-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to enable audio CAPTCHA. #685
Comments
reCAPTCHA is a beast. Personally I refuse to interact with it - and when I really have to, I use a secondary browser (maybe three times a year). I know this doesn't exactly help you. But let me continue.. because you're in for a world of hurt (maybe) Here's the thing. It's fucking google and they are a biased bunch of wankers. Read this -> #7 (comment) I recently signed up for a Once your Firefox if flagged as "suspicious", it's going to take a while for it to be unflagged. So testing changes and getting valid responses might be difficult. I have very little patience or experience with reCAPTCHA (like I said I avoid it like the plague), but first off you will need to allow all the code (google apis, etc) if you are blocking anything. Then I would look at turning
That's for starters, and may work. And you may only need one or two of them. Do you have a gmail account? With FPI off, and you logged into gmail, you might get some respite. Just thinking outside of the box here. In all honestly though, depending on how much you encounter it, the trade-off in privacy is not worth it IMO. Google are just evil assholes, and they know it, and abuse it. Let us know how you get on PS: Do you have a test site for this: I wouldn't mind trying in a vanilla Firefox. I guess https://patrickhlauke.github.io/recaptcha/ does the trick, right? |
Just for fun: in a vanilla Opera profile: pictures
|
I can't get Buster to work at all - I see "This page can't ..." in the box where the CAPTCHA should be ... CAPTCHAS also insanely long and annoying with: privacy.resistFingerprinting -> false |
I would have thought you would want that as |
I've reading a lot of stuff, and twice I almost came in here to point to something on reddit or elsewhere about this, and to close the issue. Third times the charm... https://news.ycombinator.com/item?id=19614808 Just have a gander thru that, from the top, just scan down a little and spot the words google or captcha (its not far down, and I didn't read much further myself). The truth is that google is hostile to anything that it senses is not "normal", and normal to them is being able to track you. One user mentions "google ban hell" (been there, done that, many times). Here are some quotes
^^ that's interesting. Maybe google is picking up on some blocking of services over that IP?
^^ I hear ya
https://news.ycombinator.com/item?id=19623001 (sorry big quote coming)
|
I think I'm around the At the end of the day, if you want to get some privacy (and you hunted down this user.js etc) you're going to have to block things that upset google. My suggestion is that it is not worthwhile fighting it, just use a secondary profile with Firefox (or a portable Firefox of your choice) and configure your browsers to run concurrently, or a secondary browser - hell, go Chrome if it fits the bill - i.e add uBlock Origin, uBlock Origin Extra, and clear everything on close, and only use it for those few sites you have to. You might get Side note: you could try and use a user agent spoofer extension to always sent chrome UA to the relevant google services used by captcha? IDK. |
sorry, I jumped the gun. Re-opening. We should identify what prefs cause BREAKAGE - which is what you are getting - vs captcha hell, which while its intrinsically linked, is not what you were asking about. IIRC, you originally had everything working except the extension "broke". What happens if you go back tot hat point and don't use the extension, but do a manual audio test? IDK how much testing and playing you've been doing, so you could already be flagged as semi-suspicious, but that shouldn't break anything. |
There must be a perfect selection of tweaks that puts us @ no. 2 or 3 for CAPTCHAS rather than the hell we're in atm?
