← Back to context

Comment by rvnx

6 years ago

Maybe one actually useful non-advertising usage could be reCAPTCHA ? If you read carefully, it says nowhere than there is the limit to 8000. There is this limit of 8000 only if you disable usage statistics / crash reports.

4 comments

rvnx

Reply
meowface  6 years ago

Sorry about that, too late to edit it now. That is an important detail. If there are 32 or more different feature flags, then that's 4 billion unique states, which would be an effective fingerprint.

I still think it's pretty unlikely they're using it in that way or would in the future, and I think Google fuzzing this for those who opt out of telemetry is probably a signal of good faith in this instance. They realize the privacy implications and provide a way to disengage, even if they don't intend to abuse the information.

But of course the potential for abuse always remains. And the potential for (arguably) non-abusive tracking, like the possibility of it being used for bot detection by reCAPTCHA, as you say.

  • imtringued  6 years ago

    reCAPTCHA is the most abusive type of tracking. Google simply denys you usage of captcha if you do not give them enough personal information. It doesn't matter if you enter the captcha correctly 20 times. It won't let you in.

    • meowface  6 years ago

      This is part of the bot detection, though. It's probably not "not enough personal information", it's "this truly seems like it is unlikely to be a legitimate device/person", due to the huge datasets they're working with. Same with Cloudflare and Tor. Once you operate a security service anywhere near that scale, you start to understand there are inherent challenges and tradeoffs like these,

    • pdkl95  6 years ago

      reCAPTCHA increasingly doesn't even give me a captcha. Instead, they simply deny me from even trying; They send this instead of the challenge:

        <div>
    <noscript>
      Please enable JavaScript to
      get a reCAPTCHA challenge.<br>
    </noscript>
    <div class="if-js-enabled">
      Please upgrade to a
      <a href="[1]">supported browser</a>
      to get a reCAPTCHA challenge.
    </div>
    <br><br>
    <a href="[2]" target="_blank">
    Why is this happening to me?</a>
  </div>

      They probably don't like my non-standard user agent string and they definitely don't like that I block a lot of their spyware, but reCAPTCHA used to work properly for many years with the same/similar browser configuration.

      [1] https://support.google.com/recaptcha/?hl=en#6223828

      [2] https://support.google.com/recaptcha#6262736