Recaptcha data collection by Google

I use Tor-Browser for privacy purposes and frequently I run into a reCaptcha. Reading on for instance FastCompay about this tool did not make me very happy, specially about the hidden reCaptcha v3. Can someone tell me if I am protected from Google collecting my IP or other identifying data through reCaptcha when I browse the net using TBB?
Thanks in advance.
Bloep

Yep, Tor Browser hides your IP address from the website you’re visiting, including reCAPTCHA

OK, is that including the pc and browser properties that can be retrieved by JavaScript?

Yes, Tor Browser was designed to make everyone using it look the same. Most properties that can be retrieved using JavaScript will have been patched, though if I remember correctly some properties such as your operating system are not fully hidden

That would be OK, as long as there are no “identifying” values ( fortunately there are some more Win10 PC’s :wink: ).
Is there a (sort of) list or description of not hidden properties available?
I’m sorry but I am “a bit allergic” for “free” hidden pixels and scripts that are collecting my behaviour to create profiles on my sensitivities.

I also wonder what information Google is able to retrieve.

In the past ReCaptcha was extremely hard to solve using TorBrowser. Now it has gotten much easier. And on many websites the logo pops up, ReCaptcha works in the background, and then it disappears again.

It feels like ReCaptcha has learned to recognize me, and is thus not blocking me anymore when I use TorBrowser.

It shouldn’t have learned to recognize you since all users ( apart from Android because its too much effort ) are supposed to look 100% identical. Perhaps someone on the same exit node had recently cleared captcha so it didn’t require asking again?

OK, that makes me assume that a) the captcha-script is not retrieving any identifiable information from my pc :slightly_smiling_face: and b) Tor-browsing on my android is not “save” :face_with_diagonal_mouth:.
Correct?

This is how I feel with Cloudflare. I had to redo them 6-8 times when I used a new device, now it let’s me through with a single click. Its definitely fingerprinting users and 100% a MITM attack if the site is using their Universal SSL and proxy. If I were them, I would fingerprint users with recaptcha and decrypt/re-encrypt HTTPS calls to attach the fingerprint to specific users.

1 Like