Surely this can be done thru xyzMonkey? What is the URL for CAPTCHAs exactly? I think more than a few of us would give up a few security preferences to fix this CAPTCHA solver addon, I can only get it to show the error message OP posted with Skip Redirect, Smart Referer and (potentially) uBlock turned off so there are options in there that are interfering with CAPTCHA for sure, just need to weed 'em out. |
You would want to allow everything in uBO and watch the logger. google.apis is one of them. It's not many - maybe three domains. I'm not sure what UA spoofing extension would let you do NO spoofing except a whitelist. And since it would be global, no idea if it then causes breakage - e.g using google search or youtube - where search says you're on Firefox but the google.api says Chrome <-- dodgy. It's almost as if you'd need to think about a strategy where all google services are blocked as third party, and then you selectively allow them (depending on what domains need to be spoofed to chrome). Might even be easier to use a google container extension and grab all the domains in it, and spoof all those. And again, it was just a suggestion - it might work if set up properly, along with a couple of pref changes - it's just that compromising those prefs is too much IMO. It's just easier to use a secondary browser - but everyone has diff needs. |
False alarmx3 - my Clear URLS was giving me a "this page is not redirecting properly" error for Buster. Now the addon is enabled but shows the "automated traffic" error. |
Hey sorry for leaving this topic without any kind of response for a long time, busy week. my general understanding of it is: google does not want us to get privacy, so they make everything in their power to bully us, long-ass captchas is just one of them. Once you start messing with privacy related settings things, captchas start to slow down, i think its by design. also just food for thought: what if we go the other way around? just block/disable the dam thing all together(captchas) is clear that this user.js is not intended to work with it. Maybe creating an super anti-google bullcrap user.js would be better and it would not raise questions like this one since we can just say that, by default its suppose to NOT work with google captchas. |
@AMihail1 |
Interesting, on the very last link I was able to get the audio reCAPTCHA to play (without Buster installed) but after typing in the words it spat out the "automated traffic" message again. |
Agreed it is by design, but I think it'd be possible to pin point the settings that are giving us the "automated traffic" error for sure. |
It is not only Google who bullies us. The websites installing recaptcha do this too. Google here is like a mercenary, providing "free" service of bullying to the ones who wants the ones bullied by recaptcha to be bullied on their websites. See also #644 . |
well, i was in a good mood till i seen this mention of Gaagle - they and anyone else using that bloody captcha crap can burn in hell - anyway, i was fooling around with this myself and found that concealing window.name also causes a problem with this - figured i'd mention it if anyone cares |
windows.name script has an exception for captcha - https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.1-User-Scripts Unless you're using the one in Canvas Blocker, which I think tells you or it already has, an exception for it as well. |
i was using the script from the wiki, which i see is all updated now, so i expect i'll start using CB again - thanks for the infos |
the script hasn't changed since the author wrote it 142 years ago |
no, not the script, the advice - references to Canvas Blocker i mean |
Ahh OK .. that was only 97 years ago, so I'll let it slide :) |
It's rather difficult to get me to rant, or to cuss, but this fucking Recaptcha shit needs to go away. I clicked on the fucking traffic lights. I know I did. Yes, I clicked on all of them. Don't you fucking tell me I didn't. I know what a fucking traffic light looks like, and I know how to click on things. Google, don't fucking call me a liar or tell me I'm incompetent. I'm neither of those things. Clearly, Google, your head is up your ass, and you're just trying to waste my time. Fuck off. OK, rant over. Thanks for letting me vent. Here's how I currently handle Google's evil Recaptcha system: I don't spend any money whatsoever on any site that uses them. Period. Yes, I've left online shopping carts full of merchandise without finishing the transaction because of Google's Recaptcha. I've refused to sign up for services because of Recaptcha. It's just not worth the hassle. Sometimes I'll send an email to the CEO or CTO of the company that just lost a sale, and explain why. Sometimes, I won't bother. After all, they clearly don't respect my time or my values. I previously used Buster to answer Recaptcha's for me. It worked perfectly most of the time. But something changed, and now I get the same error as the OP, @stormsz. If we can figure out what causes Buster to fail, that will be helpful. If we can't, the internet is a big place and I'm willing to be somewhat content using the portion that is Recaptcha-free. Oh, one more small rant: Fuck Google. |
Like I said before - I'd be willing to sacrifice some privacy/fingerprinting settings to fix recaptcha/Buster, I personally just don't know where to look. :/ |
issue solved...
