I was going through the same ordeal as a Firefox user, so I've made Buster to solve challenges and reclaim some of that lost time: <a href="https://github.com/dessant/buster" rel="nofollow">https://github.com/dessant/buster</a><p>If you're a developer, please consider replacing reCAPTCHA on your site with an alternative. reCAPTCHA discriminates against people with disabilities and those who seek privacy, and it gaslights you into thinking you did not solve the challenge correctly, which is plain cruel.<p>Here are some reCAPTCHA alternatives: <a href="https://www.w3.org/TR/turingtest/" rel="nofollow">https://www.w3.org/TR/turingtest/</a>
I've never understood what happened to reCAPTCHA, it was originally so great and is now just so, so toxic.<p>Originally it was an awesome solution based on OCR'ing books that usually worked quickly on the first try, and almost never took more than two.<p>Then it turned into a single checkbox (analyzing mouse movement) so it was even faster... and I remember some simple image-based like "select the images of cats" that were also easy to get right. So even better.<p>But THEN... in the past couple of years, the image-matching started asking exclusively for analysis of street images, that has two huge problems:<p>1) The images are so blurry and ambiguous it's really hard to get right, it feels like a test designed to make you fail<p>2) You never know how far you have to go -- you keep clicking items, they keep replacing them with new ones, and there's zero indication of if you're almost done or if you're getting better or worse.<p>Once I did one for three minutes straight, neither passing nor failing, until I just gave up and left the page... if it's a bug, that should never happen. If that's supposed to be able to happen, that's the apex of asshole design. Either way, it's a failure in every way.
Big rant, there are few things I hate more than filling out their endless useless CAPTCHA's when browsing websites that have nothing to do with Google.<p>Google is a hypocritical pile of burning <i></i><i></i>. They use bots right? They scrape websites, they infest everything from my banking website to console emulators with their tracking, and yet we little people are not allowed to scrape or interface with the web programmatically.<p>I want them to burn so badly, I hope the EU breaks them up. Screw captcha, screw AWP, screw them.
I thought this was just me and their stupid caption being impossible for even humans to solve; turns out I was just being gaslighted this entire time and they're just discriminating against Firefox users? How does the EU or someone not shut down this sort of anti-competative monopolostic nosense? I didn't think I could get more furious about having to struggle with these captions all day, but somehow I am. Please everyone stop using recaptcha on your sites, it's not worth the pain it costs your users.
Turbo Tax uses Google Captcha when trying to import information from financial institutions.<p>While filing taxes, on several occasions I had to just give up and try again after several hours because the Captcha won't let me pass through and after several attempts Turbo Tax will throw an error - to come back later.<p>It was literally a <i>Nightmare</i>
The slow animation is the worst. You really want to punch someone responsible in the face.<p>And I never figure out how to solve the traffic light riddle.
While relatable, this is just a low effort post more suited for Twitter or Reddit.<p>For a fair comparison OP would need to use clean browser profiles on fresh IPs. Like this it is just fan-service for Google Captcha victims (like me).
FYI. Title is misleading. This experience has nothing to do Firefox vs Chrome. Result is because of 3rd party cookie and tracker blocking. I had same and even worse (I was not able to get through captcha) experience on chrome itself because I have 3rd party cookies disabled and couple privacy oriented extensions running.
I'm from the UK and often get very American questions. Such as "select all the images with cross-walks". This isn't really a phrase we have over here, so when I first got this I had no idea what I was meant to be looking for in the array of random pictures and actually had to look it up to get past it. If you're going to force me to do a captcha, at least localise the damn questions.<p>Do other non-American's get this as well?
I believe this is part of a greater Google strategy of using their monopoly power.<p>I’ve noticed that in the last week, Google no longer provides a link to the non-amp version of pages. Previously, you could press two button taps to get to the non-amp page, but now that ability has been removed. This sucks because Amp doesn’t always support all the features of a normal site, like Reddit or blogs (commenting).<p>I worry how Google will abuse this in the future. Right now they control the first page you visit after leaving Google through AMP, but you can usually find a link to the home page of a site. In the future, they may restrict it further.
