
Google's Captcha in Firefox vs. in Chrome - kojoru
https://grumpy.website/post/0RzW4elEN
======
dessant
I was going through the same ordeal as a Firefox user, so I've made Buster to
solve challenges and reclaim some of that lost time:
[https://github.com/dessant/buster](https://github.com/dessant/buster)

If you're a developer, please consider replacing reCAPTCHA on your site with
an alternative. reCAPTCHA discriminates against people with disabilities and
those who seek privacy, and it gaslights you into thinking you did not solve
the challenge correctly, which is plain cruel.

Here are some reCAPTCHA alternatives:
[https://www.w3.org/TR/turingtest/](https://www.w3.org/TR/turingtest/)

~~~
judge2020
The problem with recaptcha alternatives is that they either are insecure or
require time and money to continue to be ahead of bots.

All of the "interactive stand-alone approaches" from that page can be beaten
with run-of-the-mill OCR (other than perhaps the 3d challenge) and with almost
any mobile phone speech recognition engine (and, if the attacker has the
money, can send it off to Google's cloud speech-to-text).

All of the non-interactive approaches from the page require this constant
tuning and upkeep to make sure bots aren't able to sign up/abuse systems.
There's also not \ _that\_ secure if your website is targeted and scripts are
made specifically to avoid your anti-abuse methods.

~~~
pmontra
I implemented simple question / answer antibot filters on registration forms
for a few sites. Nobosy ever made the effort to customize their bot to answer
to those very few questions. I guess it doesn't make sense economically.
However if a big site would go that way, it would be filled with bots in a
day.

~~~
atombender
I once implemented a "poor man's captcha" that presented a simple randomized
question that anyone would be able to answer (ranging from "what year is it"
to "what's 2 + 2"). I guessed that nobody would make the effort to write a
custom script for this, because the website in question was so niche and the
stakes so low -- a very quiet corner of the Internet; I don't even remember
what is was, possibly some feedback form that went to a support email. I
actually felt some irrational measure of pride when, probably a year later, I
was looking at some logs and discovered that some script kid _had_ cracked the
questionnaire and was currently using the form to post nonsense text with
Viagra links. Someone had actually sat down and written code to crack _my_
terrible solution, and probably spent more time on it than I had (which is to
say, more than five minutes). Made my day.

------
crazygringo
I've never understood what happened to reCAPTCHA, it was originally so great
and is now just so, so toxic.

Originally it was an awesome solution based on OCR'ing books that usually
worked quickly on the first try, and almost never took more than two.

Then it turned into a single checkbox (analyzing mouse movement) so it was
even faster... and I remember some simple image-based like "select the images
of cats" that were also easy to get right. So even better.

But THEN... in the past couple of years, the image-matching started asking
exclusively for analysis of street images, that has two huge problems:

1) The images are so blurry and ambiguous it's really hard to get right, it
feels like a test designed to make you fail

2) You never know how far you have to go -- you keep clicking items, they keep
replacing them with new ones, and there's zero indication of if you're almost
done or if you're getting better or worse.

Once I did one for three minutes straight, neither passing nor failing, until
I just gave up and left the page... if it's a bug, that should never happen.
If that's supposed to be able to happen, that's the apex of asshole design.
Either way, it's a failure in every way.

~~~
mikro2nd
There's a third problem: quite a bit of the stuff they present is (almost)
uniquely American and presents a recognition challenge in other cultural
contexts. That yellow vehicle? Looks _nothing_ like a bus in most other parts
of the world. And so the rest of the world gets to learn what an American Bus
looks like... Not, I think, what was intended.

~~~
jandrese
Or it tells you to pick out pictures of cars and shows you a pickup truck. Now
you have to figure out if people would call that a car or not. How about a
delivery truck? A motorcycle?

Or it will ask for pictures of crosswalks, and you have to decide if 3 pixels
of a crosswalk in the corner of one of the pictures counts.

~~~
jerf
If it makes you feel any better, I'm fairly sure the answer to those questions
don't count. I _know_ I've gotten some reCAPTCHAs "wrong" and gotten marked as
a human. It's picking up on a lot of signals, not just whether or not you're
"right". So, the good news is you can relax, and safely rewrite all the
questions to "Do _I_ think this is a store front?" or "Do _I_ think this
square counts as a crosswalk?" or whatever without loss.

------
SCHiM
Big rant, there are few things I hate more than filling out their endless
useless CAPTCHA's when browsing websites that have nothing to do with Google.

Google is a hypocritical pile of burning ____. They use bots right? They
scrape websites, they infest everything from my banking website to console
emulators with their tracking, and yet we little people are not allowed to
scrape or interface with the web programmatically.

I want them to burn so badly, I hope the EU breaks them up. Screw captcha,
screw AWP, screw them.

~~~
guelo
It's the web developer that doesn't want you to interact with their site
programmatically.

~~~
calibas
Google and Facebook tend to do it as a matter of policy, and while they say
it's to protect privacy and prevent abuse, it also furthers the "walled
garden" effect.

