reCAPTCHA now blocking privacy protective browsers
Posting from a substitute account off a Live OS due to not being able to log into my own account anymore.
reCAPTCHA, a Google service, will now refuse to take you through the sign-in process if you're using a more privacy-minded browser with tracking protection measures.
I tried to sign in today like I normally do using Pale Moon, a Firefox fork, and am greeted with this "lovely" message.
"Please upgrade to a supported browser to get a reCAPTCHA challenge."
What are these "supported browsers"?
https://support.google.com/recaptcha#6223828
Browser requirements for reCAPTCHAWe support the two most recent major versions of the following:
desktop (Window, Linux, Mac)
Chrome
Firefox
Safari
IE / Edge
mobile
Chrome
Safari
Andriod native browser (4.0+)
No mentions of browsers like Brave or Vivaldi, i.e. those that have the deceny to not be constantly tracking you and phoning home. Also, note the line "two most recent major versions." They are demanding that not only you use the more spyware ridden browsers, but also demanding that you accept whatever forced updates come with those browsers, including whatever settings tampering and additional spyware comes with those updates. If you try to foil their constant tracking with a browser or add-ons they don't approve of, they will deny you access to your accounts.
This is absolutely unacceptable. ESPECIALLY for a site like iwara, which has a sizable population of users from countries like China and South Korea, where they risk imprisonment if they are caught accessing a site like this. As well as Japanese artists who do not wish to be forced to censor their works.
Already you have another topic complaining about the reCAPTCHA. The message is clear. The reCAPTCHA has got to go.
The type captcha is a worse version {type what you see code} It always goes nutty and says cant find captcha site error.
What are you going on about? Are you seriously trying to argue that a critical part of the site being this broken for some users is perfectly fine because some other kinds of captchas also don't work?
Screencap transferred from my other machine. This is what I now encounter every single time since this afternoon.
I think you're being paranoid in classifying Firefox as a "spyware-ridden browser".
What I tried saying is the other captchas can be worse thats all. I dont like any of those codes myself but the Admin thinks its Necessary to keep bots out of the site.
What, specifically, are his concerns regarding bots? Is he worried about spam causing server load issues? Good flood detection and limits on how much posting new accounts can do within a time period accomplish the same goal. Is it advertising, someone uploading gore or other such things? Just have a proper flagging system in place and enough volunteers on duty to handle to get rid of it when it crops up.
Also, it's worth mentioning that captchas can only stop the low hanging fruit among spammers. If a spammer is truly dedicated, he can simply fill out the captchas himself in the bot's stead and proceed as normal.
HAHAHAHAHAHA
Straight from the horse's mouth: https://www.mozilla.org/en-US/privacy/
And for our asian firends, there's this little gem:
You can confirm this for yourself. Type about:config in a new tab and look at how many URLs you see. Search "google" or "facebook" and you'll be disgusted at just how much spying there is in Firefox. And that's not even going into other things like Pocket or EMEs, or how often users have reported changes they made to their settings being reverted after yet another forced update.
Modern day mainline Firefox is every bit as rubbish and bullshit infested as all of the other big players.
I just installed Pale Moon and reCaptcha works fine. Stop blocking javascript you autismo neckbeard, it isn't going to hurt you.
Also I knew that Alex Jones had been censored from a lot of the internet, never knew that he would make Iwara his final stand
...yeah they learn whether or not your browser is up do date. Seriously dude, Firefox is open source. Anyone can go and check what the code actually does. It would take a worldwide conspiracy involving the entire Free and Open Source community for Firefox to phone home.
Confimed, reCaptcha is shafting Pale Moon. Can no longer login. For me, nothing happens on click. After second click, captcha says "something went wrong" and tells me to reload the page.
Edit: works now. Never happened before, interesting moment it chose ^_^
@Awaclus Nobody check open source code except hackers. It's literally billion eyes and NOBODY looking. If you have genuine information stating otherwise (someone you know actually studies open source code and tries to find problems with it), I stand corrected. Just don't live in convenient fantasies, ok?
While I agree that Firefox is becoming more and more like Chrome, there's always Waterfox that do the hard work for you and ship without Pocket and all the other telemetry they've added.
However, in your case it's probably just a user agent check since Pale moon is like 20 versions behind Firefox, get an add-on to change it for the Google domains and it should start working again.
>Also I knew that Alex Jones had been censored from a lot of the internet, never knew that he would make Iwara his final stand
was going to say something in the lines of this issue is not fixable by average joes using different software, but this broke me in laughter
There's a reason why this exists my good friend, it's to prevent bot accounts from getting into the website and doing shit that can harm the website. So take the tinfoil hat off and bite the bullet.
Ever heard of bot makers. The New ones make bots that can by pass captcha code thank god the dumb asses dont know of them or how to use them. Make security measures and some Asshole hackers find a defect in the code and we all get fucked.
Just as I had finished up with this write-up I had noticed that you had switched to keycaptcha instead. While I suppose what I'm about to post isn't quite as revelant now, there's still important information here that I feel like people here should be informed about, and I don't want it to go to waste. Consider this information in the event of a reversion, I suppose.