For Google Recaptcha, I use GreaseMonkey with an user script:<p>"Speed Up Google Captcha"<p>"Makes Google Captcha works faster by removing slow visual transitions and unnecessary delays."<p><a href="https://greasyfork.org/en/scripts/382039-speed-up-google-captcha" rel="nofollow">https://greasyfork.org/en/scripts/382039-speed-up-google-cap...</a>
Ha! Been there, done that. I registered with Patreon (using Firefox), then tried to login (using Firefox) after verifying my email address. Nineteen (19) Captcha screens later and I gave up. Seriously. Bastards (and apologies to the Creatives I was trying to contribute to).
As a developer who has worked with reCAPTCHA in the past and as a diehard Firefox user, what likely happened here is a form of shadow banning.<p>You're moving too fast; your mouse and mouse clicks are "too good" to be human. Try solving the reCAPTCHA slower and you'll see wildly different results, or, purposely fail one reCAPTCHA to get easier ones.<p>reCAPTCHA tech is crazy; reCAPTCHAs are not simple web forms and Javascript, they're a sandboxed and monitored 'window' to a Google server. If you solve too many reCAPTCHAs too quickly (ie. when you are testing a web page, or are rotating your passwords on many websites) then Google's servers will try to rate limit you with slow animations and harder reCAPTCHAs.
I find it incredible that modern reCAPTCHA exists and is legal.<p>Aside from the the obviously concerning censorship that happens if you try to access reCAPTCHA-locked sites over Tor, it is literally forcing internet users to do free labour for Google so that can train their AI for whatever project they're doing.<p>So not only is it a tax on using the internet (paid in seconds to minutes of human existence each time -- I bet reCAPTCHA has collectively cost humanity thousands of lifetimes of wasted effort solving stupid puzzles) and it creates censorship, it also is an act of charity on our part that we provide Google free work with no benefit for ourselves. Given that they literally pay people to do (something similar to) what we are doing for free, I wonder it there are labour law arguments to be made (we aren't paid anything for this work which Google clearly is willing to employ people to do).
This is the experience with the `privacy.resistFingerprinting` flag set to true.
A while back I made a few try to see how the behavior change with different settings and extensions, you can see the result here: <a href="https://github.com/google/recaptcha/issues/268#issuecomment-483248998" rel="nofollow">https://github.com/google/recaptcha/issues/268#issuecomment-...</a><p>I solved the problem by using an extension that toggle that flag: <a href="https://addons.mozilla.org/en-US/firefox/addon/toggle-resist-fingerprinting/" rel="nofollow">https://addons.mozilla.org/en-US/firefox/addon/toggle-resist...</a>
Would it be possible to build a Firefox plugin that creates and isolates the requisite cookies to allow reputation to be built, but at least partially maintains privacy?<p>I was thinking maybe something that has 10 difference Google sessions, and shards them depending on the website, deciding which to send to the Captcha. You'd build reputation at 1/10th the speed, but you'd still potentially build it. Or, one that allows you to create a random Gmail account and then use that as your identity across the different sites. Perfect privacy would be hard, but improved privacy should be doable.<p>Alternatively, getting something like blinded identity tokens widely used would be good.
I consider putting the following on my cv:<p>2016-2019: working for google - analyzing street footage for implementing AI for self driving cars.<p>Maybe I should also invoice google for the effort.
Are you using Canvas Blocker or similar extensions ? As a FF user I also have to go thru 3-4 captcha everywhere and I'm pretty sure it's because the system is having trouble giving me a stable fingerprint.
The latest captchas are so hard that when I encounter one, it really feels like I am engaged in an unpaid labor relationship with Google.<p>It makes me sad that they are so pervasive or I would categorically refuse to engage with any site that uses reCaptcha.
This is especially prevalent in the Google mobile site tester in Firefox. In FF you have to do the Captcha almost every damn time. Switch to Chrome and it stopped immediately for me.
