 | danShumway on June 27, 2019 | next [–] With Firefox fingerprint resisting turned on and with Ublock Origin/UMatrix, I get a score of 0.1. And I'm not even on a VPN; I'm sure on my home network I'd have an even lower score. To me, it feels like Google's entire strategy behind reCaptcha is to make it harder to protect your privacy. We've basically given up on the idea that there are tasks only humans can do, and to me V3 feels like Google openly saying, "You know how we can prove you're not a robot? Because we literally know exactly who you are." I don't even know if it should be called a captcha -- it feels like it's just identity verification. I don't think this is an acceptable tradeoff. I know that when reCaptcha shows up on HN there's often a crowd that says, "but how else can we block bots?" I'm gonna draw a personal line in the sand and say that I think protecting privacy is more important than stopping bots. If your website can't stop bots without violating my privacy, then I'm starting to feel like I might be on the bots' side. |
|
| dbtx on June 27, 2019 | parent | next [–] > it feels like Google's entire strategy behind reCaptcha is to make it harder to protect your privacy For the irony, I'm still logged into GMail and it still works perfectly, as basic HTML, even with google.com forbidden to run scripts. But it's the flippin' reCaptchas all over the place that make me temp-allow google.com, and then a reload later, temp-allow gstatic.com and reload again. Only then I get to use someone else's site normally, and I can disallow again... it's irritating. And then, this. BTW that page plainly says the scores are samples and not related to reality. Refresh a few times and watch it change. 0.3, 0.7, and 0.9 seem to be my lucky numbers. I see everyone else getting those and 0.1. Please stop reading things into it oh it's too late. Maybe they suddenly started seeing this page hundreds of times in the referrer and added that bit afterward, I don't know. |
|
| danShumway on June 27, 2019 | root | parent | next [–] Dunno if it's changed recently or if I just didn't refresh enough before, but I'm now seeing basically random numbers as well. If anyone wants a fun weekend project, I would love for there to be a few public sites I can reliably check my production score on. I'm not sure it matters though, since I'm just ignoring most sites that use reCaptcha now. For sites I can't ignore, I've taken to emailing them with my requests instead -- recently I tried to use Spotify's internal data export tool and it wouldn't let me past. If you're not going to let me use a website to manage my existing account, then your support team can do it for me. |
|
| dennisgorelik on June 28, 2019 | root | parent | prev | next [–] I see 0.9 I loaded https://recaptcha-demo.appspot.com/recaptcha-v3-request-scor.... several times and the score did NOT change. |
|
| fasicle on June 27, 2019 | parent | prev | next [–] Not sure how much Ublock Origin makes a difference. I have a score of 0.9 with it turned on. |
|
| asdff on June 27, 2019 | root | parent | next [–] I think this score is fishy. Ran the test three times and got three different scores. |
|
| ravenstine on June 27, 2019 | root | parent | next [–] I get the exact same score no matter what browser I use, despite uBlock Origin & Privacy Badger & Decentraleyes, even in private mode and with a VPN connection from a country I normally don't use. Hmmmmm... |
|
| megous on June 27, 2019 | root | parent | prev | next [–] When I just keep reloading, I get either 0.9 or 0.1. I get 0.1 more often. Interesting. Maybe some browser extension can monitor the score and tell me what it currently is on each page load, when reCaptcha is used on some website. I'd just keep reloading, until it's good, and then try the captcha. |
|
| xbkingx on June 27, 2019 | root | parent | prev | next [–] Same. FF dev, uBlock, Decentraleyes Changing the FF content policy from Standard to Strict appears to have no impact on the score. Opening in a Private window drops it to 0.7 for me. I have a bunch of add ons allowed in Private Browsing, so not surprised it only dropped a little. Of course, if you have 3rd party frames and scripts disabled globally via uBlock, it doesn't even load. |
|
| eikenberry on June 27, 2019 | root | parent | prev | next [–] Ublock Origin + NoScript on FF 60.7.2esr and got 0.9 as well. [edit] tried in a private window and got the same score. |
|
