reCAPTCHA concerns for developers and end-users

in #privacy10 months ago

Concerns over reCAPTCHA ..

image.png

Not available in China

Can't access reCAPTCHA from Beijing -- post

A more recent example (Mar 8, 2018) is an attempted work-around. Here is a comment that gives some insight into what is being loaded: "So I did some research and found out that 'Google implemented a whole VM in JavaScript with a specific bytecode language' according to neuroradiology. Maybe the domain is embedded in those byte codes?" github issue

Even if this works I don't see any guarantee that it will work in the future. The reCAPTCHA scripts can be updated by Google at any time.

image.png

reCAPTCHA invades privacy

image.png

ReCAPTCHA has been analyzed and observed to upload css, scripts, scrape the DOM, and grab unique information about the browser's (like a fingerprint). Fortunately, many web-site frameworks do not provide a global pointer into its memory so, in those cases, much of the data used by most apps will be unavailable. Therefore, privacy may be added by simply removing the form elements in the DOM before loading reCAPTCHA. Unfortunately, I only see a few sites that are removing the form data before showing the reCAPTCHA.

The reCAPTCHA uses a cookie under the google domains that developers can't remove for you. That browser will provide that cookie to all sites sourcing other google scripts under the same domain. This may be combined with an IP address and browser fingerprinting to identify and covertly track us. It is probably no coincidence that the reCAPTCHA code is hosted under generic domains used to host much of google's work: gstatic.com and google.com. This increases the scope of tracking cookies.

If used, at the very least, use reCAPTCHA in a web app where where the global window variable and the DOM does not contain user-provided information.

Effectiveness

I was able to find a paid service that auto-completes reCAPTCHA. I have also seen reports of hacks and outsourcing. But overall it may be the most effective solution for a captcha. The incentives work against us, Google appears to want our data and build out their machine learning and therefore they have invested stolen money (some or much include government subsidies) to implement this kind of technology. End-users must educate themselves to the point where enough people and enough resources are available to produce a better solution. Obviously we need to stop using their currency and prevent theft too. In parallel, we can settle for second-best but we should educate and do this with confidence.

Aids machine learning potential use in nefarious technology

It appears that Google may be using the data to train nefarious technology intended to illegally violate life, liberty, and the pursuit of happiness. Driverless cars, for example, could implement a china-style social credit score and deny services or detain men or women for arbitrary reasons (also known as victimless crimes). Based on what I have seen so far, something along these lines is absolutely inevitable.

image.png

End-user solution

As a developer, it is these concerns that drive me to do all extra work when I encounter a reCAPTCHA site. Over the years I have incrementally built up a more advanced methods and I apply automation when practical. I would love to see this automated and done in ways that are better than what I'm describing here.

The user may clear the cookies for google domains. A browser plugin can help automate this process. I feature that would clear a list of domains automatically upon leaving a site would help.

Additionally, use a something like a VPN to help privatize the IP address getting compromised. There are many more applications for adding some chance of IP address privacy.

I leave these domains blocked in my system's host file:

127.0.0.1       www.google.com
127.0.0.1       gstatic.com
127.0.0.1       www.gstatic.com

It is awkward because I don't know if a site is expecting a reCAPTCHA in advance. So every-time I get a form (or login) that does not work, I open the browser's console then reload the page and look at the browser console's network request and see it is trying to load reCAPTCHA from any of the above domains. I did this so often I finally scripted it out.

If so, I then I unblock the Google domains (remove those entries from my host file) then I clear any data in the form and reload the page again so the reCAPTCHA appears. I mess up the captcha at least 10 times in ways that will feed the algorithm the worst data possible (images that look like what they are asking for) then eventually I complete it to the point where hopefully the machine learning algorithm will accept some inaccurate data at the same time.

Finally, I re-block the google domains and fill in the form quickly (sometimes having the form's data prepared in advanced) then submit the form before the reCAPTCHA expires. Unfortunately for Linux user's, there delay before the Linux host system picks up the host file again (and pressure to do this quickly) so this may be in-perfect. The idea of course is that I don't wan the form data I just entered getting broadcasted to google.com or gstatic.com.

The Bigger Picture (beyond reCAPTCHA)

image.png

Trust me there is a bigger agenda at play and it gets pretty evil. We have had to put up with this type of stuff for so long, serious psychological problems are inevitable. I'm willing to say that if someone is affected in this way, then either they have been well trained or they have not been exposed (are vulnerable). My opinion is that most people are either really fortunate (with proper education) or they could really benefit from breaking down and really look into how they "might" have been indoctrinated.

image.png

I see it all the time. It is common for people to get out of denial (see the issue, again?) then go into anger. Many run away at this point, however lets not go there. When that happens I just remember it really does not work very well to be angry (that does not motivate for long so don't get stuck there), so I have to take a next step and be willing to justify it from the adversary's side (see it from both sides). I really can't be that angry if I can see how I might act this way in different circumstances. Clearly that is not enough to fix anything, so I rationalize about the larger problem at a higher level but only long enough to see why the problem persists and how it functions. Finally I need to accept it or I'm going to fall back into anger or victim-hood. Accepting something and living with it is basically total and complete defeat (so, don't fall into apathy) so finally there is a the holy grail: be rational. Being rational is where all the good stuff happens. It is the motivation, wisdom, skill and practice of changing the world by changing yourself. If I feel weak on any of these steps I re-visit them and jump around (may skip steps). If I don't complete the entire process I'm defeated because not enough change will come of it. If you see that I'm stuck somewhere in this process, you can just tell me I'm "acting like" a useless eater and I'll know exactly what your talking about.