Sometimes it's stairs, and they ask you to click all the stairs, but there's an inch of stairs overlapping one window, so you aren't sure if you should click that window because of the pixel or not.<p>This whole captcha joke and firefox made me hate Google more than anything else.
It's simple; any shitty website that uses this garbage—don't use it. If there is a "contact us" page or email, tell them why you will no longer use it.<p>If it's your bank's site, move a bank. You say "oh, it's a lot of work just for some captcha"; yes it is, but this is the only way this clowns will learn. When 1000 people leave a bank for a competing one and say "I left because your site employs captcha", it will magically disappear. I've seen it happen.
I'm a Firefox user and I did encounter some issues with reCaptchas in the past but this video doesn't convince me at all.<p>For reference I post regularly on 4chan (not compulsively but maybe a dozen comments a day on average) and if you don't have a pass you have to fill the captcha every time. I only use Firefox. I definitely experienced what this video shows on Firefox in the past (the super-slow loading images) but it felt more like a bug than anything else and it doesn't represent the typical experience. Maybe I tripped one of Google's bot filters somehow and I ended up with a reinforced captcha, or there was a bug somewhere.<p>The Chrome section of the video is a lot closer to what I see usually, but they make me go through two challenges in a row typically (although that might be 4chan's settings at play).<p>I'm all for the Chrome hate if it means that people switch to Firefox but I think we need harder data than a short video to call shenanigans on that one.<p>Off topic rant: the fact that a post with such lack of substance manages to reach 700 votes in 3 hours is frankly depressing, it has no place on this website IMO.
In my experience[0], the captchas are rotated regardless of the browser. The captcha shown each time seems to be chosen based on some sort of hidden “trust level”, which fluctuates across attempts based on your choices.<p>The starting level, I suspect, is heavily influenced by browser settings and many other factors. With that in mind, and assuming that<p>1) trust inversely correlates with anonymity,<p>2) people using Firefox tend to be more tech-savvy and careful about their privacy, and<p>3) tech-savvy people using Chrome probably won’t bother locking it down, since it “talks to Google anyway”,<p>I’d be disinclined to believe Google actually discriminates against browsers—no matter how compelling a narrative this may seem—until I have a complete picture of OP’s setup (from browser settings to OS and connection).<p>[0] Last year there was a period I was getting many captchas (either my location or AWS VPN caused me to be considered “untrusted”); I actively tried to figure out how to get past it without giving the algorithm what it wants, so I could go through a dozen of these captcha screens in one browser window. I use Safari, Firefox and Chrome routinely.
Those storefront photos were remarkably clear/unambiguous, compared to some I've gotten.<p>When logging into an account I needed to log into, maybe a couple years ago, they'd jerk me around in the manner of this grumpy.website example, but more. One time, it went on for several topics, for what seemed around 10 minutes. I pay money for that account.<p>This obnoxious annoyance is in addition to the offense of some company letting third-party code from a mass-surveillance company not only into their pages (which almost every company with a Web site does, sadly) but also into their authentication page. Much more important services on the Web do not need captchas for login to accounts that were paid for. Now, every time I get a hassle to log in to my account I pay for, plus directly leak that info to a surveillance company. It makes me regret paying money for the account, like the company are oblivious or don't care, and I won't have much loyalty when the right competitor appears.
This is bullshit. I regularly experience the "Firefox" example in Chrome, but only in incognito mode. Either way, it's not something Google does deliberately to disincentivize other browsers.
I get this all the time with Safari.<p>It’s because Google can’t read as much about you in more privacy based browsers, so you have to prove yourself.<p>Not saying it’s right, but that’s the reason. It needs to be changed.
1. Big company browser attains majority market share. 2. Big company browser's quality starts to slip, but they are not so powerful, they don't have to care. 3. Big company browser starts to work against the common good.<p>We've seen this before. We'll probably see it again.