| nprateem on June 27, 2019 | root | parent | next [–] Does it change if you set privacy.resistFingerprinting=true in about:config? |
|
| alteria on June 27, 2019 | root | parent | next [–] FF private window + UBlock + Resist Fingerprinting = 0.1 for me In my main FF window with UBlock + Resist Fingerprinting, logged into a ton of Google accounts, I also got 0.1 Going to guess that without fingerprinting data they are probably going to give you a 0.1. |
|
| eikenberry on June 27, 2019 | root | parent | prev | next [–] Do you need to restart FF with that? After setting it to true and using a private window, FF still registers a score of 0.9. |
|
| Vektorweg on June 28, 2019 | parent | prev | next [–] First try in Vivaldi's private mode got me still a 0.3 . Then I tested it while being logged into Google and it went to 0.9 . However, when I tried it again in private mode, I got 0.9 there too. Temporary fingerprints show quite the effect. |
|
| OrgNet on June 27, 2019 | parent | prev | next [–] I also get 0.1 with the same config as you, except that I had uMatrix disabled (which if anything, should improve the score in Google's eyes)... so why are they having you solve image puzzles if they know that they are going to fail you? even if they know that you are human... |
|
| lrem on June 28, 2019 | parent | prev | next [–] Firefox Focus, 0.3. You seem to have triggered something outright penalising. |
|
| skybrian on June 27, 2019 | parent | prev | next [–] It seems totally reasonable that Google knows you're not a bot if you have a Google account. This isn't the problem, although it hides the problem. The problem is that they aren't trying harder for users who aren't logged in. |
|
| nothis on June 27, 2019 | parent | prev | next [–] I’m just waiting for the AI-generates fake people and whatever way they will come up to monetize that! |
|
| diminoten on June 27, 2019 | parent | prev | next [–] Your privacy isn't nearly as important as you think, and as long as you continue to overvalue it, you'll continue to be unwilling to trade it for convenience. That's on you, not Google. |
|
| ronjouch on June 27, 2019 | prev | next [–] Using Firefox with uBlock and Cookie-Autodelete I get 0.1 Using Chrome, even incognito and with uBlock I get 0.7 (╯°□°)╯︵ ┻━┻. F you, Google, this is blatant bullying, technically unjustifyable abuse of your stranglehold over the whole web platform. |
|
| rbobrowicz on June 27, 2019 | parent | next [–] To offer a different datapoint: On FireFox with uBlock on and logged into my corporate gmail I get 0.9, switching to a private tab I get 0.7. This is with every privacy setting turned on in the FF options. |
|
| dvaun on June 27, 2019 | root | parent | next [–] I also have a similar result (0.7) using my browser at work. I am using containers, uBlock, privacy badger and auto-delete cookies. |
|
| llao on June 27, 2019 | prev | next [–] > NOTE:This is a sample implementation, the score returned here is not a reflection on your Google account or type of traffic. |
|
| josteink on June 27, 2019 | parent | next [–] This comment should probably be higher up in the thread. |
|
| on_and_off on June 27, 2019 | root | parent | next [–] It is both funny and sad to read this thread. |
|
| Loulybob on June 27, 2019 | prev | next [–] Using chrome on my phone I get 0.9, but if I switch to Firefox I get 0.1. This is essentially going to let Google gatekeep the web if you aren't using their services. |
|
| Fogest on June 27, 2019 | parent | next [–] Really? I don't think so. I get a 0.9 on Google Chrome, and a 0.7 on Firefox. I heavily use Chrome and I have not used Firefox apart from maybe testing some local websites. Despite this I still got 0.7 on there. I expected lower since I don't use the browser. |
|
| Drdrdrq on June 27, 2019 | root | parent | next [–] On a flip side: you really should check privacy settings in your Firefox, it seems Google can track you easily there. ;) |
|
| world2vec on June 27, 2019 | root | parent | next [–] I use Firefox with Google container and uBlock Origin and Privacy Badger and also get a score of 0.7 How can I get better privacy settings? |
|
| Drdrdrq on June 28, 2019 | root | parent | next [–] I was being sarcastic - high score on captcha probably means G knows too much about you. That said, I don't think the scores are reliable. It is possible (probable even) that G is still running experiments. |
|