my sentiments exactly, and i've done the same thing regarding abandoning full shopping carts because of that bullshit |
This one... when set to /* 2429 */ user_pref("dom.targetBlankNoOpener.enabled", true); But it is not worth IMHO. Cheers |
Not for me, still seeing "Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help page" when trying to use audio captcha. |
For sure it is, but seems to be the combination of many. Cheers |
Confirmed working with these settings toggled. Make sure CanvasBlocker isn't protecting window.name/opener either as these seem directly related to the "automated traffic" error reCAPTCHA is spitting out! EDIT: not sure if |
For sure it is, since its very similar to |
I tried:
But it still results in the previously posted Recaptcha error. |
Funny, I had working solutions... didn't change a thing, didn't even close the page, since I left computer for that time... now a few hours later it doesn't work anymore. UPDATE: |
@crssi Maybe Google is watching us here and is fucking with us. 😈 LOL. Right now, when I try solving Recaptcha's using Buster, they time out. No error, but after 1-2 minutes they time-out and the big Recatpcha checkbox turns red. Just got your update... I wonder what's going on. |
What extra extensions are you running? |
I know OP was about audio & buster, but since this is all linked anyway Just have a gander at https://github.com/google/recaptcha/search?q=firefox&type=Issues
That's the first thing I came across. So besides not blocking the domains required, I would suggest that they also be allowed to set 3rd party cookies. I didn't read past the first sentence, and one day if I ever get time, I could test in a vanilla profile and inspect all connections and persistent data. FPI I don't think would break this, at all - it would just mean that you will get asked for a captcha on every domain, rather than just be presented with a checkbox (because it can't access the info it stored from previous captchas). And of course by clearing all data on close all the time, every new session, you start afresh. Also, I never checked: but the buster extension: what exactly is it using? speech synthesis? the pref |
Another issue to consider is the RFP also mitigates timing attacks, and rounds to 100ms. I'm do not know if recpatcha monitors mouse movements and timing to determine if you're a human. With everything being in 100 steps, that's suspicious of bot activity. However, I have seen no bugzillas that support that RFP causes recaptcha 2 to break (only the new recaptcha 3) |
bit of a read here: https://github.com/ecthros/uncaptcha2 no doubt that's how buster is designed to work
|
I think the key here to recapcha is:
This should then allow it to work (the picture clicking etc). However, RFP does cause issues, especially slow fading pictures etc - but it shouldn't break recaptcha. FPI shouldn't break it either. I also have to ask - just WTF is it all you guys do on the internet that you get recaptchas? I never ever see em or need em (except the occasional sign up, like 3 times a year) |
Many blog comments have it. |
Any quick fix for noobs here? What do I need to allow thru uBlock exactly? In saying that, I doI have Buster confirmed working as per those settings we shared up there! ^ |
What settings? Can you list them for me, so I can make it official and a FYI label |
It's a pretty big workaround, but as far as I understand you need:
and google.com/recaptcha & gstatic.com/recaptcha 3rd party stuff whitelisted in uBlock, CanvasBlocker and Privacy-Oriented Origin Policy. I can confirm Buster automatically solving captchas with this setup. |
well f#ck me ... that's a whole lot of stuff to give up because of google .. and don't forget to make things work better/faster it probably needs 3rd party cookies, and also it requires that you don't fuck with windows.name |
I feel like if we're using Cookie AutoDeleter the 3rd party stuff gets sanitized on tab close? EDIT: I might be losing my mind but another variable seems to be how you move your mouse on the captcha tile page ... |
Use another profile or just install another browser. |
Just tried to add Buster to my arsenal and came across the same issues. The solution is definitely way too much to give up for me. Luckily when storing cookies for a site, you wont have to solve a captcha more than once (because you're already logged in). However there's a couple of sites I've come across that make you solve a captcha every time to allow you access to the page. Also there's some sites that refuse to keep me logged in despite storing cookies for them, but that's a separate problem I'll have to look into. |
AMihail1's solution, slightly edited by Pants
privacy.resistFingerprinting
- falseprivacy.firstparty.isolate.restrict_opener_access
- falseprivacy.firstparty.isolate
- falsedom.targetBlankNoOpener.enabled
- falsedom.webaudio.enabled
- truewindows.name
(script, CanvasBlocker: whitelist it)So i'm a long time user of https://github.com/dessant/buster and wanted to make it work with this user.js.
the problem
when i try to load the audio captcha it get this error:
Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit
i cant find the options that are related to this issue, would be grate if someone could help me.
thanks a lot
edit: also the audio captchas and buster work great when i dont have this user.js enabled.
The text was updated successfully, but these errors were encountered: