| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by nukeop 2631 days ago

The more websites use Google's "captcha", the more pointless it is to resist fingerprinting. And since that "captcha" is built into Cloudflare's "spam protection", it blocks you from half of the internet already.

Why the scare quotes? Because the purpose of recaptcha isn't to tell humans from bots, it's to punish users who do not wish to be tracked by giving them an endless stream of challenges to solve no matter if they keep getting them right or wrong. It is especially obvious when they intentionally delay the loading of subsequent images if you have too many privacy features enabled, because it does nothing to prevent bots from solving them. It's grouped into several tiers, depending on the amount of frustration they want to generate:

1. Invisible captcha - you have Chrome, you're logged into a Google account, your advertising ID has a profile full of useful data. You go in with no hassle.

2. 1 click - maybe you're on a new IP or a new device, but you're logged into a Google account and use Chrome. Click the checkbox and that's it.

3. Regular captcha - You're not logged in but you don't use any privacy enhancements, so through a combination of fingerprinting, cookies, and other tracking techniques you're uniquely identified anyway. You get 9 images, select 2 or 3 of them and you're good to go.

4. Annoying captcha - you're blocking third party cookies, you're not on Chrome, looks like you're not being a good cog in the machine. You get a captcha with 9 squares that load more images, or you have to "select squares containing X", and you get 2-5 of these in a row.

5. Infuriating captcha - you're blocking third party trackers, cookies, all other storage methods, you block or mitigate canvas fingerprinting, you're behind a VPN, your fingerprint is not recognized, there's no data in your profile. Google won't squeeze a cent out of you, so you don't get to use the internet. You're getting an endless stream of slowly loading squares, or 5-7 objects to recognize. Even if you do all of them correctly, it won't let you in. Maybe after 4-8 cycles, but that will still waste ~10 minutes per try. You're barred from any website that links to reCaptcha.

These days websites using it are for all purposes dead to me. I can't visit them and I won't waste my time clicking their images or selecting squares or whatever.