| ssl232 on June 27, 2019 | prev | next [–] I get 0.1 continuously, possibly because I have resist fingerprinting enabled in Firefox. I'm not changing anything to compensate that score; it shows I must be doing something right. If I encounter a reCAPTCHA I will continue to (usually) just leave the site it's on. |
|
| pbhjpbhj on June 27, 2019 | parent | next [–] Same, the way to look at a low score is "I'm getting privacy right". |
|
| shawnz on June 27, 2019 | prev | next [–] Contrary to the results here, using Firefox + uBlock with DNT and tracking protection enabled, I get a score of 0.9. In private browsing mode it's 0.7. I wonder how many people here are using a VPN or accessing from a non-western country -- I'd bet those are much bigger factors |
|
| jedberg on June 27, 2019 | parent | next [–] Were you logged into your Google account? That seems to almost guarantee a .9 |
|
| shawnz on June 27, 2019 | root | parent | next [–] Yes, although not when private browsing of course. |
|
| eswat on June 27, 2019 | prev | next [–] FF logged into Google account: 0.9 FF incognito window not logged into Google account: 0.7 FF incognito window not logged into Google account through VPN: 0.3 FYI I have uBlock, pi-hole and a bunch of privacy widgets enabled |
|
| lucb1e on June 27, 2019 | prev | next [–] This looks like a RNG: I got 0.7, 0.9, and 0.1 successively. It can't make up its mind whether I'm almost certainly not a bot (0.9) or almost certainly a bot (0.1)? |
|
| shawnz on June 27, 2019 | parent | next [–] Perhaps the rapid, repeated identical requests outweighed the initial factors which gave you a positive response |
|
| lucb1e on June 27, 2019 | root | parent | next [–] Might very well be. I also get errors on hacker news about "can't process requests that fast". When asking about it (initially because I thought votes didn't work randomly), the limit is a few requests per second. Turns out I click faster than that, either by reading a whole comment thread and making up my mind whose comments were most helpful (to upvote all at once) or by navigating too fast. |
|
| on_and_off on June 27, 2019 | parent | prev | next [–] from the link >the score returned here is not a reflection on your Google account or type of traffic I got random scores as well. It looks like this is just a sample of the data structure that the service returns, not the actual score. |
|
| lucb1e on June 27, 2019 | root | parent | next [–] That would be a useless site, but that's not how I read it. I understand it as "this is not that Google thinks your account is a bot, it's that this request might be made by a bot. And since you didn't use this site as a normal website, it also doesn't score your type of traffic, just this one request". You might be right, but it really does seem to be doing a request to their API. |
|
| on_and_off on June 27, 2019 | root | parent | next [–] >That would be a useless site looks like it is a demo of the API for people wanting to consume it. knowing what the payload looks like is not useless at all in this case. |
|
| lucb1e on June 29, 2019 | root | parent | next [–] Documenting requests' format and their return values is documentation and doesn't require an interactive site that looks totally real and makes you expect a real (rather than a dummy) answer. Which is not to say it's impossible, but it would be weird/unlikely. Usually when there is an example api request in documentation, it's a real (live) request, too, and this isn't even a documentation page. |
|
| qes on June 27, 2019 | parent | prev | next [–] > This looks like a RNG Come on, how is everyone in this chain so blind. It's literally in bold and the single largest block of content on the page: NOTE:This is a sample implementation, the score returned here is not a reflection on your Google account or type of traffic. In production, refer to the distribution of scores shown in your admin interface and adjust your own threshold accordingly. Do not raise issues regarding the score you see here. |
|
| lucb1e on June 29, 2019 | root | parent | next [–] > Come on, how is everyone in this chain so blind Please see the sibling comments (that were there before yours) where this is already being discussed, before being insulting. |
|