------
SamWhited
I thought this was just me and their stupid caption being impossible for even
humans to solve; turns out I was just being gaslighted this entire time and
they're just discriminating against Firefox users? How does the EU or someone
not shut down this sort of anti-competative monopolostic nosense? I didn't
think I could get more furious about having to struggle with these captions
all day, but somehow I am. Please everyone stop using recaptcha on your sites,
it's not worth the pain it costs your users.

~~~
michaelt

      they're just discriminating
      against Firefox users?
    

At least part of the behaviour shown in the video depends on factors like
cookies, IP address, and whether you have features like anti-fingerprinting
protection turned on. [1]

Recaptcha is frustrating and I dislike it, especially the slow fade-ins and
multiple challenges, but if you repeat the test shown in the video you won't
find it 100% repeatable just because you're using Firefox.

[1]
[https://github.com/google/recaptcha/issues/268#issuecomment-...](https://github.com/google/recaptcha/issues/268#issuecomment-483248998)

~~~
grinsekatze
I just wasted ~15 minutes on doing the disqus login captcha under different
conditions .. turns out that as soon as uMatrix is enabled (and blocks 18
cookies from google.com and 5 more from www.google.com), it starts to act up
and get annoying..at least for me.

It then takes between 1 minute and 1 minute 30 to get past the recaptcha when
blocking those cookies - and I was certain to be 100% correct in most cases
and it kept asking me to solve more and more ..

most of the time spent solving the captchas is from the countless '4s fade
ins' via inline style when cookies are blocked (as opposed to 1s fade ins via
css, when cookies are set).

I'm curious why they would add 3s to the fade in if their cookies are blocked
.. does that help to fight off bots, or does google just want to punish me for
blocking their cookies?

~~~
tylerl
The fade thing is to rate limit attackers.

By blocking specific cookies you're making yourself look like a certain kind
of botnet, so obviously you're going to have a difficult time convincing the
site that you're a legitimate user.

Most users don't block normal cookies, so if you go tweaking the machinery
that manages the relationship between your browser and the site, then be
prepared to deal with a buggy experience. This is what it means when they say
that what you're doing is "unsupported." Nobody is going to spend any time
optimizing for your weird setup.

~~~
xvector
Once again, Google obstructs the web for people who take even basic privacy
measures.

------
tomduncalf
Google Captcha is a complete mess at this point and I often leave websites
that use it if it's not essential to what I am doing

~~~
mikro2nd
Even more annoying are those sites that insist on using it, even though they
_know_ I'm human -- for reasons like I've paid them some money or jumped
through their KYC hoops. At that point it's just being rude and exploitive,
and, personally, I've reached the point where I'll simply take my business
elsewhere if a site chooses to treat me with so little basic respect.

~~~
emiliobumachar
There's a case for preventing bot action even if the bot is willing to pay.
Though putting a captcha _right after_ a payment step is borderline fraud.

What's KYC?

~~~
sib
"Know your customer"

[https://en.wikipedia.org/wiki/Know_your_customer](https://en.wikipedia.org/wiki/Know_your_customer)

------
yumraj
Turbo Tax uses Google Captcha when trying to import information from financial
institutions.

While filing taxes, on several occasions I had to just give up and try again
after several hours because the Captcha won't let me pass through and after
several attempts Turbo Tax will throw an error - to come back later.

It was literally a _Nightmare_

~~~
rdiddly
TurboTax itself is a dumpster fire, too. I recommend doing taxes on paper just
to avoid touching Intuit or Google in any way.

~~~
yumraj
I don't think that's an option for anything other than 1040-EZ. I get lost
filing with turbo tax, I can't even imagine how it'll be on paper.

~~~
holy_city
It's not that hard if your taxes are simple (standard deduction, maybe some
capital gains). Keep in mind the filing companies have an incentive to make
the process complicated.

~~~
Johnny555
I don't think the filing companies are actively making the forms harder to
fill out by hand, but the problem is that the IRS has no incentive to minimize
the time it takes to file taxes.

~~~
blaisio
Actually, big accounting firms and tax automation companies spend a lot of
money lobbying congress to keep the tax code complicated. It would save
everyone a lot of time and money if the IRS would just tell us what we owe -
they already know the answer, it's not like they just blindly accept whatever
we say.

------
jackewiehose
The slow animation is the worst. You really want to punch someone responsible
in the face.

And I never figure out how to solve the traffic light riddle.

~~~
lowdose
Include the traffic light poles.

~~~
sp332
I've never included the traffic light poles.

~~~
OJFord
If I don't include them, I get asked more. (Or occasionally 'select ALL
the...'.) If I include them, it usually goes away.

------
llao
While relatable, this is just a low effort post more suited for Twitter or
Reddit.

For a fair comparison OP would need to use clean browser profiles on fresh
IPs. Like this it is just fan-service for Google Captcha victims (like me).

~~~
driverdan
This is a common problem with FF if you have any privacy settings enabled.
ReCAPTCHA does deep fingerprinting. If you block that fingerprinting it
punishes you.

~~~
ehsankia
If you come up with another way that is as effective in an ever growing world
of bots trying to break anything in their way, I would love to use it.

I've had to pay 100x bills on my monthly quota once too often, and as a hobby
developer, I just can't afford trying to fight off people abusing my website
every day.

Yes, resorting to fingerprinting is not ideal, but what's better, asking
everyone to solve that hard captcha, or only some users?

~~~
driverdan
Use self-hosted CAPTCHA with simpler solutions. They still keep out the stupid
bots that can't get past ReCAPTCHA.

~~~
gwoplock
> Use self-hosted CAPTCHA with simpler solutions

My favorite CAPTCHA is the one on the Arch Linux forms but I realize this cant
be used many places. > What is the output of "date -u +%V$(uname)|sha1sum|sed
's/\W//g'"?

Easy to do but hard to do with computers. My second favorite are the math
problems one.

However if these become popular people will just write bots for them and were
back to square 1.

