHAs, they have become more or less irrelevant - but I guess they will stay on at least as long as the recommendation to "regularly change your passwords for security"...
-
My initial posting is one month ago and my questions have not been answered yet.
The Vivaldi Privacy Policy informs about the use of an Akismet plugin but does not include information about the use of Google Re-Captcha. It's probably not a faux pas:
Setting up spam protection for NodeBB.We trust Vivaldi with our data (Mail, Sync etc.). The trust is based on the fact that we are informed in the Privacy Policy and we can be sure that our trust and confidence in privacy will not be undermined.
Ignoring the issue is not a good approach and could possibly lead to a credibility problem that could have been avoided by appropriate information.
-
@wernerfp sorry for the slow reply. We are getting rid of Google Re-Captcha. Currently it's still present in 1 or 2 places but it will be removed very soon. It was a quick solution we implemented when we got overwhelmed with spammers at some point. Sorry for our temporary lack of consistency.
-
Not new, but very good and OpenSource
https://github.com/wjcrowcroft/MotionCAPTCHA
Or this one, even OpenSource
https://tympanus.net/codrops/2009/09/08/jquery-fancy-draggable-captcha/
-
@catweazle Great! Thanks for sharing
-
@gwen-dragon said in Google reCAPTCHA and Vivaldi Privacy Policy:
@catweazle Nice hit but the technique is a bad idea (not your fault!), sorry.
It is not accessible without mouse and nothing for people with disabilitiies! #a11yPlease do not exclude!
I know, it was only an idea, but the same thing happens with the Google Captcha.
There are other OpenSource alternatives, more traditional with keyboard and also hearing, but these are also easier to overcome by bots. (My OCR program sometimes deciphers them better than me: /). -
The big issue here is that the w3c has labelled all of these "captcha" technologies as "Experimental" (last I looked)... So it's User Beware".
-
@Gwen-Dragon said:
The W3C tells website developers that Captchas should not be used if WCAG/WAI (Web Accessability) is important.
Against this background, Captchas are not only a privacy problem, but also tendentially a violation of human rights, because human groups are systematically excluded → UN Human Rights. In my opinion, spam protection technology with such collateral damage should generally not be used.
@gaelle said in Google reCAPTCHA and Vivaldi Privacy Policy:
… We are getting rid of Google Re-Captcha. Currently it's still present in 1 or 2 places but it will be removed very soon …
Thanks for your answer! Then I can remove the ugly hint in the german Arch Linux article.
-
@wernerfp Furthermore, strict privacy enforcing client setting with selective JS / resource access, randomization/change of user agent string and canvas protection often leads Google to assume automated systems and completely deny access for at least limited time. I am not sure if all website owners employing ReCAPTCHA are aware of these limitations.
-
@gwen-dragon Yes! Just another reason for developers to be looking for alternatives.
-
Not only for privacy a captcha must be OpenSource.
According to my point of view, the problem lies in finding a system that is, on the one hand, bots-proof, which rules out traditional systems of identifying distorted letters, easily surmountable by bots at the moment, but on the other hand, it is easy enough to handle them. people with visual and motor disabilities.
Or failing that, look for another system to avoid spambot entry, which currently represent a problem for many pages, which is not small.
Turing Test? -
@catweazle said in Google reCAPTCHA and Vivaldi Privacy Policy:
Turing Test?
CAPTCHA = Completely Automated Public Turing test to tell Computers and Humans Apart ...
As far as I know, we still don't have a reliable turing test. Either it's too easy for the computer or too hard for people.
-
I think that any and all captchas will soon be solvable by programs, especially if they get popular enough. Not much point in investing time in developing systems for this purpose.
-
@luetage Exactly. The only effect then will be to annoy humans and possibly deny access to "legitimate" users.
Oh, and contribute to Google's business efforts without return and for free in case of ReCAPTCHA...
-
Another possibility is to dispense with a captcha with a Honeypot method, it consists in creating in the registration field an invisible field for a human, but not for a bot. That is, if this invisible field is filled in, access is blocked.
https://jennamolby.com/how-to-prevent-form-spam-by-using-the-honeypot-technique/
-
I just solved 15 captchas in a row (and I got 4 times confirmation that I was set) and still this topic would not load, so I had to deactivate my proxy to make it work. This is just broken, please fix it and find a way to make the forums accessible from the tor network.
Since Vivaldi tries to break free from google, it should also make its forums independent from this shit. -
@Gwen-Dragon I did in February 2018. Please see VB-37935