| superasn on June 27, 2019 | prev | next [–] I too got 0.1 even though I'm not on a VPN, and have a stock FF installation with just uBlock addon. I think my ISP may have some part in it but still 0.1 score is 100% bot right? I'm also logged into google and fb which also doesn't affect my score. Only shows how broken their algorithm is :( edit: just tried it with chrome and my score jumped to 0.9! So definitely not my ISP. It's just my browser that Recaptcha doesn't like. If you put two and two together that's really evil shit, even for Google! |
|
| KumarAseem on June 27, 2019 | prev | next [–] I got 0.7 on FF, 0.3 on Opera and Chrome, all in incognito mode. Maybe they have just a few values and return it based on AND OR logic of 2-4 variable. Or maybe they are just playing around trying to gather some stats, for some "Don't be Evil" purpose! |
|
| archy_ on June 27, 2019 | prev | next [–] Google is putting a number on us, is honestly some Minority Report level dystopia. Google is already using this to make life hell for anyone who cares about their privacy, we need to do something about this before they finish putting up their iron curtain over the web. Would it be possible to sue website owners for requiring such invasive measures? I'd love to see this ruled as monopoly power and Google broken up but that's probably not very realistic so we would probably do better to make using Google captchas more expensive in court costs alone than just building their own solutions to fight bots. |
|
| Grue3 on June 27, 2019 | prev | next [–] Work Firefox which I use all the time, no addons (including any adblockers): 0.1 Almost unused Chrome installation, also without addons: 0.7 |
|
| qqii on June 27, 2019 | prev | next [–] Seeing what everyone else has posted I'm very suprised that I've received a 0.3 using Chrome on Android. I'm logged in to Google and most of my browsing is via Chrome or Chrome based webview. At least on my phone I've never cleared my cookies or done anything special. |
|
| nprateem on June 28, 2019 | prev | next [–] This is total bullshit. My score of 0.1 in firefox shoots up to 0.9 if I change my user agent to ChromeOS. No other changes - same set of ghostery/ad blocker/fingerprinting prevention, etc. What a scam. |
|
| sieabahlpark on June 28, 2019 | parent | next [–] Ding ding ding ding, Google's way of killing the other browsers in the market for good, kill off the adblockers manifest, literally become the entity which monitors the internet as much as the NSA... |
|
| del82 on June 27, 2019 | prev | next [–] Oscillates between 0.1 and 0.7 for me, and I'm changing nothing on my end (just hitting "Try again"). Does it have to do with refresh speed, I wonder? Privacy Badger and ABP on my work (less-locked-down) Mac. |
|
| SquareWheel on June 27, 2019 | parent | next [–] Hitting the same URL over and over again is bot-like behaviour. When working with reCaptcha on forms I usually start getting hit after 4-5 test submissions. |
|
| xahrepap on June 27, 2019 | prev | next [–] I get .9 in Firefox on my MBP with UBlock Origin installed. I wondered if it was because I was logged in to Google, so I tried Incognito and got .7. In a never-before-used container I also get .7. |
|
| ixwt on June 27, 2019 | prev | next [–] I get a 0.7 on my computer on Firefox. If I use the same website in Chrome (which is signed into a Google account) I get a 0.9. I guess it's a [0,1] scale? |
|
| benologist on June 27, 2019 | parent | next [–] I'm guessing their a-listers came up with something like this: // TODO: add impressive-looking math if (signedin && trackedEverywhere) { return 0.9 } else { return 0.7 } I think we give Google way too much credit for their talent. This is the same company that didn't feel like finishing their website for two decades and subsequently stole $75 million from their users even when Google knew [1]. The same company that somehow still doesn't reconcile amounts owed and just keeps the money when they randomly-ban users and hide behind fake support emails, but they did feel like paying $11 million to keep that away from scrutiny [2]. [1] https://www.businessinsider.com/google-emails-adtrader-lawsu... [2] https://www.searchenginejournal.com/adsense-lawsuit/248135/ |
|
| asark on June 27, 2019 | root | parent | next [–] Google consistently gives me the impression of a company that (I suppose) has tons of smart people in it, but has badly broken management & incentive structures leading them to constantly do bafflingly stupid stuff at both large and small scales, even by the standards of a bigcorp, to the point that they survive only because they've got one hell of a golden goose. |
