Unsolvable reCAPTCHAs

anadahz in #tor

Lately (and more often than before), I have a tremendous difficulty to pass any Google CAPTCHAs. I tested a version of Firefox on a torified VM to observe if this related to Tor or to the Tor Browser and it seems to be the latter, as I can pass Google CAPTCHAs even with the first try. To further to test this I used all different variations of Tor Browser's security levels and NoScript privileges, I even disabled NoScript but still CAPTCHAs were unsolvable or required a decent amount of tries. Anyone else experienced similar behavior?

added component::applications/tor browser owner::tbb-team priority::medium severity::normal status::needs-information tbb-usability-website type::defect labels

I can always reproduce this.

Tor Browser version: 8.5.4 Firefox versions: 68.0.1, 60.0.1 (esr)

Website to reproduce it (or try to subscribe on any mailing list listed in Sourceforge): https://sourceforge.net/projects/qbittorrent/lists/qbittorrent-devel

Could be related to some First Party Isolation patches. Does setting privacy.firstparty.isolate to false "solve" the problem?

Trac:
Status: new to needs_information
Keywords: N/A deleted, tbb-usability-website added

Replying to anadahz:

I can always reproduce this.

Tor Browser version: 8.5.4 Firefox version: 68.0.1

Did you try with Firefox version 60.0.x (current version of Tor Browser is still based on esr60)?

Replying to gk:

Could be related to some First Party Isolation patches. Does setting privacy.firstparty.isolate to false "solve" the problem?

Changing privacy.firstparty.isolate to false doesn't solve the problem.

Replying to boklm:

Replying to anadahz:

I can always reproduce this.

Tor Browser version: 8.5.4 Firefox version: 68.0.1

Did you try with Firefox version 60.0.x (current version of Tor Browser is still based on esr60)?

I can pass CAPTCHAS at once with Firefox version 60.0.1 (esr).

Are you experiencing this problem on Google search or on some third-party site that is embedding reCAPTCHA?

Replying to gk:

Are you experiencing this problem on Google search or on some third-party site that is embedding reCAPTCHA?

I can reproduce this problem in other websites that are embedding reCAPTCHA such as Google search.

Replying to anadahz:

Replying to gk:

Are you experiencing this problem on Google search or on some third-party site that is embedding reCAPTCHA?

I can reproduce this problem in other websites that are embedding reCAPTCHA such as Google search.

Okay, thanks. I guess a next step would be to look at the debug output from requests involved in successful CAPTCHA solving vs. those where the solution should be right but Google does not like it, though. I think looking at the headers in the web console might be helpful, additionally checking at the network level (maybe circuits expired etc.) could be useful.

Replying to gk:

Okay, thanks. I guess a next step would be to look at the debug output from requests involved in successful CAPTCHA solving vs. those where the solution should be right but Google does not like it, though. I think looking at the headers in the web console might be helpful, additionally checking at the network level (maybe circuits expired etc.) could be useful.

Great thanks, let me know if you need anything specific from my side to move this forward.

This also happens to me. Seemes independent of security setting. https://www.doodle.com/ to test (which now blocks Tor via cloudflare. Yay!)

mentioned in issue #33426

moved to tpo/applications/tor-browser#31404 (closed)