Opened 4 months ago

Last modified 3 months ago

#31404 needs_information defect

Unsolvable reCAPTCHAs

Reported by: antonela Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website
Cc: anadahz Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

anadahz in #tor

Lately (and more often than before), I have a tremendous difficulty to pass any Google CAPTCHAs. I tested a version of Firefox on a torified VM to observe if this related to Tor or to the Tor Browser and it seems to be the latter, as I can pass Google CAPTCHAs even with the first try. To further to test this I used all different variations of Tor Browser's security levels and NoScript privileges, I even disabled NoScript but still CAPTCHAs were unsolvable or required a decent amount of tries. Anyone else experienced similar behavior?

Child Tickets

Change History (10)

comment:1 Changed 4 months ago by anadahz

I can always reproduce this.

Tor Browser version: 8.5.4
Firefox versions: 68.0.1, 60.0.1 (esr)

Website to reproduce it (or try to subscribe on any mailing list listed in Sourceforge): https://sourceforge.net/projects/qbittorrent/lists/qbittorrent-devel

Last edited 4 months ago by anadahz (previous) (diff)

comment:2 Changed 4 months ago by gk

Keywords: tbb-usability-website added
Status: newneeds_information

Could be related to some First Party Isolation patches. Does setting privacy.firstparty.isolate to false "solve" the problem?

comment:3 in reply to:  1 ; Changed 4 months ago by boklm

Replying to anadahz:

I can always reproduce this.

Tor Browser version: 8.5.4
Firefox version: 68.0.1

Did you try with Firefox version 60.0.x (current version of Tor Browser is still based on esr60)?

comment:4 in reply to:  2 Changed 4 months ago by anadahz

Replying to gk:

Could be related to some First Party Isolation patches. Does setting privacy.firstparty.isolate to false "solve" the problem?

Changing privacy.firstparty.isolate to false doesn't solve the problem.

comment:5 in reply to:  3 Changed 4 months ago by anadahz

Replying to boklm:

Replying to anadahz:

I can always reproduce this.

Tor Browser version: 8.5.4
Firefox version: 68.0.1

Did you try with Firefox version 60.0.x (current version of Tor Browser is still based on esr60)?

I can pass CAPTCHAS at once with Firefox version 60.0.1 (esr).

comment:6 Changed 4 months ago by gk

Are you experiencing this problem on Google search or on some third-party site that is embedding reCAPTCHA?

comment:7 in reply to:  6 ; Changed 4 months ago by anadahz

Replying to gk:

Are you experiencing this problem on Google search or on some third-party site that is embedding reCAPTCHA?

I can reproduce this problem in other websites that are embedding reCAPTCHA such as Google search.

comment:8 in reply to:  7 ; Changed 4 months ago by gk

Replying to anadahz:

Replying to gk:

Are you experiencing this problem on Google search or on some third-party site that is embedding reCAPTCHA?

I can reproduce this problem in other websites that are embedding reCAPTCHA such as Google search.

Okay, thanks. I guess a next step would be to look at the debug output from requests involved in successful CAPTCHA solving vs. those where the solution should be right but Google does not like it, though. I think looking at the headers in the web console might be helpful, additionally checking at the network level (maybe circuits expired etc.) could be useful.

comment:9 in reply to:  8 Changed 4 months ago by anadahz

Replying to gk:

Okay, thanks. I guess a next step would be to look at the debug output from requests involved in successful CAPTCHA solving vs. those where the solution should be right but Google does not like it, though. I think looking at the headers in the web console might be helpful, additionally checking at the network level (maybe circuits expired etc.) could be useful.

Great thanks, let me know if you need anything specific from my side to move this forward.

comment:10 Changed 3 months ago by mikeperry

This also happens to me. Seemes independent of security setting. https://www.doodle.com/ to test (which now blocks Tor via cloudflare. Yay!)

Note: See TracTickets for help on using tickets.