|
| stirfrykitty on June 27, 2019 | root | parent | prev | next [–] Good info. Thank you. And in keeping with recent revelations on Google's manipulation of search results, I think they have really gone beyond the pale. I un-archived my old iPhone two days ago and went back to iOS after the James O'Keefe/Project Veritas revelations. I now cannot, in good conscience, use anything Google. I always knew about the tracking and all that because, after all, they are an ad company. I'm now in the process of moving all of my domains over to Fastmail, which I've used since 2002. I'm using Qwant, Startpage, and DDG for search. FF for browser with many about:config tweaks and several add-ons. |
|
| memmcgee on June 27, 2019 | root | parent | next [–] You know Project Veritas is a load of shit right? |
|
| stirfrykitty on June 28, 2019 | root | parent | next [–] Please explain. Even without the revelations from PV, it's patently obvious Google, et al are biased. Anyone can see it. Silicon Valley is a bloody echo chamber. If the videos by PV were not damning in the least, why did 4 different companies take them down and remove the accounts of PV? Sunlight is the very best disinfectant. People have a right to know if searches are being manipulated to one side. |
|
| Twirrim on June 27, 2019 | root | parent | prev | next [–] If I sign out of my google account in Chrome it drops from 0.9 to 0.7. I could have sworn I'd never signed in to Chrome using my google account, but I guess I must have mistakenly signed in to gmail or something. I use FF as my main browser, only ever drop back to Chrome sporadically, or when I really want tabs to be completely isolated (there are some annoyingly CPU/power intensive stuff I do from time to time, and I can just renice Chrome while I get on with other stuff.) |
|
| oil25 on June 27, 2019 | root | parent | next [–] > I could have sworn I'd never signed in to Chrome using my google account, but I guess I must have mistakenly signed in to gmail or something. Chrome 69 tricked users into signing into the browser, myself included - https://lifehacker.com/how-to-disable-chromes-automatic-sign... That was the last straw to uninstall Chrome from all my devices and I've been a happy Firefox user ever since. Well, except now reCAPTCHA hardly ever works. |
|
| lostmyoldone on June 27, 2019 | root | parent | prev | next [–] I believe that's a "feature" they added a while back, auto-signing you into chrome as soon as you was logged into gmail. |
|
| btown on June 27, 2019 | root | parent | prev | next [–] The GP post's IP address or other fingerprint may be validated from other Google properties they might have visited, so I wouldn't put so much stock in the 0.7. Honestly... if it's the same team that did ReCaptcha 2.0, this is a team that pulls out all the stops. Per https://github.com/neuroradiology/InsideReCaptcha ... they implemented a freaking VM in Javascript to obfuscate the code that combines various signals. There's a lot going on here that's likely highly obfuscated and quantized before it's displayed to us. EDIT: non-paywall link for [1] in the parent post: https://outline.com/aA7HS5 |
|
| owaislone on June 27, 2019 | parent | prev | next [–] I get 0.9 on Firefox which is my main browser and 0.7 on Chrome which I use only for hangouts. |
|
| zcid on June 27, 2019 | prev | next [–] So, I still have to whitelist Google in uMatrix and allow cookies for this to work. Even after doing so, I get a 0.1. I reloaded the page to check for variation as some other users mentioned but get the same score each time. I guess Google is saying I shouldn't be allowed to use the internet. |
|
| bluetidepro on June 27, 2019 | prev | next [–] I got a 0.9. What's it out of? 1? Sorry if I completely missed that somewhere already. |
|
| jk2faster on June 27, 2019 | parent | next [–] Yes, it is out of 1. From https://developers.google.com/recaptcha/docs/v3, > reCAPTCHA v3 returns a score (1.0 is very likely a good interaction, 0.0 is very likely a bot). |
|
| GordonS on June 27, 2019 | prev | next [–] 0.3 with Brave on Android, no extensions. 0.9 with Chrome on the same device, same connection. Brave isn't particularly "unusual", and is even based on Chromium - surely this is Google blatantly punishing non-Chrome users? |
|