~~~
vageli
> > Use self-hosted CAPTCHA with simpler solutions

> My favorite CAPTCHA is the one on the Arch Linux forms but I realize this
> cant be used many places. > What is the output of "date -u
> +%V$(uname)|sha1sum|sed 's/\W//g'"?

> Easy to do but hard to do with computers. My second favorite are the math
> problems one.

> However if these become popular people will just write bots for them and
> were back to square 1.

Interesting...I wonder if they show destructive commands below a certain
threshold. It would be funny if a captcha caused a bot to delete itself.

~~~
llao
It would not be funny if even just one person ended up with that so I hope
not. A bot would not end up in that situation anyways, either the earlier
commands were already evaluated or your proposed remote kill would also not
work.

------
Ocha
FYI. Title is misleading. This experience has nothing to do Firefox vs Chrome.
Result is because of 3rd party cookie and tracker blocking. I had same and
even worse (I was not able to get through captcha) experience on chrome itself
because I have 3rd party cookies disabled and couple privacy oriented
extensions running.

~~~
hartator
The user is complaining about the slow CSS animations. It's definitely a bug
though not something they did on purpose. I remember having the same issue on
Chrome as well.

~~~
gsnedders
IIRC, it is something they do on purpose, to make it clear to the user
something is happening while rate-limiting challenges given to the user.

~~~
hartator
Oh no Google ReCaptcha doesn't work that way. In case of rate limiting, they
will just throw an error. It's probably some clever JS or CSS that got a bug
in it. Here's the official thread on GH:
[https://github.com/google/recaptcha/issues/268](https://github.com/google/recaptcha/issues/268)

Disclaimer: We built a solution at SerpApi.com to solve those offline using
ML. Timing of solving doesn't matter. It will be odd that they do that just to
annoy user when it's not a technical limitation.

------
bluehatbrit
I'm from the UK and often get very American questions. Such as "select all the
images with cross-walks". This isn't really a phrase we have over here, so
when I first got this I had no idea what I was meant to be looking for in the
array of random pictures and actually had to look it up to get past it. If
you're going to force me to do a captcha, at least localise the damn
questions.

Do other non-American's get this as well?

~~~
_emacsomancer_
They're zebra crossings, but I suppose you know that by now.

The captchas are completely non-localised as far as I can tell; as others have
pointed out the 'store-fronts' tend to be non-American.

~~~
bluehatbrit
Generally it's not too hard to find something in a picture that is from
another country, but the actual request text should really be localised. I
usually go for the audio ones now though rather than the visual ones.

------
seieste
I believe this is part of a greater Google strategy of using their monopoly
power.

I’ve noticed that in the last week, Google no longer provides a link to the
non-amp version of pages. Previously, you could press two button taps to get
to the non-amp page, but now that ability has been removed. This sucks because
Amp doesn’t always support all the features of a normal site, like Reddit or
blogs (commenting).

I worry how Google will abuse this in the future. Right now they control the
first page you visit after leaving Google through AMP, but you can usually
find a link to the home page of a site. In the future, they may restrict it
further.

------
turrini
For Google Recaptcha, I use GreaseMonkey with an user script:

"Speed Up Google Captcha"

"Makes Google Captcha works faster by removing slow visual transitions and
unnecessary delays."

[https://greasyfork.org/en/scripts/382039-speed-up-google-
cap...](https://greasyfork.org/en/scripts/382039-speed-up-google-captcha)

~~~
pbhjpbhj
I'm really surprised that works, as I assumed the delay was random and it was
looking for bots who were completing the image processing before the image has
actually faded in. Huh.

------
FerretFred
Ha! Been there, done that. I registered with Patreon (using Firefox), then
tried to login (using Firefox) after verifying my email address. Nineteen (19)
Captcha screens later and I gave up. Seriously. Bastards (and apologies to the
Creatives I was trying to contribute to).

------
quwert95
As a developer who has worked with reCAPTCHA in the past and as a diehard
Firefox user, what likely happened here is a form of shadow banning.

You're moving too fast; your mouse and mouse clicks are "too good" to be
human. Try solving the reCAPTCHA slower and you'll see wildly different
results, or, purposely fail one reCAPTCHA to get easier ones.

reCAPTCHA tech is crazy; reCAPTCHAs are not simple web forms and Javascript,
they're a sandboxed and monitored 'window' to a Google server. If you solve
too many reCAPTCHAs too quickly (ie. when you are testing a web page, or are
rotating your passwords on many websites) then Google's servers will try to
rate limit you with slow animations and harder reCAPTCHAs.

~~~
resoluteteeth
> reCAPTCHA tech is crazy; reCAPTCHAs are not simple web forms and Javascript,
> they're a sandboxed and monitored 'window' to a Google server. If you solve
> too many reCAPTCHAs too quickly (ie. when you are testing a web page, or are
> rotating your passwords on many websites) then Google's servers will try to
> rate limit you with slow animations and harder reCAPTCHAs.

Google should absolutely not be in a position where it can be inadvertently
rate limiting your attempts to rotate passwords on different websites across
the internet.

------
ziddoap
The fire hydrant example... I deal with this every day. It takes soooo
looooong to load, it's really ridiculous.

~~~
AdmiralAsshat
There have literally been times where I debated whether or not I wanted to
purchase something because of the knowledge that I would have to solve
Google's captcha. Humble Bundle, in particular--the login process for me (due
to uBlock+uMatrix installed) is like this:

1) Try to login

2) Login doesn't show up--go to uMatrix and whitelist some crap.

3) Try to login again.

4) First phase of login completes, now blank when site tries to load Google
captcha.

5) Whitelist Google captcha frames in uMatrix and reload again.

6) Login for the third time, Google captcha now displays properly.

7) Spend 10 minutes solving captchas. If I'm lucky, the first "Verify/Submit"
will work. If not, I probably need to whitelist cookies for it within uMatrix
and reload/try again.

8) Get notification from HumbleBundle that "You have not logged in from this
browser before" and wait for a Verification email to hit my inbox.

9) Enter verification code. Site usually then logs me out for some reason,
even though it was successful.

10) Login again. Solve Google Captchas _again_. Finally allowed to login.

11) Finally buy the goddamn thing I was there to buy.

12) Search Amazon for wig.

