Dear web developers and admins,
please stop embedding Google's hideous into your websites. Its algorithm is faulty, forcing regular users to click dozens or even hundreds of fire hydrants, bicycles, or traffic lights each day. It puts a 'suspicious activity' flag on users who won't obey to Google's business model - such as people who don't sign into Chrome, use anonymity VPNs, or use browser extensions to suppress common tracking mechanisms. Enough is enough. Stop it.

· · Web · 40 · 629 · 479

@JackMeinoff Exactly! 👍 My strategy at the moment is to stop using all websites on which ReCaptcha shows up.

@JackMeinoff @kernpanik On one hand we've got self driving cars, on the other we still have to tell robots over and over again what a pedestrian crossing looks like. 🤔

@kernpanik some months ago i had to solve exactly 4 sets of 4 captchas (which i assume was the maximum?) every single time just because i dared to use firefox mobile
can't imagine what it's like for tor users

@kernpanik I've seen captchas on Tor hidden services that were coded in 50 lines of lua and probably worked better than ReCaptcha anyway.
@kernpanik well, they don't add it for nothing. What other solution is good?

@lain @kernpanik there are some that are even more annoying like hcaptcha I believe but I’d rather fucking Google eat my data rather than have that shit on every site

@lain @kernpanik I'm not an expert on this but hCaptcha seems to be a good Google alternative.

@lain @kernpanik A alternative proprietary solution which is not that evil to Tor users but is pretty similar to ReCaptcha is .The best open-source solution I've found so far is which looks really user-friendly but I don't know how effective it is.


@kernpanik something that happens on certain tor exits and high traffic VPNs is the captcha will refuse to run. i don't mean that it breaks, i mean it'll say "your computer or network may be sending automated queries. try again later," and you're just, not allowed to use the website (or any website with google's captcha)

if your network is sending lots of traffic, you don't get to take their "automated traffic detection" test

ableism re: google 

@kernpanik i don't get locked out in this way normally, because i don't generally use any high traffic networks, but because of my setup (linux, privacy addons, fireFox, sometimes low traffic VPN, etc.), when i click the "listen" accessibility option, i will then get a lock out

i have no idea what their non visual captcha sounds like (without looking it up) because i'm only allowed to do the visual captcha. i get punished for trying to use the auditory captcha

ableism re: google 

@xenon @kernpanik lots of sites punish you for using privacy tools / not logging in. It's asolute hell for my adhd

@kernpanik And, because you don't care about your users, bots can defeat it, especially if they can get some of the data Google has given out or leaked that was trained on the ReCaptcha stuff.

Just make someone do a basic maths thing like old forums.

@kernpanik not only is it very inaccessible to people with limited vision, it also excludes users with older/atypical devices/browsers (including screen readers), and is so america-centric that people from other places have to guess what American fire hydrants, traffic lights, crossings, parking meters etc look like!

Gaggle captchas wouldn't excite me more if they contained bollards, pellican crossings and belisha beacons instead.
They 'fail' you so often, because you are free labour. You are a slave 'mechanical turk' for gaggle to train its classifiers.
Don't just click off. Tell the admin of the site why they are losing traffic, especially yours - one of the very few P.O.'d people who bother to write about it to them! The rest just leave!
@s0 @kernpanik


TBH I only regularly encounter captchas on the website of the online vape shop (recently added), and the Royal Mail free postcode lookup site .

In both situations there is a valid use case (the vape shop by law has to do age and address verification anyway) but surely there could be a better security checking method implemented that could maybe benefit the NHS or other local public services?

@s0 @kernpanik

I think there are maybe 2 specialty vape shops in my town, because various places sell those things.
There are now 5 cannabis shops in town though, which seems a lot for only 12,000 people. I guess Terracites really like their smoke.

@gemlog TBH if it went legal here I would expect the same to happen in Stowmarket (which is a mixed suburban/rural area with about the same population); although not sure how Britain would cope with its car dependency *and* the very strict DUI laws (1 year ban or licence revoked for metabolites of cannabis which can remain in the system 3-5 days later..)

@vfrmedia I can't smoke, so I haven't made myself familiar with 'smoke-driving' laws or testing methods here in my province/country.
You'd think they'd not prosecute for a 5 day old trace surely?

