Privacy Questions Raised Over Googles reCAPTCHA Service

[DamianTV]

Google reCAPTCHA service under the microscope: Questions raised over privacy promises, cookie use
(NOTE: I had to change the title, too long)
https://www.theregister.com/2020/11/...le_ad_privacy/

Web giant insists anti-bot service isn't used for personalized ads – but cookie claims don't quite add up

Analysis Six years ago, Google revised its reCAPTCHA service, designed to filter out bots, scrapers, and other automated web browsing, and allow humans through to websites.

The v2 update in 2014 added an iframe or HTML Inline Frame, which is a way of embedding one web page in another. Then there was the v3 update in 2018, which added machine learning to the mix, to reduce the need for interaction with bot detection challenges.

reCAPTCHA makes it possible for the internet giant to challenge netizens to prove they are real people, by completing picture puzzles and the like, while providing plumbing to potentially funnel information about folks into its advertising business. Google insists it doesn't use reCAPTCHA data for personalized adverts, and says as much in the reCAPTCHA terms of service.

Yet the Silicon Valley corp's fine-print and other disclosures stop short of saying reCAPTCHA is completely quarantined from all ad-related data collection. And privacy researchers now argue that the company needs to clarify that point.

Zach Edwards, co-founder of web analytics biz Victory Medium, found that Google's reCAPTCHA's JavaScript code makes it possible for the mega-corp to conduct "triangle syncing," a way for two distinct web domains to associate the cookies they set for a given individual. In such an event, if a person visits a website implementing tracking scripts tied to either those two advertising domains, both companies would receive network requests linked to the visitor and either could display an ad targeting that particular individual.

Two different domains generally shouldn't have access to the same set of cookie data, based on the distinction between first-party and third-party resources in the web browser security model. But triangle syncing dissolves that separation.

Triangle of ad success?

"Triangle syncs expand an advertising universe and make it possible to target someone across more domains," Edwards told The Register.

It's a common practice in advertising, he said, so that two separate companies with two separate domains can share data, such as the identifiers associated with a particular individual. And it's also done within a single company like Google that operates more than one domain and wants to track internet users across the different domains.

"So reCAPTCHA's gstatic.com domain doing a triangle sync to google.com basically ensures that a user can be found/tracked if either of those domains is embedded into a website," Edwards said.

According to Google, the company doesn't use reCAPTCHA for triangle syncing and reCAPTCHA loads static resources from two places on gstatic.com, with no cookies written or read. No triangle request or sync is done as part of this process, we were told. And the gstatic.com domain is supposedly "cookieless," in that it has been designed to be unable to collect cookie data.

Yet, reCAPTCHA JavaScript code hosted at Google's gstatic.com domain includes multiple references to cookies. And visiting a web page embedded with a reCAPTCHA widget does set a google.com "NID" preference cookie, even if you try to block third-party cookies.

...

Full article at link.

---

Sir, we need to see your tiny penis and need your PIN Number to your bank account. Its for Security purposes. Mmmmhmmm, then 5 seconds later you get bombarded with ads for Big Dick Pills (as Joe Rogan likes to call them). I wonder how that happened? Oh sir? We see that you have a tiny penis, and based on your ad preferences, we know that you are now a POLITICAL TRAITOR TO THE COMMUNISTS OF THE US AND MUST BE EXTERMINATED.

Heres the thing. Where you go on the internet is the information that Google uses to identify potential Political Dissidents. If you use a reCAPTCHA on say LeftWing.com, then it tells Google you are interested in becoming or are a Leftist. Same thing on the other side. Go to RightWing.com and use a reCAPTCHA (or Google Analytics, which is WAY worse), well now you are branded as that. Google has enough information to build a psychological model on YOU that could potentially get A LOT OF PEOPLE KILLED. Google and Facebook all the $#@!ing data collecting on EVERYONE (except the politicians) is going to enable the New Nazi Party to make the old Nazis, who killed Jews because of "wrong beliefs", look like $#@!ing amateurs.

They will insist "there is nothing wrong" with tracking individuals. That idea is only upheld by two types of people: #1 - Those that are genuinely too dumb to understand that specific types of information on an individual makes those people targets to other types of people, or #2 Those that do not recognize the Natural Boundaries of other people. On #2, those types of people will have NO PROBLEM coming into your house and judging you by everything you have in your home, without a warrant, without permission, and without probable cause. Those people are Mentally Ill. They are called Narcissists. They can still be highly intelligent, however, they do have a Mental Illness that YOU need to ready to fight to the death to protect yourself from. Those Narcissists will have absolutely no moral issue with coming into your home and having you exterminated based on some criteria that they find out about you, most likely, opposing their demands for you to be obedient to their cause and ONLY their cause. The 4th Amendment was intended as a Legal Defense to restrict those in positions of power from violating your Natural Boundaries. And it was done so because at the time if the British Military came into your home to be Quartered (3rd Constitutional Amendment), they would have had "Authority" to execute you if they found out you supported "The Resistance".

Your Privacy IS Your Life.

[Brian4Liberty]

Twitter has been forcing many users to repeatedly do reCaptcha. It’s a method to stop bots, but when they do it constantly to the same user, there are other agendas at work. I’d guess it’s to both harass and identify and track people.

[DamianTV]

Twitter has been forcing many users to repeatedly do reCaptcha. It’s a method to stop bots, but when they do it constantly to the same user, there are other agendas at work. I’d guess it’s to both harass and identify and track people.

Does anyone think that Google does not have enough information to know if a person being shown the reCAPTCHA is a Republican? It would not surprise me one bit to find out that what you describe is happening to specific political opinions... Censor by annoying them with recaptchas until they give up.

[Brian4Liberty]

Does anyone think that Google does not have enough information to know if a person being shown the reCAPTCHA is a Republican? It would not surprise me one bit to find out that what you describe is happening to specific political opinions... Censor by annoying them with recaptchas until they give up.

I have no doubt about that.