| fybe on June 27, 2019 | prev | next [–] Interesting. I get a 0.7 on Chrome with no account logged in and uBlock Origin installed. Same browser, same plugin but incognito it's 0.1. Papa google needs my data to trust me. Makes complete sense but still interesting that you can affect your score by giving in. |
|
| jermaustin1 on June 27, 2019 | prev | next [–] What is most odd is I get 0.7 on iOS Safari which I use for 100% of my purposeful mobile browsing, but I get .9 on iOS Chrome, which is only used when I accidentally click on links from gmail (so very, very rarely). |
|
| happyopossum on June 27, 2019 | parent | next [–] Not really odd at all - if you're using the gmail app, there's a shared authentication cookie in all Google apps - including Chrome, so Google knows who you are in Chrome. |
|
| lostlogin on June 27, 2019 | parent | prev | next [–] It seems a lot is iOS users get 0.7. |
|
| zhte415 on June 27, 2019 | prev | next [–] A consistent 0.3. > error-codes": ["score-threshold-not-met"] Not sure if happy or not happy with that. I will conclude happy enough. Linux, on VPN, Firefox. Not logged into any Google services. Cleared caches (still same IP), no difference. |
|
| minieggs on June 27, 2019 | prev | next [–] Stock Qutebrowser 0.7, FF w/ all the usual extensions (ublock origin) 0.7. Don't know if it matters but I'm rolling Arch. Just adding another point of data for those curious. |
|
| jedberg on June 27, 2019 | prev | next [–] From my computer, where I browse fairly equally with all three of Chrome, Safari, and Firefox (albeit different sites), I get the following scores: Chrome: .9 Safari: .7 Firefox: .1 I have adblock running on all three, and I use containers on Firefox. |
|
| Zekio on June 27, 2019 | prev | next [–] interesting my score is 0.9 if I allowed google to track me using cookies, if I block the cookies it goes to 0.7 and if I enable content blocking in Firefox it drops to 0.1 |
|
| ilikehurdles on June 27, 2019 | prev | next [–] With desktop Chrome I get a 0.3. My browser sends Do Not Track, has PrivacyBadger extension, and has that useless google-profile-in-the-browser feature disabled. |
|
| ma2rten on June 27, 2019 | prev | next [–] I got 0.9 on Chrome, logged into google. I also got 0.9 on Firefox, not logged into google. In incognito mode in chrome, I sometimes get 0.9 and sometimes 0.7 when I reload. |
|
| fisherjeff on June 27, 2019 | prev | next [–] Using desktop Safari incognito without a Google account and Ghostery enabled, I get 0.7 too. Interestingly, disabling CSS drops me to 0.1... |
|
| fibers on June 27, 2019 | prev | next [–] Interestingly enough I got .9 on Edge with Ublock origin installed. Perhaps this has something to do with how Edge is using webkit now? |
|
| sarathyweb on June 27, 2019 | prev | next [–] I got 0.9 in my Android phone running chrome. When I opened it in incognito mode, my score was reduced to 0.7 |
|
| tchalla on June 27, 2019 | prev | next [–] It gives me 0.7 on Safari (uBlock Origin) while 0.3 on Chrome (uBlock Origin) - both macOS Mojave. |
|
| gpm on June 27, 2019 | prev | next [–] Firefox mobile w/ ublock: 0.9 |
|
| qwsxyh on June 27, 2019 | prev | next [–] Firefox with uBlock O I get 0.9. Don't know what everyone else here is talking about. |
|
| helper on June 27, 2019 | prev | next [–] I get 0.7 in both desktop (linux) chrome and firefox. I get 0.3 from android chrome. |
|
| keiru on June 27, 2019 | prev | next [–] >Please upgrade to a supported browser to get a reCAPTCHA challenge I guess this is a 0 for me then |
|
| TheArcane on June 27, 2019 | prev | next [–] I use the same extensions on desktop and get 0.3 on my android Firefox |
|
| wil421 on June 27, 2019 | prev | next [–] The first time it failed the second time I got a .7 iPhone Xs. |
|
| pdimitar on June 27, 2019 | prev | next [–] iPhone with a good (not amazing) adblocker: 0.7 Safari macOS with the same adblocker: 0.7 Firefox macOS with a lot of adblockers: 0.1 |
|
| chenshuiluke on June 27, 2019 | prev | next [–] I get 0.9 on my Firefox |
|
| sdegutis on June 27, 2019 | prev [–] It didn't load for me and I couldn't figure out why. Then I remembered that I put this in my /etc/hosts a few weeks ago and forgot about it. 127.0.0.1 google.com 127.0.0.1 www.google.com [Edit] So if nothing shows up for you on that page, check for that. Also I just generally recommend it. Google has some unethical practices and duckduckgo.com is pretty good. |
|
| ordu on June 28, 2019 | parent [–] I got "reCAPTCHA script loading". You need not to use hosts to block it, uMatrix could do it by itself. |
|