~~~
worble
>Humble Bundle, in particular

Funny you should mention that, I actually wrote an email to support asking
them to have frickin mercy with the google captchas. The response was as you
expect "we do this for safety and protection, yada yada" which to be fair, I
obviously didn't expect them to change anything, although I hope it did help
raise some awareness.

The interesting thing I got out of it was that they mentioned that google
captcha for logging in is disabled so long as you have 2FA activated on your
account, which certainly helped, at least a little bit. You do still have to
use the captcha to buy anything from the bundle (at least if you're using
something like paypal, anyway).

~~~
benologist
I've emailed them about it as well. Totally sick of having to grind through
Google to sign in to HB, I've not bought stuff because of the effort too. I
also really don't think it's appropriate to include Google as a third-party in
login processes anymore.

------
baggy_trough
The Google captcha enrages me. Why should I train their stupid AI?

~~~
partiallypro
What's funny is that the AI needs to be trained...yet it already knows which
choices are correct and incorrect. So, is it really necessary?

Edit: This is a joke, I am joking.

~~~
ljcn
I don't know how the image captchas work but the old-fashioned type-the-words
captchas asked you one it knew the answer to and one it didn't. By giving
unknown words to multiple users and finding a consensus they could move words
from the unknown to known set.

------
cyphar
I find it incredible that modern reCAPTCHA exists and is legal.

Aside from the the obviously concerning censorship that happens if you try to
access reCAPTCHA-locked sites over Tor, it is literally forcing internet users
to do free labour for Google so that can train their AI for whatever project
they're doing.

So not only is it a tax on using the internet (paid in seconds to minutes of
human existence each time -- I bet reCAPTCHA has collectively cost humanity
thousands of lifetimes of wasted effort solving stupid puzzles) and it creates
censorship, it also is an act of charity on our part that we provide Google
free work with no benefit for ourselves. Given that they literally pay people
to do (something similar to) what we are doing for free, I wonder it there are
labour law arguments to be made (we aren't paid anything for this work which
Google clearly is willing to employ people to do).

~~~
cameronbrown
You're barking up the wrong tree here. reCAPTCHA is a free service that
developers implement. If you don't like that, complain to them. Companies
aren't compelled to use Google services - they have _no_ choice because the
bot issue is untenable without it.

~~~
cyphar
Yes it's a free service which developers choose to use (though many sites use
it without knowing through CloudFlare), but that doesn't change the fact that
Google has decided to use it as a method of getting free labour out of
internet users.

reCAPTCHA used to be far more reasonable and ethical when it was being used to
digitise books. And when you got reCAPTCHA'd constantly as a Tor user, it
wasn't so bad. These days I have to spend several minutes of my life giving
training data to Google on every site which uses reCAPTCHA, with nothing in
return except for the privilege to be able to access the internet.

------
matteopey
This is the experience with the `privacy.resistFingerprinting` flag set to
true. A while back I made a few try to see how the behavior change with
different settings and extensions, you can see the result here:
[https://github.com/google/recaptcha/issues/268#issuecomment-...](https://github.com/google/recaptcha/issues/268#issuecomment-483248998)

I solved the problem by using an extension that toggle that flag:
[https://addons.mozilla.org/en-US/firefox/addon/toggle-
resist...](https://addons.mozilla.org/en-US/firefox/addon/toggle-resist-
fingerprinting/)

------
Yetanfou
When confronted with reCAPTCHA I always switch to the audio-version as that:

\- is generally easier to solve (download the sound clip using curl or wget,
type in the nonsense it says, done)

\- does not turn me into a mechanical Turk training Google's AI

\- works in 'any browser' by circumventing the browser (by using wget/curl),
thereby not allowing Google to punish me for not using their dragnet/browser.

~~~
atomwaffel
> does not turn me into a mechanical Turk training Google's AI

I’ve been wondering about that. Are you sure you’re not training their speech
recognition AI?

~~~
Yetanfou
No, I'm not sure. It deem it unlikely though as those sound snippets are
rather short and uncomplicated, something which I'd think any reasonable STT-
system should be able to handle - which makes it vulnerable to those systems
as well.

------
peteretep
Would it be possible to build a Firefox plugin that creates and isolates the
requisite cookies to allow reputation to be built, but at least partially
maintains privacy?

I was thinking maybe something that has 10 difference Google sessions, and
shards them depending on the website, deciding which to send to the Captcha.
You'd build reputation at 1/10th the speed, but you'd still potentially build
it. Or, one that allows you to create a random Gmail account and then use that
as your identity across the different sites. Perfect privacy would be hard,
but improved privacy should be doable.

Alternatively, getting something like blinded identity tokens widely used
would be good.

~~~
iicc
[https://github.com/privacypass/challenge-bypass-
extension](https://github.com/privacypass/challenge-bypass-extension)

~~~
peteretep
I'd love Apple to throw their weight behind this. Maybe this + bundle it
seamlessly into iOS Safari.

------
hosteur
I consider putting the following on my cv:

2016-2019: working for google - analyzing street footage for implementing AI
for self driving cars.

Maybe I should also invoice google for the effort.

