How to pass ReCaptcha v3?

Question

ReCaptcha v3 will not present a captcha anymore, but rely on browser fingerprinting and other information google can get about you.

Here is a test: https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php
And the API documentation: https://developers.google.com/recaptcha/docs/v3

Now I have the problem that e.g. VPN IPs or static company IPs seem to be blacklisted and only get a score of 0.1 even when the browser profile itself is fresh and has no adblocker and other privacy tools installed. Using a mobile internet connection, I get up to 0.7.

I expect that many sites will adopt v3 when it gets released as stable version, which imposes a problem when using networks which are blacklisted.

Logging into a Google account improves your score quite a lot, but this also means that Google learns what sites the account owner uses, both on the site with captcha and on sites with unrelated Google services, which use the fact that you are logged in. So it would be good to increase the score without logging in.

Is there any way to prove you're human even when Google distrusts your IP?

Answer 1

Nobody knows exactly how it works yet. However it seems tied to cookies and tracking scripts. Clearing cookies and setting the browser to not accept third-party cookies seems to lock it to 0.1. Try logging into gmail in the browser, and visiting a few other sites, some people have reported success with soundcloud. Also, if you solve a legacy captcha (v1) it seems to lock you to 0.1 for a few minutes. It also strongly prefers google chrome and firefox, chromium forks such as ungoogled-chromium and brave seem to hover around the 0.1 to 0.3 range, and edge rarely gets above 0.5.

Answer 2

Just finished some tests with firefox; WebRTC disabled , i allways disable it. No plugins or extensions.

Building firefox official\nightly with default Settings gives a score of 0.1.

Spoofing old versions (2 versions old)of firefox also gives a score of 0.1

Spoofing screen info w/h and resolution also gives a score of 0.1

Disable tracking/third party cookies (via options , privacy and security , content blocking - custom - check Trackers and select all windows ; check Cookies select Third-party trackers) gives a score of 0.3.

Login to google YouTube and other websites also gives a score of 0.9 then drops to 0.3 or bellow.

The privacy.resistFingerprinting option set to true gives a score of 0.1 ; even if you don’t perform automations, if it cant fingerprint you dont pass ...

Performing a search on google-clicking the page of my URL gives a score of 0.9. Seems it likes fluent surfing, referers etc

Spoofing a Chrome user agent will give you a score of 0.1; one of the reasons is that ff has navigator.buildId and navigator.oscpu and Chrome does not have them

Answer 3

Yes, there is a way. Log into one of Google's services if you can. During tests we were able to achieve a score of 0.9 when logged into Google, compared to scores between 0.1 and 0.3 using Incognito on Chrome.

Answer 4

As of August 2022 it seems to be less of a problem. I get a score of 0.9 without Google cookies.

The recaptcha also now includes a test:

Press the button containing a traffic light to continue. [] [] []

Not sure why they added the test, it asked me every time for the traffic light and this test is easy to pass for bots. Maybe they measure the time how fast you click the button or track your mouse movements?