Based on some CAPTCHA solving sites it costs about $3 per 1000 ReCAPTCHAs solved. That shows you how worthless adding ReCAPTCHA to your site is. All it'll do is slow bots down a bit and cost $0.003.<p>Here's an extension to use those services in the browser so you never have to solve one again: <a href="https://addons.mozilla.org/en-US/firefox/addon/recaptcha-solver/" rel="nofollow">https://addons.mozilla.org/en-US/firefox/addon/recaptcha-sol...</a><p>That's assuming you can't get Buster to work.
I have experienced the same behavior when trying to complete Captchas in Tor Browser. However the vast majority of the time it just says "Your computer or network may be sending automated queries. To protect our users, we can't process your request right now." so I cannot even attempt to complete the Captcha.
I barely use Edge in Windows 10, but whenever I do and I go to any google site I get constantly badgered about 'downloading chrome' even though, a) I've already downloaded Chrome and have it installed, b) I've click such notices away 1000 times. More than mildly annoying and aggressive.
I think what most people don't realize is that you don't need a good captcha to stop most abuse. Even the crappiest of captchas will stop 95% of the bots out there. Unless your site is a high value target, you don't really need a great captcha.
Happens to me in chrome every single day. I think it's a bug in how they're detecting potential bots. Of course no one at Google will listen when you submit reports. Especially the one about selecting street lights/stop lights/crosswalks.
I absolutely hate CAPTCHAs and have done my best to persuade developers to never use them (1).<p>But in fairness to Google, the promise of their new Captcha system is that it uses all of your previous browsing history across the web to determine how likely you are to be a bot. You can't do a fair apples to apples comparison unless the browsing history and behavior is the same across both browsers.<p>1) <a href="https://www.onlineaspect.com/2010/07/02/why-you-should-never-use-a-captcha/" rel="nofollow">https://www.onlineaspect.com/2010/07/02/why-you-should-never...</a>
From my experience, it's the "Access-Control-Allow-Origin: *" response header that causes the problem. So, it's in the way Chrome uses/enforces cross-origin HTTP request/response headers.
Do websites get paid to run reCAPTCHA?<p>I keep seeing reCAPTCHA installed on very low security sites that don't seem like targets for automated bots. I'm wondering if they have some external incentive to install it.
I'm not sure what the comparison is on Chrome vs. Firefox. I've had the pain of these slow animations, with a follow-up captcha, and it's infuriating - On Chrome. Is it better on Firefox?
The mainstream internet of today exists to serve the advertising industry (including but not limited to Google) and things that don't so serve will be marginalized like an organism rejecting a foreign body or disease. It's funny, because really the thing that makes users "more significant" than bots for the average website operator is that showing ads to real people has a monetary value attached to it. That is the only reason you prove your humanity to a machine: to validate your suitability as a target for ad spend.
This doesn't make sense to me. Making reCaptcha work worse in FF without telling user that if he/she used Chrome it would be better. Only few tech savvy people (hn readers), will eventually realize that. And it doesn't make them to switch to Chrome (or does it?). They'll just be angry.<p>And btw I hate reCaptcha. Is it really only option to fight with spam? When I see it on sites, like dhl parcel tracking, I get mad. I always ask why? Can they just block suspicious traffic, or at least not display captcha on first attempt.
That's exactly what happens to me on an almost daily basis. But then I decided to change my feeling from rage to revenge. Here's how:<p>I get the first few selections right, so the algorithm knows I'm trustworthy. Then I purposefully get the last ones wrong. This way, I'm still validated by the captcha and I get to show the middle finger to Google.<p>Now I smile every time I'm faced with reCaptcha :)<p>Highly recommend. It does take some time to figure out the patterns (when to get it right and when to get it wrong), but once you do, it just works.
This could either be some of Firefox's privacy features genuinely making it look more bot-like to Google, Google accidentally or deliberately sabotaging Firefox, or some combination of the two. It's not really possible to tell from the outside, but it's clear that Google's incentives are for Google's products to work better with each other.<p>This is why Google should be broken up -- it should be forced to spin off Chrome into a separate company with a business model similar to what Firefox has.