~~~
emiliobumachar
Would a class action lawsuit for unpaid wages be plausible?

------
pgug
I there any anti reCaptcha or anti Google, that I can donate to? I want to
donate a small amount every time Google forces me to solve their problems.

~~~
nprateem
Get a disabled person to take them to court for discrimination.

~~~
penagwin
> Get a disabled person to take them to court for discrimination.

I was thinking something more along the lines of sponsoring them to take
Google to court ;)

------
Algent
Are you using Canvas Blocker or similar extensions ? As a FF user I also have
to go thru 3-4 captcha everywhere and I'm pretty sure it's because the system
is having trouble giving me a stable fingerprint.

------
somebodythere
The latest captchas are so hard that when I encounter one, it really feels
like I am engaged in an unpaid labor relationship with Google.

It makes me sad that they are so pervasive or I would categorically refuse to
engage with any site that uses reCaptcha.

------
eeeeeeeeeeeee
This is especially prevalent in the Google mobile site tester in Firefox. In
FF you have to do the Captcha almost every damn time. Switch to Chrome and it
stopped immediately for me.

------
user764743
Sometimes it's stairs, and they ask you to click all the stairs, but there's
an inch of stairs overlapping one window, so you aren't sure if you should
click that window because of the pixel or not.

This whole captcha joke and firefox made me hate Google more than anything
else.

------
LeoNatan25
It's simple; any shitty website that uses this garbage—don't use it. If there
is a "contact us" page or email, tell them why you will no longer use it.

If it's your bank's site, move a bank. You say "oh, it's a lot of work just
for some captcha"; yes it is, but this is the only way this clowns will learn.
When 1000 people leave a bank for a competing one and say "I left because your
site employs captcha", it will magically disappear. I've seen it happen.

~~~
yathern
Are you against all captcha then? How do you suggest websites deal with
automated spam or other attacks?

------
simias
I'm a Firefox user and I did encounter some issues with reCaptchas in the past
but this video doesn't convince me at all.

For reference I post regularly on 4chan (not compulsively but maybe a dozen
comments a day on average) and if you don't have a pass you have to fill the
captcha every time. I only use Firefox. I definitely experienced what this
video shows on Firefox in the past (the super-slow loading images) but it felt
more like a bug than anything else and it doesn't represent the typical
experience. Maybe I tripped one of Google's bot filters somehow and I ended up
with a reinforced captcha, or there was a bug somewhere.

The Chrome section of the video is a lot closer to what I see usually, but
they make me go through two challenges in a row typically (although that might
be 4chan's settings at play).

I'm all for the Chrome hate if it means that people switch to Firefox but I
think we need harder data than a short video to call shenanigans on that one.

Off topic rant: the fact that a post with such lack of substance manages to
reach 700 votes in 3 hours is frankly depressing, it has no place on this
website IMO.

------
goblin89
In my experience[0], the captchas are rotated regardless of the browser. The
captcha shown each time seems to be chosen based on some sort of hidden “trust
level”, which fluctuates across attempts based on your choices.

The starting level, I suspect, is heavily influenced by browser settings and
many other factors. With that in mind, and assuming that

1) trust inversely correlates with anonymity,

2) people using Firefox tend to be more tech-savvy and careful about their
privacy, and

3) tech-savvy people using Chrome probably won’t bother locking it down, since
it “talks to Google anyway”,

I’d be disinclined to believe Google actually discriminates against
browsers—no matter how compelling a narrative this may seem—until I have a
complete picture of OP’s setup (from browser settings to OS and connection).

[0] Last year there was a period I was getting many captchas (either my
location or AWS VPN caused me to be considered “untrusted”); I actively tried
to figure out how to get past it without giving the algorithm what it wants,
so I could go through a dozen of these captcha screens in one browser window.
I use Safari, Firefox and Chrome routinely.

------
neilv
Those storefront photos were remarkably clear/unambiguous, compared to some
I've gotten.

When logging into an account I needed to log into, maybe a couple years ago,
they'd jerk me around in the manner of this grumpy.website example, but more.
One time, it went on for several topics, for what seemed around 10 minutes. I
pay money for that account.

This obnoxious annoyance is in addition to the offense of some company letting
third-party code from a mass-surveillance company not only into their pages
(which almost every company with a Web site does, sadly) but also into their
authentication page. Much more important services on the Web do not need
captchas for login to accounts that were paid for. Now, every time I get a
hassle to log in to my account I pay for, plus directly leak that info to a
surveillance company. It makes me regret paying money for the account, like
the company are oblivious or don't care, and I won't have much loyalty when
the right competitor appears.

------
exakoustos
This is why once I switched to FF I also switched to DuckDuckGo

~~~
talonx
The captcha has nothing to do with Google the search engine. Google's catpcha
is used on a lot of websites which are not connected with Google.

On a different note, this also makes it difficult to use such websites if you
block google domains in your adblocker for non-Google sites.

~~~
exakoustos
You would think that they wouldn't block search. But Google kept throwing me
at captcha when I was in FF and not signed in. The biggest pain so far has
been the lack of map integration.

------
S_A_P
It looks like the user missed one fire hydrant in the middle left square. If
you look closely there is a tiny fire hydrant in that picture.

~~~
ferdek
I laughed when mouse hovered over it like the user was deliberately looking
for fire hydrant on this one and then just moved on with rage, waiting for
other images to load :D.

