I have noticed lately that several sites I’ve tried to login to, some I already have an account, some I am trying to make a new account give me what seems like endless captchas.
The two notables ones from my memory, Etsy, where I’ve had an account for years and have 2fa enabled ffs. The other Unity, where I’m trying to make an account to join a friends Organization.
After several minutes the captches just seem to keep going and I get more and more frustrated to the point I just give up and don’t login (which is not really an option with my Etsy store).
My setup isn’t anything crazy, Firefox, Fedora 40, no vpn’s or anything. Always from either my laptop or gaming system.
Does anyone else have this issue? What are the options?
EDIT/UPDATE: I disabled ublock origin long enough and only got one captcha. Seems google is trying to punish people using that. EDIT2: Spoke too soon, got my email verification, clicked through and back to endless captcha’s… ffs
Your edit is spot on. Google is trying to annoy people out of using VPNs and other tracking blockers. In most cases, I allow one CAPTCHA, and if that fails, I go somewhere else. If it’s Google search, where I go next is Bing, just to punish Google.
When I must use Google, I do so in a dedicated container on Firefox. That way, Google knows who I am, but the only thing they ever get is what traffic I’m sending to them.
One thing I have yet to do is randomize my VPN exit node for Google; I’ve noticed that they correlate exit nodes to device trackers, and if I visit somewhere outside of my Google container, they can tell it’s me by correlation. I may start using Firefox’s VPN for Google connections, or just fire up Tor for Google connections.
While I don’t dispute any of that, it seems to me that Google’s CAPTCHA services can also cycle endlessly no matter what.
For example, I’ll have uMatrix give full permission to the service early in the day, and the queries will never end. Come back a few hours later and it will work first-time, no problem. Other days it might loop in images more than usual but will eventually work.
As if they have no issues with my particular setup, but sometimes lose track of my progress through the CAPTCHA.
I’ve experienced that, too. That’s what prompted me to simply give up and try something else after the first CAPTCHA.
I am using edge for MS and chromium for Google. For the rest of the internet - Librewolf
This sounds like what TOR users run into. Are you always clearing your browsing data/cookies in Firefox? A fairly blank slate there will raise some red flags in a lot of systems causing the captchas to be aggressive.
Otherwise, maybe you just ended up with a bad IP address that was previously being used for suspicious bot looking traffic?
I would definitely submit a ticket to Etsy about this issue, but this is likely an issue with captcha or whatever they’re using to detect “suspicious activity”.
Edit: I just tried logging in to Etsy and it gave me about 4 captchas for signing in with a “new device”.
Looks like google really needs help training their self driving cars.
Never tbh, only when I run into a crazy issue on a site. My go to us first diable ublock origin second is clear stuff. I haven’t had to do that in quite some time.
Wiggle your mouse a bit before you select something, they check mouse movements and if it’s too precise you fail
I do that…
Are you using a VPN? If yes, try disabling it.
EDIT (2024-05-22T19:33Z): For clarity, I’m not against the use of VPNs. I am simply offering ideas for troubleshooting steps. It is very common that sites and services will flag VPN providers as potential botnets and, thus, barrage a VPN user with captchas. This outcome isn’t unique to VPNs — there are potential browsing fingerprints that can result in being flagged as a potential bot — but it is at least one potential and common culprit.
This is almost certainly the cause.
Most captchas treat connections from a known VPN exit node as a red flag because most of the spammers use them to hide their location and it’s a pretty small minority of the total traffic so not many people will complain about it. It’s also way easier to do that than try and find some heuristic way to identify malicious behavior.
If they also get some extra data from you that they can sell once you disable it, then all the better for the company too.
Change you browsers user-agent(set to chrome on windows), clear cookies & disconnect router for 1 min. Then try again. Let me know if it works 😀
I guess I can change the user agent. I kind of want to use firefox agent to force sites to keep it around. But yeah for this purpose you’re probably right.
Yup, some websites outright deny non chromium browser
deleted by creator