What works for me: learn from independent media sources you trust that will challenge myself to break into this on what ever step I need to practice. I expect this to be a process as described above. I find it helpful to remember to take breaks or back-off and lighten up when appropriate but I always remember to be diligent (too much stress and anxiety serves no one, keep coming back to it). When I do this well, with respect to the people around me, I achieve motivation, efficiency and have less need and desire to turn out. This agenda is obviously very advanced and came about through generations of hard work; we need to compete.

Accountability

image.png

We can have accountability, there is no room for fear here. We change ourselves first, which at scale, changes the world. We can apply the following to the growing list of all technology being used against life, liberty, and the pursuit of happiness. This means we need to go through a process and become our true selves: love ♡ and free of fear. Even in the face of pure evil we can achieve an enlighten state. It takes practice and involves questioning everything we learn and know.

image.png

If this is new to you, you may really have to really re-think stuff like this; it is another way we are oppressed and our thinking is influenced by current negative experiences (judges and courts for example) and lack of education on these topics. Here it is! Moral law still exists and, from what I gather, there have been many points in history where law was widely practiced on the side of the people. What many people did not know is that the corporation (which includes the modern government) is a sub-jurisdiction and subject to the laws of their higher jurisdiction. I think you'll find, as I have, that higher jurisdictions are very inline with the non-aggression principal; they require a victim and sworn statement for there to be a crime. No victim no crime. It is only by way of contracting into sub-jurisdictions that they hold us to all these arbitrary rules and laws. On top of all that, they don't tell us we are contracting so we get scammed into this. The thing is, in the higher-jurisdiction a contract under fraud or force is not a valid contract. It is truly a house of cards.

image.png

We will have no problem finding rights violations and victims to testify and no problem finding fraud and force used to form invalid contracts. The only question left in my mind, when will most of humanity overcome fear, learn this, and put this into practice? People (including Judges) if coached and compelled (notify them they can be held accountable), can operate in higher jurisdictions. The higher the jurisdiction the more principled the laws become. For nearly everyone these laws are intuitive. Further, there is no rule to use these higher jurisdictions but it is certainly easier as much of the hard work has been done. It also has the benefit of being the adversaries parent jurisdiction.

This means we need to be willing to take on different types of risks. Know how to hold our ground. We must know how to speak our knowledge.

throat-chakra.png

Sort:  

I was very fortunate to have been taught to analyze my anger from a young age. I was probably instructed about this because I had a lot of anger. Patience is the virtue on the other side of wrath, that I still have to work on. Today as I pay close attention to the puppet masters that are bringing on the great reset as they brainwash the masses, I remind myself that I am only about the truth. The truth is powerful and more and more are waking up. The only truth that I know is love. When I remember that, I feel sorry for the globalists who do not realize they are doing something to themselves that is much worse than death. There is nothing that they can do to me to convince me to inject their poisons or to put my consciousness into something that is not organic. I feel sorry for those that do. When people wish for death and death won't come, I can't imagine anything worse. All I can do is focus on speaking the truth and living the truth.

Great to see you post again! 🙏 Learned something new 👍 Privacy going to be more and more relevant

Congratulations @jamesc! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You received more than 3000 upvotes. Your next target is to reach 3250 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @hivebuzz:

It's today! Do not miss the opening of HiveFest⁵

Boo Google

This is one of the few publications I have read these days that have left my mouth open.

First a great exclamation for the fact of knowing that you can lose your freedom in such a subtle way that I would not realize, I suspected that but I had never read it so clearly. It is interesting what it says and opens my eyes and mind a little.

Secondly, I find this part beautiful.

We change ourselves first, which at scale, changes the world. We can apply the following to the growing list of all technology being used against life, liberty, and the pursuit of happiness. This means we need to go through a process and become our true selves: love ♡ and free of fear. Even in the face of pure evil we can achieve an enlighten state. It takes practice and involves questioning everything we learn and know.

Thank you for your publication, I hope to continue reading it in the future and capture some of the knowledge you want to share @jamesc

Hey @jamesc,
Sorry to jump in with something a bit off-topic.
The current HiveBuzz proposal will expire in a few days.
Do you mind casting your vote for the proposal renewal we made for 2021 so our team can continue with its work?
https://peakd.com/me/proposals/147

Thank you. Wish you a happy Xmas 🎅

ice to see you back

Screenshot 2020-12-19 at 1.39.32 PM.png