Original write-up below:
Awful lot of folks willing to defend reCAPTCHA and Firefox cropping up here. Perhaps I didn't make my case clear enough.
reCAPTCHA uses techniques that can be used to fingerprint and deanonymize users.
http://qnimate.com/how-does-googles-no-captcha-recaptcha-work/
Bolded items in the quote are all factors that can be used to differentiate between different individuals and narrow down who you are. Furthermore, the general behavior analysis techniques can only be performed using javascript techniques, and said techniques likely come with other measures to further fingerprint the user. Google makes its money through collecting and selling information, so they have every incentive to do so.
From another section of the article:
And there you go. The reCAPTCHA system constantly calls back to a database on its servers and stores the data it processed about your machine and your habits. If you constantly have to click through the crap in reCAPTCHAs you're probably still somewhat anonymized. But if you never have to go through that hassle, it means that Google has definitely isolated you and has your unique fingerprint in their databases.
reCAPTCHA is not as foolproof as you may think, and has already been cracked on more than one occasion.
https://threatpost.com/googles-recaptcha-cracked-again/128690/
reCAPTCHA has already been broken by bots more than once, and it will certainly be broken more times in the future.
But, as I already said, a truly determined spammer can simply employ human assistance to clear the reCAPTCHAs so the bots can get back to business.
https://anti-captcha.com/
This is just one such example of a reCAPTCHA task force for hire.
I ask again, what are the specific concerns regarding bots, and are these issues that cannot be resolved with other measures like flood detection, limited posting for new accounts, and a proper flagging system? That last one especially, as iwara is the only site I can recall being on that did not have any sort of report function integrated into its interface whatsoever.
And as for those claiming not to worry about Firefox phoning home, here is yet another example circa late 2017:
https://www.reddit.com/comments/73t2py
If you read through the thread it clearly shows that the data sent back to their servers (IP address, OS, CPU) is more than enough to identify individual users (Related link from the same thread: https://www.emptywheel.net/2017/09/30/why-did-google-miss-a-lot-of-users...). Furthermore, these requests are sent via plaintext, which means that they can easily be MitMed by and spying agency. And even though they claim that these logs are only kept a maximum of two weeks, there's also the case of this US law:
https://en.wikipedia.org/wiki/Cybersecurity_Information_Sharing_Act
Which basically shields any U.S. based tech company or site from any liability in sharing information with these spying agencies. And even though as written the law states that they are not allowed to share info that is "personally identifiable" in most cases, Mozilla itself claims that this information is not personally identifiable. So they have a legal shield which allows them to collect the telemetry data that can identify users, pass it off to TLAs, delete the data afterward, and not be required to disclose this to anyone.
I realize that I sound like a paranoid lunatic to the uninitiated. But again, as I alluded to my opening post, I'm not as worried about some spook coming after me as I am about something happening to some of the creators here. Anyone remember this lunacy that went through earlier this year?
https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act...
Consider the possibility that this law could be used to enter an agreement with an asian country like Japan, China, or South Korea. And consider that any of those countries afterward could start a legal crackdown against uncensored works in the former case, or R18 content in general in the latter two.
And if you remember one detail from this rant, remember this, because this is ultimate the main thing I'm trying to warn you about.
Even though iwara itself has said that they won't cooperate with agencies trying to go after these artists, Google and their reCAPTCHA are NOT iwara. Google can, via the legal mechanism of the CLOUD act, potentially use the information it collects via reCAPTCHA to help foriegn law enforcement agencies locate and identify artists here who are subject to unjust laws.
THAT is ultimately why we need to be rid of the reCAPTCHA as soon as we are able. I've already seen multiple eastern artists here who either started self-censoring later on with their works, wiped their uploads and reuploaded with mosaics, or simply hit the panic button and wiped everything altogether. Iwara itself has already been strongarmed into self-censoring due to a third-party once before. Do you really think there's no possibility they use the profiling data from reCAPTCHA to strongarm iwara and its owners and operators in the future?
The sooner we ditch the reCAPTCHA, the better.
Hackers, security experts, people who work on the code (e.g. for forks), people who work on other code that has to be compatible, and random people who just happen to care. You could check the source code yourself if you wanted.
No shit, sherlock. If you're downloading any software from anyone's server, they know your IP address, OS and CPU 100% of the time because they need to know your IP address in order to send the data over, and they can figure out your OS and CPU architecture based on what version of the software you downloaded.
Is key captcha working out better?
As i know it after it add this annoying thing I cannot save my cookies any more , everytime I go in here I need to login every times
It's working out better for anyone interested in their privacy. The fact that it doesn't track you (remember you next time) speaks for itself.
Accessing sites like Iwara is actually not illegal in China, I think. I never heard anyone arrested simply for that. Who f*ching cares about that. It may be worse to be caught by your parents than a policeman when you are watching porns.
But spreading R18 pics or videos is illegal, that really makes you imprisoned.
too much tinfoil here...