@gemlog the UK does for all illegal drugs (even the allowed amount for prescribed meds is very low compared to the rest of Europe) as do some areas of Australia - its used as a tactic to discourage drug use at raves/nighclubs/pubs/festivals and has been making a big impact on discouraging these things outside large cities with public transport for about 5 years...

@gemlog was speaking to an old friend from the rave days recently and he told me fewer and fewer people were going to the outdoor raves (even before lockdowns) as no one wanted to be the designated driver and the cops were getting smarter with targeting people (they don't always nick them at the rave but tag vehicles with ANPR then stop drivers on Monday mornings when they are likely to be sleep deprived (and possibly driving more erratically) *and* to test positive)

@kernpanik same for cloudflare and their shitty hCaptcha. (The biggest issue with that is, that it has terrible performane on mobile)

at least, hcaptcha have a nice plugin to reduce the amount of captch without tracking (using some cryptography tht i'm not sure of how it work, throught)

indeed. let wait some future version of firefox for Android that support all/most of the addons.

@marius851000 @kernpanik thats the one thing. The other is that an ARM processor will take ages until it calculated amount if crypto hashes needed in comparisom to x86_64

@kernpanik Especially when sites that support indie do it - eg. Bandcamp: a big WTF. De-Google the Net. Agree with you on this one.

@kernpanik what's the alternative to stopping bots?

alternative to stopping bots:

Not stopping bots. Seriously, bots work for ppl so stop attacking them. e.g. I wrote a bot to crawl house listings & look for my criteria. The bot found me the house I bought. Home sellers who used anti-bot sites lost the chance to sell to me.

#DDG is a lousy service. See

@koherecoWatchdog I'm not going to thank you for the link on #DDG 😂

@gak Don't fight scrapers; Read-only bots are a valid choice for people to process information. You can discourage spam account creation by asking a simple domain-specific question at registration; interactions don't need to be complex or invasive for this purpose. Try not to republish arbitrary content provided by random registrants without reviewing it first, but if you are coerced to do so by an employer then look for and suggest other options where you can

And maybe we can drop those cloudflare ones too like pixelfed seems to use.

@kernpanik For anyone looking for an alternative, I recommend hCaptcha. It's much less hostile than Google's product.

@faoluin @kernpanik unfortunately it's not an option because whatever you do it makes you "select trains". Sometimes more than 10 times in row. People hate it

@unti1x @kernpanik Really? It usually only makes me go once, maybe twice. And also doesn't discriminate against browsers, VPNs, etc. to my knowledge.

@faoluin @kernpanik yep. But that's not the worst thing. The "trains" are the problem itself because people are lazy and some of photos have a quality so low you can barely see anything. And usually you have to do this on every single site especially when they are being hosted somewhere on cloudflare. I don't really care but I know a lot of people who just close the tab when they see this

@kernpanik cloudfart's "checking your browser" thing is even worse - I've seen sites where it just reloads in a loop, and I wasn't even on tor, just my normal browsing profile with ublock origin and privacy badger

Please. If you must, Cloudflare's captcha is much more Tor-friendly.


There is so much wrong w/your comment. If you're logged into #Google, the #reCAPTCHA pushes fewer puzzles. Of course that tracking abuses #privacy & defeats the reason for using #Tor, but #CloudFlare is a bigger threat to Tor users than Google. No one who is informed & groks privacy visits CF sites. Also, #hCAPTCHA *pays* CF for CAPTCHA solutions, so you financially feed the biggest Tor adversary when you solve an hCAPTCHA.


@koherecoWatchdog "No one who is informed & groks privacy visits CF sites."

How does one know if a given site is CF-backed or not?

@vesperto if you use a browser other than Tor Browser on Tor, a #CAPTCHA will block you from most #CloudFlare sites. Regardless of Tor, you can hit F12 & in the network tab click on a file. If "cf-ray" appears in the headers then it's a CF site. Some plugins signal when a site is CF.

@kernpanik agree 100% and they've proven it's not even effective at stopping bots now anyway. 😡

@kernpanik As a developer, I've pledged to stop using all google tools on all my clients' sites. True story: google now flags as malvertising sites who use their privacy-focused competitors (Matomo) for analytics.

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community