> this setting causes problems with google captcha - the number of challenges that you will need to solve will drastically increase

No kidding. I'm talking about ~30-40 clicks (1 click per task in the captcha grid)

not to mention when google puts you in captcha-hell-ban.

often, after a few difficult ones, I realize I get stuck into the same 20 challenges. over and over. no matter if I get them rigth or not. We do run all browser in the office with figerprint protection on and run non-exit-tor-nodes in all offices. But those are hardly excuses.

The hell bans happens more often on firefox for android, but I guess that is what you can expect when you go against goliath.

It's literally google censoring me from talking (and sometimes reading) random sites on the web

And it's going to get worse if this whole "privacy" thing catches on. Google is an advertising company which does adtech, and adtech is inherently about tracking and profiling people. Anyone who messes with that is actively costing Google money, and Google will... you know... stop them from doing that, whether subtly or overtly. There's nothing else they can really do, and "congressional hearings" and "calls for reform" won't change that fundamental fact.

I've had this happen frequently because my configuration really aggressively blocks this stuff. It's bad enough that I have a separate browser (Gnome Web aka Epiphany) just for logging into and using sites that have Captcha, like Pocket and Bandcamp, and I do everything else in Firefox. Captcha is horrible. I understand why sites use it, but putting a Google-wall in front of your content is a very bad idea.

The problem is not the wall itself, but that Google uses it’s de-facto monopoly position to enforce tracking.

Plus creating image recognition training data for them. I am not interested in working for Google. Not paid, let alone for free.

Never thought about it from that perspective before

I have fingerprinting off too in firefox, and a lot times I now just ignore sites using captcha.

No, it’s the site owner choosing to outsource their decisions about gatekeeping a private site to Google. Google isn’t censoring you via CAPTCHA, the site owner is.

That is only true as far as the site owner knows of and understands the consequences of their actions. I would be extremely surprised if more than 10% of their users understand this. Whether they care is a whole other matter, but this is very likely ignorance rather than malice on the part of site owners.

I can understand why site owners resort to such services. They need a a strong CAPTCHA system. The problem is really Google for abusing it.

Lol sure, and “guns don’t kill people; people kill people”

Why can't they just allow the user to whitelist recaptcha?

The people who're trying to avoid being fingerprinted are probably thinking of Google when they decided to go down this path.

I'm willing to go through extensive captcha cycles if that's the cost of retaining some anonymity.

I installed uMatrix a while back to recover some anonymity and it worked at first, my Captcha load spiked significantly which was a great indication that I'd succeeded but it has dropped over time. I guess I'm gradually being fingerprinted again.

Google's captcha tests are my litmus paper test that what I'm doing is effective.

At this point can I just pay for a certificate or something?

Like for $1 give me a certificate that I can use to say "I'm not a spammer" and I can anonymously buy as many certificates as I want.

And then if a certificate is used by a spammer it becomes invalid. Seems like it's expensive enough to be worth using for existing spammers but let normal people pay a $1 every year or two to not have to deal with captchas.

Fingerprinting is designed to generate a unique identifier to track you.

Certificates would be an even more accurate unique ID over what fingerprinting could provide

> and I can anonymously buy as many certificates as I want

Do you really think that statistically noticeable numbers of people would do that and have perfect opsec preventing those perfect unique identifiers from being linked? I mean, even software developers tend to whine about paying $5 for an app which has far more immediate rewards.

Even just proof that 5c worth of crypto or something was burned would would a good alternative. Let the site/app designer work out how often it needs to happen (maybe just the first few times if they're new) to stop spam and not cost honest users much

This seems like a very cheap way to make spam look legitimate at least for a while. It now costs me $1 more to spam until I get caught and banned. But until that point I don't have to worry about any kind of filter, I'm a legitimate user.

It would be more interesting, to me, to see Google support something like CloudFlare's Privacy Pass. https://support.cloudflare.com/hc/en-us/articles/11500199265... Though it seems unlikely they would want to?

(Though I don't know a lot about and would be interested to hear criticisms of it.)

They would have probably supported it when CAPTCHAs were still about digitizing books. Now that they've turned everyone into unwilling trainers for their visual machine learning they'll never do it.

Yeah I use multiple browsers. One that is completely locked down and one for CAPTCHA. The internet is hostile to anonymity.

This is why I immediately close any page with google's captcha.

Even without resistFingerprinting Firefox takes some steps, like reducing the precision on event timestamps. But the most effective measures won't become standard anytime soon because of recaptcha.

0: https://developer.mozilla.org/en-US/docs/Web/API/Event/timeS...

I would have thought that had more to do with Meltdown

Not to mention that it renders websites that display dates and times inaccurate due to reporting your time zone as UTC. Chat programs, web mail, web calendars all become unusable for me.

If it becomes the default Google can’t get away with bullying people using recaptcha.