Google Captchas Unmask Users. Why Is Voat Using Google Captchas? (ProtectVoat)

submitted ago by butters4eva

Google captchas send specifically sized and timed packets that can be matched with encrypted data on the ISP's end.

Why is Voat using Google captchas when there are so many safe alternatives that do not have this vulnerability to track users?

You are viewing a single comment's thread.

view the rest of the comments →

heygeorge ago

This would be a good time to list the safe captcha alternatives.

butters4eva ago

Things that use simple matching of bot illegible characters, using images of uniform data size, are safe if the answer is sent in a uniform data size.

You could narrow down the possible users using the time the packets were sent, but the amount of internet traffic passing through the ISPs would probably make that impossible. It is possible that the captcha servers could delay the loading of the captcha and use a statistically unlikely image data size, but in order for that data to be relevant they would have to have real time information on the entire internet to ensure their traffic was not sent at the precise time as other information of the same size. It would also be hindered possibly by VPNs that add superflous data, but I'm not sure that's a thing yet.

My understanding of how the internet works is actually pretty small. I was only made aware of Google's captcha tracking system by an insider who explained it roughly.

heygeorge ago

My understanding of how the internet works is actually pretty small.

It’s a series of tubes!

Anyway, the captcha exploit as vaguely described still sounds like it would take a lot of effort and coordination between multiple corps.

butters4eva ago

We know from leaks that such cooperation is already taking place.