I experienced a similar problem. I'm using Firefox. Two websites I have great difficulties logging into are twitch.tv and italki.com, both require solving a google captcha that can sometimes take more than a minute to solve.<p>I am working on a micro-payments system (based on mutual credit) that should allow to pay something like $0.001 instead of solving a captcha. If this would introduce zero extra friction, would you consider using this kind of solution over the traditional captcha?
I decided to test this for a good hour once. I was suprised how little it actually matters whether you're on a cheap VPN (although i do think they limit TOR) or are actually getting the answers correct. Load up chrome or brave, and it almost instantly solved, whereas Firefox on default privacy settings is a total pain. The worst thing is how they purposely try to just waste your time with the fading images, like in OP.
The Recaptcha 3 is even worse. For example go to truecaller.com and enter a phone number to lookup in Firefox (android). You won't be able to, it will say Recaptcha had failed. Now do the same in chrome on Android and it works. It's because on ff it gives a low score (i. e user is a bot) while on chrome it passes without a hitch.<p>Funny thing is I haven't used chrome in months so it should be the other way round!
If you’re looking for a good commercial alternative that isn’t turning you into a mechanical Turk to train/classify ML: <a href="https://funcaptcha.co/" rel="nofollow">https://funcaptcha.co/</a><p>If you’re primarily trying to stop bots and similar take a look at <a href="https://www.kasada.io/" rel="nofollow">https://www.kasada.io/</a>
This reminds me of ticketmaster.<p>Site owners can choose not to use google's recaptcha2 but it has become the de facto standard now so no one cares.
There have been many discussions on HN about this before. Google is making us its free slaves, when they can clearly know in the first click that we are not a robot (it used to work perfectly! How can it unintentionally become <i>that</i> worse?) Is there no Google employee here that sees how absurd this is and get this message sent across?
Antitrust investigators should look into captcha stats for at least browser, ISP, mobile device, IP address, and referer header. It would be better if they could just get Google's algorithm, which I assume is based on more data. I'd be very surprised if Google popped captchas less for non-Google IPs, devices, and browsers.
This happens even on Chrome. If you're logged into a Google account, it seems to know that you're not a bot since your Google Account is tightly integrated within Chrome. If you try the same captcha on an Incognito page on Chrome, you will have the same experience as on Firefox. Atleast, that's the case for me.
Oh wow, I assumed it was just my combination of ublock origin + privacy badger + accelereyes + privacy-first settings in FF (block all 3rd party cookies, containers, resist fingerprinting, etc.) that caused many hits.<p>I'm not sure whether I'm glad to find out it's (also? only?) because they hate Firefox.
I have noticed that Google often signs me off from my multiple Google accounts on FF too :/ While Chrome (which I use only for Hangouts) remains logged in. A bit annoying! :D<p>Also, good to see that it's a more widespread issue with these captchas too, I somehow thought that I am just bad at solving them :)
The worst part is that fading effect is completely useless because a bot can wait too if it doesn't detect a proper image. When I tried to exploit Google recaptcha for fun it was an easy task for me to implement a timer that will wait for the image to appears correctly.
reCaptcha v3 fixes this behavior. Instead of having one gateway test to determine if you are a human or a bot, it collects data on a background on your browsing behavior. Thus, it has a longer browsing behavior sample for heurestics.<p><a href="https://developers.google.com/recaptcha/docs/v3" rel="nofollow">https://developers.google.com/recaptcha/docs/v3</a><p>Of course, you need to have cookies enabled.<p>If you do any browser in ignonito mode and/or use VPN or Tor you are going to get persona no grata treatment because it is likely your source network and IP address have caused a lot of problems before. The only way to go around is to have some permacookie on your browser saying you are a good citizen.
HN previously, when Google released RCv3: <a href="https://news.ycombinator.com/item?id=18331159" rel="nofollow">https://news.ycombinator.com/item?id=18331159</a><p>Has anyone posted a technical analysis of the changes? I’d love to read more about it.
now that's weird. firefox is my main browser (developer edition on linux, windows and macos) and i never get captchas.<p>maybe it's because i don't use umatrix (i only use ublock origin)? maybe because i'm always logged-in in at least one google account?