I honestly think this was the reason why Captcha's bot was so passive-
aggressive :D

------
hhjinks
This is bullshit. I regularly experience the "Firefox" example in Chrome, but
only in incognito mode. Either way, it's not something Google does
deliberately to disincentivize other browsers.

------
TheKarateKid
I get this all the time with Safari.

It’s because Google can’t read as much about you in more privacy based
browsers, so you have to prove yourself.

Not saying it’s right, but that’s the reason. It needs to be changed.

------
amedvednikov
Every website that uses this fingerprinting abomination, should be ashamed.

------
stcredzero
1\. Big company browser attains majority market share. 2. Big company
browser's quality starts to slip, but they are not so powerful, they don't
have to care. 3. Big company browser starts to work against the common good.

We've seen this before. We'll probably see it again.

------
driverdan
Based on some CAPTCHA solving sites it costs about $3 per 1000 ReCAPTCHAs
solved. That shows you how worthless adding ReCAPTCHA to your site is. All
it'll do is slow bots down a bit and cost $0.003.

Here's an extension to use those services in the browser so you never have to
solve one again: [https://addons.mozilla.org/en-US/firefox/addon/recaptcha-
sol...](https://addons.mozilla.org/en-US/firefox/addon/recaptcha-solver/)

That's assuming you can't get Buster to work.

~~~
gouh
Or even pay, I wouldn't mind paying 0.003$ at each Captcha as long as I have
an anonymous payment system.

------
dredmorbius
My present Recaptcha policy:

[https://mastodon.cloud/@dredmorbius/102054627041751386](https://mastodon.cloud/@dredmorbius/102054627041751386)

------
sergiotapia
I see a website with google captcha I just close it. Not going to waste time
and also train this huge monopoly's AI further for free.

------
navidfarhadi
I have experienced the same behavior when trying to complete Captchas in Tor
Browser. However the vast majority of the time it just says "Your computer or
network may be sending automated queries. To protect our users, we can't
process your request right now." so I cannot even attempt to complete the
Captcha.

------
paradox1234
I barely use Edge in Windows 10, but whenever I do and I go to any google site
I get constantly badgered about 'downloading chrome' even though, a) I've
already downloaded Chrome and have it installed, b) I've click such notices
away 1000 times. More than mildly annoying and aggressive.

------
jedberg
I think what most people don't realize is that you don't need a good captcha
to stop most abuse. Even the crappiest of captchas will stop 95% of the bots
out there. Unless your site is a high value target, you don't really need a
great captcha.

------
dawnerd
Happens to me in chrome every single day. I think it's a bug in how they're
detecting potential bots. Of course no one at Google will listen when you
submit reports. Especially the one about selecting street lights/stop
lights/crosswalks.

~~~
tsjq
the concern here is about super-slow loading and more tiles to verify when you
use Firefox than when you use Google Chrome browser

~~~
dawnerd
All of which I see in Chrome as well. Literally the same experience in the
linked post.

------
joshfraser
I absolutely hate CAPTCHAs and have done my best to persuade developers to
never use them (1).

But in fairness to Google, the promise of their new Captcha system is that it
uses all of your previous browsing history across the web to determine how
likely you are to be a bot. You can't do a fair apples to apples comparison
unless the browsing history and behavior is the same across both browsers.

1) [https://www.onlineaspect.com/2010/07/02/why-you-should-
never...](https://www.onlineaspect.com/2010/07/02/why-you-should-never-use-a-
captcha/)

------
cloud_thrasher
From my experience, it's the "Access-Control-Allow-Origin: *" response header
that causes the problem. So, it's in the way Chrome uses/enforces cross-origin
HTTP request/response headers.

------
NelsonMinar
Do websites get paid to run reCAPTCHA?

I keep seeing reCAPTCHA installed on very low security sites that don't seem
like targets for automated bots. I'm wondering if they have some external
incentive to install it.

------
mikejb
I'm not sure what the comparison is on Chrome vs. Firefox. I've had the pain
of these slow animations, with a follow-up captcha, and it's infuriating - On
Chrome. Is it better on Firefox?

------
caconym_
The mainstream internet of today exists to serve the advertising industry
(including but not limited to Google) and things that don't so serve will be
marginalized like an organism rejecting a foreign body or disease. It's funny,
because really the thing that makes users "more significant" than bots for the
average website operator is that showing ads to real people has a monetary
value attached to it. That is the only reason you prove your humanity to a
machine: to validate your suitability as a target for ad spend.

------
finchisko
This doesn't make sense to me. Making reCaptcha work worse in FF without
telling user that if he/she used Chrome it would be better. Only few tech
savvy people (hn readers), will eventually realize that. And it doesn't make
them to switch to Chrome (or does it?). They'll just be angry.

And btw I hate reCaptcha. Is it really only option to fight with spam? When I
see it on sites, like dhl parcel tracking, I get mad. I always ask why? Can
they just block suspicious traffic, or at least not display captcha on first
attempt.

~~~
parrellel
If you increase user friction enough, subtly, eventually the affected user is
going to look for something else, and now there's only one real something else
- especially for non-techie users.

------
napsterbr
That's exactly what happens to me on an almost daily basis. But then I decided
to change my feeling from rage to revenge. Here's how:

I get the first few selections right, so the algorithm knows I'm trustworthy.
Then I purposefully get the last ones wrong. This way, I'm still validated by
the captcha and I get to show the middle finger to Google.

Now I smile every time I'm faced with reCaptcha :)

Highly recommend. It does take some time to figure out the patterns (when to
get it right and when to get it wrong), but once you do, it just works.

