I like to browse the web privately (VPN, TOR, etc.). Everyone who does this, knows, that reCaptchas can be particularly bothersome, as they send you to endless solving loops. My idea to circumvent this is to solve captchas on the clearnet, (similar like captcha solver services are doing it, only that I'm simply fetching those captchas to myself), where the difficuilty is much lower, and continue surfing with the solved token in my private browser.
My concern is: Who gets to know what about me when I'm doing that. It's obvious that Google in that case would get my real IP. But would Google also know which site I'm accessing? What about the hoster who implemented the reCaptcha? Are they going to see the IP which solved the captcha?
Finally, are there already implementations who are doing this?
Thanks in Advance.
Related
Our customer service is an important user of our website. When doing their work they frequently send requests to the part of our website that is protected by invisible reCaptcha (v2). For that reason I think their actions are being marked as suspicion by reCaptcha and they keep getting the reCaptcha where you need to select photo's with a certain image, this makes their work has become quite a bit more time consuming. Is their a solution for this? Perhaps by whitelisting our IP so traffic from our IP will never be suspicious, and the reCaptcha with the images will not show?
I couldn't find the answer in the documentation so hope that someone can help!
My site is using Google reCAPTCHA control but I am hearing its being block in
China, Is there anyway around this I see there is some people reporting that changing the API to https://www.recaptcha.net works in China?
Anyone try this because I see it still going out to google?
string apiUrl = "https://www.recaptcha.net/recaptcha/api/siteverify?secret={0}&response={1}";
As google says in his assistance page, you should use this domain "www.recaptcha.net" instead "www.google.com" on the api call.
First, replace src="https://www.google.com/recaptcha/api.js" with
src="https://www.recaptcha.net/recaptcha/api.js"
After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.
Obtained from: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
Edit: to clarify on some of the comments, while if you try it outside of china yes you do get references to gstatic.com but if you try this in china, any references to gstatic.com are replaced with gstatic.cn (don't forget to add it to your SCP). So this solution is still valid.
IMHO, google things are not stable in China as it can be blocked anytime.
From Baidu threads, it also mentioned that sometime google recaptcha works, sometime it doesn't.
https://www.v2ex.com/t/492752 (Chinese)
In programming world ,unstable function means useless or more code for dealing with exception.
If you really need to use google recaptcha,
you would better test properly using VPN (IP in China) first.
Here are some options you can consider,
You can use alternative captcha
Google will tell you various captcha.
Build your own captcha
Open Source Invisible reCAPTCHA alternatives
Use proxy web server(nginx) to send and receive data to or from google recaptcha
I have shared the solution to this problem by using cURL.
https://stackoverflow.com/a/63568516/11910869
cURL acts as a middle man between the client and the server. So even if google.com/recaptcha can not be accessed by the client because it is blocked by the service provider, cURL can act as the proxy to send the HTTP requests and get the response.
After reading through the documentation, i understand that recaptcha makes it difficult for the bots to do a form submission. This reduces spam for sure.
Apart from this, is there other advantage of using recaptcha?
Some articles were indicating that from a proxy or a virtual machine(for the first time), recaptcha is triggered. But is this really needed or rather what is the advantage of this?
Also, whether recaptcha does something to prevent bots crawling the website? I do not think that might be a case because this may affect search engine crawlers also.
From the documentation, "reCAPTCHA protects you against spam and other types of automated abuse." what are the other types of automated abuses in this context?
Well it doesn't matter if the bot is friendly or malicious. Some webmasters don't want bots on their website, and some bots do not respect robot.txt that would tell the bots to keep off their lawn. Besides, web crawlers should not be on the pages that require the user to post information about themselves.
To quote the website, "reCAPTCHA offers more than just spam protection. Every time our CAPTCHAs are solved, that human effort helps digitize text, annotate images, and build machine learning datasets. This in turn helps preserve books, improve maps, and solve hard AI problems."
I use intuit merchant services - customers pay me with credit card after I send them an email with a link to pay, and everything works with no problem. However, my problem is that the link webpage structure is very outdated and some customers have told me that it doesn't look trustworthy, which I have to agree.
Is there any solution to this, like creating a user interface or a app that I can actually have developed to make this links a little bit more to look like my website so customers don't feel they ever left my website?
Thanks.
You should be careful with this idea. I am not a legal professional and am in no way attempting to give legal advice, but doing what you are suggesting can be illegal in some cases. Some sites disguise their payment screens in a similar way for malicious purposes in a manner called phishing, and there may be little legal differentiation between doing so with good or ill intent.
I don't think this is possible but here is what you actually can do:
Ask your Payment-Website about an API, then you might be able to change the layout.
Inform your customers about the situation and that they will be redirected of whatever you do.
Get a SSL-Cert for your website.
Find another way to receive payments in a trustworthy way
I'm wondering if anyone can help with this.
I'm creating a site for a client using Google Sites (A requirement they set).
One of their requirement is for a contact form to be embedded on the site. I've had a look and there are plenty out there, however, if a user visits from any version of IE the content is not displayed due to the security settings.
All other browsers are functioning fine.
I know the alternative is to simply put a link to an external source, but is not ideal.
My question is threefold fold.
1. Is it possible to write a gadget that will work for IE with non-secure content (if so how)?
2. Are there any HTTPS contact forms out there that I could use?
3. Does anyone have any experience with Google sites and trying to load non-secure content and have any tips?
Thanks
Have you tried JotForm.com? They have the same (free and premium) plans as emailmeform.com. Plus, they have a specific roundabouts to embed your form in Google Sites (they have a gadget made for Google Sites). And yes, JotForm has https url for their forms if you wish to embed it as an iframe.
-- One other solution is resort to using Google Docs form.
Does anyone have any experience with Google sites and trying to load
non-secure content and have any tips? Still awaiting people with
experience....
-- Yes, I have experienced this while trying to put some social media scripts in my Google Sites website and the best thing really was to rid my Sites of those non-secure contents.
For any interested I have kind of answered my questions.
Is it possible to write a gadget that will work for IE with non-secure content (if so how)?
It is possible but you need to have a SSL hosted server.
Are there any HTTPS contact forms out there that I could use?
There are paid solutions for this. Alternatively, write your own html code to post to one of these solutions (free solution is http://www.emailmeform.com/)
Does anyone have any experience with Google sites and trying to load non-secure content and have any tips?
Still awaiting people with experience....