I've noticed this effect as well. The white boxes, waiting and waiting, four or five different consecutive tests. All in all a terrible user experience. I thought it was because I used VPN, but this is another explanation.
I use a site frequently and am on the latest FF and I don't see this behavior - the refresh is quite quick.<p>Does this mean that Google knows enough about me (ie, privacy leak) that it's choosing to not having infuriating UI?
My default approach is to leave site that require reCaptcha (meaning, when ticking the box triggers the challenge) but when I do need to take the challenge I make sure I sprinkle my results with subtle errors.
Does Google use this data to help train its self driving cars and maps for identifying information?<p>I feel like every captcha is about a street scene of some sort... house numbers, cars, motorcycles, hydrants, stop lights etc.
I'm frankly surprised there has not been an ADA-based lawsuit against Google. I can't tell you the number of times the audio captcha has been unavailable for "reasons".
Oh, I thought it was me... seems like it was my choice of browser. In any case, perhaps Google has a harder time telling me apart from a computer. I guess that is a plus for FF then.
I've had this a lot, thought this was a bug in firefox's rendering or something. Glad to know it isn't, but now I'm somewhat more annoyed to know the real issue.
If you can, skip the visual CAPTCHA and just go for the audio version. You’ll help train Google’s speech recognition bots, but you’ll get through the CAPTCHA faster.
This fits the pattern of Google consistently going "oops we broke Firefox" (or otherwise made it worse than Chrome) to the extent it raises suspicion of a deliberate strategy, as described by this former Mozillian: <a href="https://twitter.com/johnath/status/1116871246510264320" rel="nofollow">https://twitter.com/johnath/status/1116871246510264320</a>
reCAPTCHA is malware. If a site uses it, I (usually reluctantly) stop using the site. It's not even a privacy issue anymore - I'm logging into the site, usually so I can give them some money (bandcamp, humble bundle) - I just don't want Google all up in my business. Is that too much to ask these days? In order to not have some creepy giant corporation overseeing everything I do, I guess I just have to not use the Internet.
i shifted from Chrome to Firefox a few months ago. been facing this super-slow Captchas. I simply assumed this is due to some network slow / server slow / browser slow. I didn't even bother to go back to Chrome to compare this.<p>After reading comments in this thread, now I realize this is intentional thing against Firefox.<p>Damn Google. what happened to your "Don't be evil" beginnings ?
Google chrome can already identify who you are and it knows you're not a robot.<p>That said, it still forces you do to work for its self-driving car effort.
When confronted with reCAPTCHA I always switch to the audio-version as that:<p>- is generally easier to solve (download the sound clip using curl or wget, type in the nonsense it says, done)<p>- does not turn me into a mechanical Turk training Google's AI<p>- works in 'any browser' by circumventing the browser (by using wget/curl), thereby not allowing Google to punish me for not using their dragnet/browser.
Google search results page in Firefox mobile browser looks like it is from 2010.<p>I filed a bug report, only one version of it is fixed, later versions were just displaying same old pages.
Dear developers, if you want to avoid most of the bots use only HTTP/2 and only TLS v1.3. Don't support lower protocols than these ones and your bot problem will decrease greatly. Even GoogleBot won't be able to crawl your web site.
Congratulations, you played yourself.<p>It's not Firefox that's the problem; reCAPTCHA works just fine on Firefox. It's all those anti-tracking measures you installed and enabled -- they work by making your browser indistinguishable from a low-quality bot, kicking the website into self-defense mode. The slow fade is a rate-limiting measure. It's annoying to you, but it's more annoying to people trying to automate login attempts.<p>The site is attempting to protect your account by preventing automated attacks against it. Meanwhile your browser is doing it's best to look like a shell script, refusing to send any sort of behavioral feedback or distinguishing characteristics that might give away the fact that you're a human.<p>So the question is: is it really worth alienating those quirky, paranoid users who take extraordinary anti-tracking measures, just to protect your normal users from automated attacks?<p>Yes.<p>Of course it is.