Block reCaptcha?

greybeard

@PrivacyMatters I don't recall ever getting a captcha or reCaptcha on any Vivaldi site. Perhaps they know what an angel I am (Not).
I do get them on various other sites though.

jamesbeardmore

@PrivacyMatters I share your frustration at this spyware too. But just to reiterate what others are saying, I don't recall ever seeing a reCaptcha on Vivaldi's sites.

Normally, I am confronted with multiple repeat reCaptchas on every single site that makes use of them. This is caused by blocking fingerprinting measures and other tracking technologies such as 3rd party cookies and referer headers. To most web sites, it will look like I have landed directly on the page I'm viewing, out of nowhere, and have no tracking history and a browser fingerprint that's completely unique to that page, although bizarrely very similar to the TOR browser. Of course they will think I'm a bot. But I have never had reCaptchas on Vivaldi's sites.

The trick is to look just human enough to the site, to fly under the radar. It's something I'm starting to get better at. You don't have to allow yourself to be tracked (much). I generally start every session at every site with zero history or cache, and clear it before I navigate elsewhere. I also have multiple browsers, each with multiple profiles, each tuned for specific places/purposes. That's already reducing the tracking much further than the average user. I then carefully select and tune different extensions to further reduce the "within-session" tracking to the minimum I can without completely breaking the site.

reCaptchas annoy the heck out of me because, from my perspective, almost every site on the 'net is broken/infected. But at the same time, I also feel pretty happy at it, because it is probably a good indicator that my privacy-protecting measures are seemingly quite effective! I generally just avoid sites that use them. If a site needs to deploy spyware just to fund their "content", then it probably wasn't worth viewing - and is probably available spyware-free elsewhere anyway. That said, like others here, I use Buster when I simply have to go to an infected site. I often can't actually solve those things myself, so it's a necessity for me.

Some tips I use to reduce web-breakage:

• The "Buster" extension gives me limited success, automatically solving captchas. I find it very useful because I often cannot solve the captcha myself because I am not American. I don't know what a "crosswalk" is, and I don't know what a "hydrant" is supposed to look like, as these are American names for American things. I can't solve the audio version myself because of decades of Judas Priest and Iron Maiden.
• Instead of blocking the "referer" header completely, use an extension such as Trace, or Smart Referer to selectively send referers to sites on the same domain/subdomain. In Firefox, you can do this in "about:config" by setting "xoriginpolicy" to 1 and "xorigintrimmingpolicy" to 2. Extensions might be a little smarter than this hard-and-fast rule, by having whitelists etc. to prevent breakage.
• Extensions such as uBlock origin contain rules that are a little more specific and sophisticated than the built-in blocking contained in browsers such as Vivaldi or Otter, or your hosts file/Pihole. They often contain whitelists too. If you don't mind unblocking the occasional G resource you can reduce the appearance of captchas dramatically without having too much tracking.
• If you use fingerprint protection, try to configure it to retain your fingerprint for a short period of time, instead of generating a new random one every page load. That way, you can reduce tracking across the net but an individual site will hopefully still work out you're human. I find that going everywhere with the TOR browser fingerprint causes a lot less breakage than having a random unique fingerprint on every page load.
• I seem to have had less reCaptchas since I installed the extension "Redirect AMP to HTML", which attempts to always bypass AMP pages wherever possible, and redirect the user to the original page instead. This could just be my imagination/a coincidence though.
• If you use an extension that removes tracking-cruft from URLs and/or blocks ETAG tracking, try to go for a slightly smarter one that has some sort of intelligent logic and whitelisting, instead of a few hardcoded strict rules. Whilst "Trace" contains ETAG blocking and URL cleaning, I find the extension "ClearURLs" to cause the least site-breakage out of any of these sorts of extensions.
• I don't currently use a VPN or the TOR network very often, so this might be the biggest single factor reducing my exposure to captchas. I recommend you try out a few reputable VPNs until you find one whose IP-addresses don't trigger so many captchas.

Please note that not all these extensions/options may be available on Vivaldi. My primary browser is GNU Icecat (a Firefox ESR derivative), and I use Vivaldi mostly to access broken websites.

I hope webmasters start seriously looking into alternatives to captchas, because I don't known how disabled people cope with them. I'm pretty sure they break things like screen-readers. I also resent the fact that a corporation without anyone's best interests at heart other than their own, with a track record that speaks horrifyingly for itself, is being willingly nominated to be the "gatekeeper" of the entire internet.

As a side-note, self-hosted captcha is possible. I'm fairly certain ECHA (European Chemicals Agency) uses a self-hosted one within their online systems.

I hope some of this helps!

Catweazle

@jamesbeardmore said in Block reCaptcha?:

@PrivacyMatters I share your frustration at this spyware too. But just to reiterate what others are saying, I don't recall ever seeing a reCaptcha on Vivaldi's sites.

Normally, I am confronted with multiple repeat reCaptchas on every single site that makes use of them. This is caused by blocking fingerprinting measures and other tracking technologies such as 3rd party cookies and referer headers. To most web sites, it will look like I have landed directly on the page I'm viewing, out of nowhere, and have no tracking history and a browser fingerprint that's completely unique to that page, although bizarrely very similar to the TOR browser. Of course they will think I'm a bot. But I have never had reCaptchas on Vivaldi's sites.

