Skip Navigation

I'm convinced Google uses its reCAPTCHA to promote Chrome

I use Firefox and Firefox Mobile on the desktop and Android respectively, Chromium with Bromite patches on Android, and infrequently Brave on the desktop to get to sites that only work properly with Chromium (more and more often - another whole separate can of worms too, this...) And I always pay attention to disable google.com and gstatic.com in NoScript and uBlock Origin whenever possible.

I noticed something quite striking: when I hit sites that use those hateful captchas from Google - aka "reCAPTCHA" that I know are from Google because they force me to temporarily reenable google.com and gstatic.com - statistically, Google quite consistently marks the captcha as passed with the green checkmark without even asking me to identify fire hydrants or bicycles once, or perhaps once but the test passes even if I purposedly don't select certain images, and almost never serves me those especially heinous "rolling captchas" that keep coming up with more and more images to identify or not as you click on them until it apparently has annoyed you enough and lets you through.

When I use Firefox however, the captchas never pass without at least one test, sometimes several in a row, and very often rolling captchas. And if I purposedly don't select certain images for the sake of experimentation, the captchas keep on coming and coming and coming forever - and if I keep doing it long enough, they plain never stop and the site become impossible to access.

Only with Firefox. Never with Chromium-based browsers.

I've been experimenting with this informally for months now and it's quite clear to me that Google has a dark pattern in place with its reCAPTCHA system to make Chrome and Chromium-based browsers the path of least resistance.

It's really disgusting...

73 comments
  • The thing that annoys me so much is why every damn website has to depend on gOoGle scripts to function. E.g : most of website depend on googleapis or ajax.googleapis. why don't you just stop hotlinking everything to 3rd party shits. This is basically spread Google's domination on web. Remember, those 3rd party libraries are not Free. They take visitors data and make you dependent on their services. So Google has become the gatekeeper of many websites.

    I have a website and I coded everything by hands. No 3rd party JavaScript and other 3rd party BS. It makes my website run so damn fast

    • What you’re referring to is in fact Google Analytics which allows a lot of app to collect intrusive insights on their customers.

      If you want to create an app today, you will use JS, Lemmy uses it, everyone uses it. It’s not dominated by Google, it’s just the standard for building web app today!

      • I am not against JavaScript. I sometimes use JavaScript and I don't see the wrongs in that. What I am concerned is why so many websites use 3rd party JavaScript. This is disgusting because you sell your visitors out. Besides you can't control the content of 3rd party scripts and most of them sell your data and spy on you.

  • Google's ReCaptcha in version 3 works in the background. Instead of displaying images of crosswalks and such, it uses a kind of risk score. This risk score is based on user behavior: If someone has behaved like a human in the past and thus gets a low risk score, the captcha is passed without you having to do anything or even seeing it.

    I assume that Google uses data from it's own services, web analytics applications and usage data from Andoird devices and Chrome for this. Of course, this is not without its privacy issues but it's convenient.

    • So, if I want to access a website, google has to collect a record about me, and only if the fucking company approve my past behavior I can access the site. Of course if I don't have any past records I can't (easily?) access the website. Simply awesome.

      • Yes, pretty much. But unlike Cloudflare DDos Protection and such Google ReCaptcha is mainly used to secure forms of all kinds (e. g. signup, login, contact or frontend posting forms).

    • Google’s ReCaptcha in version 3 works in the background. Instead of displaying images of crosswalks and such, it uses a kind of risk score.

      This doesn't factor in in my case: I only enable Google scripts to pass the reCAPTCHA. They are not enabled before or after, either on Firefox or Chromium. So in theory, regardless of the browser, Google should have no way ot tracking my behavior in the background - or if they do, the amount of tracking should be identical.

  • That's weird, I use Waterfox and I occasionally get to do some kind of "puzzle", but other times I just need to click the reCaptcha and it will confirm itself (with the green check)

    Ironically, when I use Vivaldi, the captcha doesn't even load, and when it loads, it says it's wrong regardless of the answer I give it, so I'm always locked and that's quite literally the only reason I stopped using Vivaldi.

    On Edge I need to fill in puzzles ALL THE TIME, that's also why I stopped using Edge (apart from the bloatware and the uBlock not working there)

  • I never see them because I do not use google services for anything. However, I am willing to bet they are a way to justify their fingerprinting data used to identify people.

    https://news.gatech.edu/news/2014/04/07/personal-touch-signature-makes-mobile-devices-more-secure

    • I never see them because I do not use google services for anything.

      You don't have to use Google services to get served Google captchas. The sites you want to visit do it for you and foist them on you.

      The reason why you don't see reCAPTCHAs is because you don't have to visit sites that use reCAPTCHAs.

      • There are open source embedded CAPTCHAs. Lemmy has one in the github repo, or linked to one in an issue post IIRC. All of my devices are either on a whitelist firewall, or have google blacklisted. I haven't even had a prompt for a CAPATCHA in years. It is like sites with cookies or popups, I consider these things to indicate broken websites and leave immediately. If I care for the content I'll find an archived version of the site elsewhere. I set my own expectations, and don't care how that relates to anyone else's.

  • I read that the "level of annoyance" (phrasing mine) has to do with your score (i.e. how likely Google thinks you are a bot). And I wouldn't be surprised if using any browser other than ones in their ecosystem reduces your score more.

    Anyway, there are other captcha systems websites could use but choose not to.

    • there are other captcha systems websites could use but choose not to.

      You hit the nail on the head: Google has made itself the de-facto default for many web services, so that it takes extra effort to go with a privacy-friendly alternative. That's what makes Google so dangerous: it's their customers who make them unavoidable, be it for reCAPTCHA, fonts, basic Javascript, login, analytics, maps... the list is endless.

73 comments