------
damnyou
This could either be some of Firefox's privacy features genuinely making it
look more bot-like to Google, Google accidentally or deliberately sabotaging
Firefox, or some combination of the two. It's not really possible to tell from
the outside, but it's clear that Google's incentives are for Google's products
to work better with each other.

This is why Google should be broken up -- it should be forced to spin off
Chrome into a separate company with a business model similar to what Firefox
has.

------
DrJaws
The thing that happens to him in firefox, it also happens to me in chrome.

misleading

------
realcr
I experienced a similar problem. I'm using Firefox. Two websites I have great
difficulties logging into are twitch.tv and italki.com, both require solving a
google captcha that can sometimes take more than a minute to solve.

I am working on a micro-payments system (based on mutual credit) that should
allow to pay something like $0.001 instead of solving a captcha. If this would
introduce zero extra friction, would you consider using this kind of solution
over the traditional captcha?

------
tootahe45
I decided to test this for a good hour once. I was suprised how little it
actually matters whether you're on a cheap VPN (although i do think they limit
TOR) or are actually getting the answers correct. Load up chrome or brave, and
it almost instantly solved, whereas Firefox on default privacy settings is a
total pain. The worst thing is how they purposely try to just waste your time
with the fading images, like in OP.

------
superasn
The Recaptcha 3 is even worse. For example go to truecaller.com and enter a
phone number to lookup in Firefox (android). You won't be able to, it will say
Recaptcha had failed. Now do the same in chrome on Android and it works. It's
because on ff it gives a low score (i. e user is a bot) while on chrome it
passes without a hitch.

Funny thing is I haven't used chrome in months so it should be the other way
round!

------
glenngillen
If you’re looking for a good commercial alternative that isn’t turning you
into a mechanical Turk to train/classify ML:
[https://funcaptcha.co/](https://funcaptcha.co/)

If you’re primarily trying to stop bots and similar take a look at
[https://www.kasada.io/](https://www.kasada.io/)

------
stanski
This reminds me of ticketmaster.

Site owners can choose not to use google's recaptcha2 but it has become the de
facto standard now so no one cares.

------
netwanderer3
This is exactly what you would encounter if you access Google services using
TOR. It's actually even more frustrating than this.

------
piyush_soni
There have been many discussions on HN about this before. Google is making us
its free slaves, when they can clearly know in the first click that we are not
a robot (it used to work perfectly! How can it unintentionally become _that_
worse?) Is there no Google employee here that sees how absurd this is and get
this message sent across?

------
eanzenberg
Why are we labeling images for free for google?

~~~
krispbyte
Not for free. It's a service the owners of the website give to Google in
exchange for letting you post. You are the product here.

------
camgunz
Antitrust investigators should look into captcha stats for at least browser,
ISP, mobile device, IP address, and referer header. It would be better if they
could just get Google's algorithm, which I assume is based on more data. I'd
be very surprised if Google popped captchas less for non-Google IPs, devices,
and browsers.

------
neya
This happens even on Chrome. If you're logged into a Google account, it seems
to know that you're not a bot since your Google Account is tightly integrated
within Chrome. If you try the same captcha on an Incognito page on Chrome, you
will have the same experience as on Firefox. Atleast, that's the case for me.

------
gosseyn
Omg I knew I wasn't imagining things...I reached the point when I don't bother
anymore...captcha means no !

------
NamTaf
Oh wow, I assumed it was just my combination of ublock origin + privacy badger
+ accelereyes + privacy-first settings in FF (block all 3rd party cookies,
containers, resist fingerprinting, etc.) that caused many hits.

I'm not sure whether I'm glad to find out it's (also? only?) because they hate
Firefox.

------
deforciant
I have noticed that Google often signs me off from my multiple Google accounts
on FF too :/ While Chrome (which I use only for Hangouts) remains logged in. A
bit annoying! :D

Also, good to see that it's a more widespread issue with these captchas too, I
somehow thought that I am just bad at solving them :)

------
bussiere
Human seems able to see face on anything. WOuldn't be a good idea to use this
as a way to make a captcha ?

------
unixfox
The worst part is that fading effect is completely useless because a bot can
wait too if it doesn't detect a proper image. When I tried to exploit Google
recaptcha for fun it was an easy task for me to implement a timer that will
wait for the image to appears correctly.

------
dpcan
I never use Firefox, but I'm pretty sure I've seen this same format before in
Chrome. No?

------
miohtama
reCaptcha v3 fixes this behavior. Instead of having one gateway test to
determine if you are a human or a bot, it collects data on a background on
your browsing behavior. Thus, it has a longer browsing behavior sample for
heurestics.

[https://developers.google.com/recaptcha/docs/v3](https://developers.google.com/recaptcha/docs/v3)

Of course, you need to have cookies enabled.

If you do any browser in ignonito mode and/or use VPN or Tor you are going to
get persona no grata treatment because it is likely your source network and IP
address have caused a lot of problems before. The only way to go around is to
have some permacookie on your browser saying you are a good citizen.

------
floatingatoll
HN previously, when Google released RCv3:
[https://news.ycombinator.com/item?id=18331159](https://news.ycombinator.com/item?id=18331159)

Has anyone posted a technical analysis of the changes? I’d love to read more
about it.

------
athorax
I can't tell for sure, but it looks like middle row, first image might have a
fire hydrant

~~~
entropea
Is this ISO52600 image thick with grain at 200% crop a car?