The trick is to look just human enough to the site, to fly under the radar. It's something I'm starting to get better at. You don't have to allow yourself to be tracked (much). I generally start every session at every site with zero history or cache, and clear it before I navigate elsewhere. I also have multiple browsers, each with multiple profiles, each tuned for specific places/purposes. That's already reducing the tracking much further than the average user. I then carefully select and tune different extensions to further reduce the "within-session" tracking to the minimum I can without completely breaking the site.

reCaptchas annoy the heck out of me because, from my perspective, almost every site on the 'net is broken/infected. But at the same time, I also feel pretty happy at it, because it is probably a good indicator that my privacy-protecting measures are seemingly quite effective! I generally just avoid sites that use them. If a site needs to deploy spyware just to fund their "content", then it probably wasn't worth viewing - and is probably available spyware-free elsewhere anyway. That said, like others here, I use Buster when I simply have to go to an infected site. I often can't actually solve those things myself, so it's a necessity for me.

Some tips I use to reduce web-breakage:

• The "Buster" extension gives me limited success, automatically solving captchas. I find it very useful because I often cannot solve the captcha myself because I am not American. I don't know what a "crosswalk" is, and I don't know what a "hydrant" is supposed to look like, as these are American names for American things. I can't solve the audio version myself because of decades of Judas Priest and Iron Maiden.
• Instead of blocking the "referer" header completely, use an extension such as Trace, or Smart Referer to selectively send referers to sites on the same domain/subdomain. In Firefox, you can do this in "about:config" by setting "xoriginpolicy" to 1 and "xorigintrimmingpolicy" to 2. Extensions might be a little smarter than this hard-and-fast rule, by having whitelists etc. to prevent breakage.
• Extensions such as uBlock origin contain rules that are a little more specific and sophisticated than the built-in blocking contained in browsers such as Vivaldi or Otter, or your hosts file/Pihole. They often contain whitelists too. If you don't mind unblocking the occasional G resource you can reduce the appearance of captchas dramatically without having too much tracking.
• If you use fingerprint protection, try to configure it to retain your fingerprint for a short period of time, instead of generating a new random one every page load. That way, you can reduce tracking across the net but an individual site will hopefully still work out you're human. I find that going everywhere with the TOR browser fingerprint causes a lot less breakage than having a random unique fingerprint on every page load.
• I seem to have had less reCaptchas since I installed the extension "Redirect AMP to HTML", which attempts to always bypass AMP pages wherever possible, and redirect the user to the original page instead. This could just be my imagination/a coincidence though.
• If you use an extension that removes tracking-cruft from URLs and/or blocks ETAG tracking, try to go for a slightly smarter one that has some sort of intelligent logic and whitelisting, instead of a few hardcoded strict rules. Whilst "Trace" contains ETAG blocking and URL cleaning, I find the extension "ClearURLs" to cause the least site-breakage out of any of these sorts of extensions.
• I don't currently use a VPN or the TOR network very often, so this might be the biggest single factor reducing my exposure to captchas. I recommend you try out a few reputable VPNs until you find one whose IP-addresses don't trigger so many captchas.

Please note that not all these extensions/options may be available on Vivaldi. My primary browser is GNU Icecat (a Firefox ESR derivative), and I use Vivaldi mostly to access broken websites.

I hope webmasters start seriously looking into alternatives to captchas, because I don't known how disabled people cope with them. I'm pretty sure they break things like screen-readers. I also resent the fact that a corporation without anyone's best interests at heart other than their own, with a track record that speaks horrifyingly for itself, is being willingly nominated to be the "gatekeeper" of the entire internet.

As a side-note, self-hosted captcha is possible. I'm fairly certain ECHA (European Chemicals Agency) uses a self-hosted one within their online systems.

I hope some of this helps!

I would also add that Buster is a clear sign that the reCaptcha is not used to protect against bots, just like with old captchas that many advanced OCR can decrypt better than many users. This makes the captcha system useless as a security system. I think companies are only left with reCaptchas as a tracking system.Luckily there are quite a few methods. to show them the ugly finger, blocking trackers, randomizing fingerprints, offering invented data (CyDec, Trace, etc.), although you cannot exceed a certain limit with this, if we do not want that the visualization of certain pages becomes impossible.
With all CyDec filters activated, in YT for example you will only see a black screen, in these cases it is offered to use private YT clients, such as Invidious or Echoes Player, which are placed between YT and the user, thus avoiding tracking.

Steffie

@Komposten said in Block reCaptcha?:

Google reCaptcha really needs to be dethroned by a more privacy-aware and not too intrusive approach

Eg this one

https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service

I wish this was something that motivated users could proactively do themselves, rather than instead passively wait in hope for a majority of web-devs / site maintainers to place ethics over commerce & coercion.

Also, like others have said, the V forum has no reCAPTCHA that i've ever experienced.

Catweazle

Another Forum has this very interesting captcha, https://i.imgur.com/Mu0rdCU.png where you have to put different photos of animals, cars and other things in the corresponding boxes.

Key Captcha also has another solving a Jigsaw puzzle

https://www.keycaptcha.com

Catweazle

@Gwen-Dragon , also Touchpad, at least the first one.
Anyway I think the Captchas systems are obsolete. Sooner or later any bot can solve them the same, as happens with Google's re-captcha (see Buster).
I remember a forum where they just waited an hour or more to send the confirmation of new registrations. This largely avoided not only bots, but also common spammers, since they always use temporary emails that expire after half an hour by far.
Another method against bots is the Honeypot methods, which can be implemented even with a simple script, although these only work against bots (for now). All this, without privacy problems.