------
fernandotakai
now that's weird. firefox is my main browser (developer edition on linux,
windows and macos) and i never get captchas.

maybe it's because i don't use umatrix (i only use ublock origin)? maybe
because i'm always logged-in in at least one google account?

~~~
Wowfunhappy
> maybe because i'm always logged-in in at least one google account?

That's likely a primary reason.

------
willtim
My company proxy kept triggering endless Google captcha games. I switched to
DuckDuckGo.

------
hollander
I've noticed this effect as well. The white boxes, waiting and waiting, four
or five different consecutive tests. All in all a terrible user experience. I
thought it was because I used VPN, but this is another explanation.

------
r00fus
I use a site frequently and am on the latest FF and I don't see this behavior
- the refresh is quite quick.

Does this mean that Google knows enough about me (ie, privacy leak) that it's
choosing to not having infuriating UI?

------
truth_seeker
As a Brave browser user, I go through this partial behaviour every single
time.

------
627467
My default approach is to leave site that require reCaptcha (meaning, when
ticking the box triggers the challenge) but when I do need to take the
challenge I make sure I sprinkle my results with subtle errors.

------
ashaikh
Does Google use this data to help train its self driving cars and maps for
identifying information?

I feel like every captcha is about a street scene of some sort... house
numbers, cars, motorcycles, hydrants, stop lights etc.

------
vageli
I'm frankly surprised there has not been an ADA-based lawsuit against Google.
I can't tell you the number of times the audio captcha has been unavailable
for "reasons".

------
teekert
Oh, I thought it was me... seems like it was my choice of browser. In any
case, perhaps Google has a harder time telling me apart from a computer. I
guess that is a plus for FF then.

------
snek
I've had this a lot, thought this was a bug in firefox's rendering or
something. Glad to know it isn't, but now I'm somewhat more annoyed to know
the real issue.

------
wooptoo
This also happens in Chrome when 3rd party cookies are turned off.

~~~
cptskippy
So basically Google is abusing it's monopoly as a captcha provider to
inconvenience users into enabling enhanced tracking in their browsers under
the guise of "security"?

------
lousken
Can someone from recaptcha team respond to this? Because this happens to me
all the time and it's ridiculous

------
AshleysBrain
This fits the pattern of Google consistently going "oops we broke Firefox" (or
otherwise made it worse than Chrome) to the extent it raises suspicion of a
deliberate strategy, as described by this former Mozillian:
[https://twitter.com/johnath/status/1116871246510264320](https://twitter.com/johnath/status/1116871246510264320)

------
terrycody
I got same thing in Chrome too, so I guess its related trackers, not just for
firefox lol.

------
war1025
I've never run into these image captcha things before. Where do they get used
at?

~~~
Raphmedia
It's the same widget as the checkbox but it throws the images at you if it has
doubts.

~~~
war1025
I guess maybe because I don't have all the privacy extensions installed that
some people use?

------
helper
I've seen that behavior using chrome on linux when using public wifi networks.

------
taf2
I can replicate this same thing in a chrome incognito window...

------
anticensor
A class action for drudgery needs to be started.

------
nilsocket
Google search results page in Firefox mobile browser looks like it is from
2010.

I filed a bug report, only one version of it is fixed, later versions were
just displaying same old pages.

------
elagost
reCAPTCHA is malware. If a site uses it, I (usually reluctantly) stop using
the site. It's not even a privacy issue anymore - I'm logging into the site,
usually so I can give them some money (bandcamp, humble bundle) - I just don't
want Google all up in my business. Is that too much to ask these days? In
order to not have some creepy giant corporation overseeing everything I do, I
guess I just have to not use the Internet.

------
klodolph
This looks suspiciously like slowbanning.

------
tsjq
i shifted from Chrome to Firefox a few months ago. been facing this super-slow
Captchas. I simply assumed this is due to some network slow / server slow /
browser slow. I didn't even bother to go back to Chrome to compare this.

After reading comments in this thread, now I realize this is intentional thing
against Firefox.

Damn Google. what happened to your "Don't be evil" beginnings ?

------
m463
Google chrome can already identify who you are and it knows you're not a
robot.

That said, it still forces you do to work for its self-driving car effort.

------
yegortimoshenko
I saw both variants in both browsers.

------
stunt
I don't have this issue.

------
shanth
nah i just need to use tor with chrome to get the same effect as firefox.

------
N0RMAN
Someone explain to him that you have to click the Verify button on both
browser.

------
OJFord
reCaptcha's not all bad guys, it's actually educational.

It's thanks to reCaptcha that I know what a 'crosswalk' is.

~~~
r721
Also how storefronts around the world look like.

------
make3
this is just unacceptable

------
darkhorn
Dear developers, if you want to avoid most of the bots use only HTTP/2 and
only TLS v1.3. Don't support lower protocols than these ones and your bot
problem will decrease greatly. Even GoogleBot won't be able to crawl your web
site.

------
tyler_larson
Congratulations, you played yourself.

It's not Firefox that's the problem; reCAPTCHA works just fine on Firefox.
It's all those anti-tracking measures you installed and enabled -- they work
by making your browser indistinguishable from a low-quality bot, kicking the
website into self-defense mode. The slow fade is a rate-limiting measure. It's
annoying to you, but it's more annoying to people trying to automate login
attempts.

The site is attempting to protect your account by preventing automated attacks
against it. Meanwhile your browser is doing it's best to look like a shell
script, refusing to send any sort of behavioral feedback or distinguishing
characteristics that might give away the fact that you're a human.

So the question is: is it really worth alienating those quirky, paranoid users
who take extraordinary anti-tracking measures, just to protect your normal
users from automated attacks?

Yes.

Of course it is.

