Out of control Captchas (18+ clicks) when using PIA

In the past few weeks the number of captchas I'm encountering on PIA has got to ridiculous proportions.

I just signed up for THIS forum and only solving that one needed 18 clicks! First click the pictures with door numbers then the ones with storefronts.. but after each click a new picture appears so you have to keep going and going.

Today I tried to visit a forum that has images from various image hosts and the page loaded full of missing images. I had to open each image in a new tab, solve multiple captchas and refresh the original page to get it to work.. total clicks required to view a webpage, over 40!

I subscribed to PIA for a year, but find in order to actually use the internet I have to turn it off.. so thinking of cancelling my subscription.

It is only me, or are other people having this issue too?

Comments

  • KatKat
    Posts: 43

    Hello December,

    I apologize for the issues you are having with reCAPTCHA/CloudFlare.

    These blocks are occurring because the IP address you were using at the time appeared on a list of blocked IP addresses issued by CloudFlare, which the website you are trying to access is using to screen users.

    If a given site or service decides to act upon this blacklisting, that is their choice and prerogative to do so. Our IPs will appear on these lists frequently; this is simply a reality of internet use. If you are unhappy with this development, I would suggest you contact the site in question and inform them of your concerns.

    That said, it is possible for you to whitelist individual IPs when they're blacklisted. This can be completed by doing the following steps:

    While connected to the VPN with the affected IP address, go to the website below:

    http://www.projecthoneypot.org/white_list.php

    • On the form that appears, under Your Email, enter 9@9.com, or any fake email address of your choosing
    • Under Whitelist Reason, choose Owner of a Dynamic IP address
    • Notes can be left blank
    • Enter the Captcha as shown into the box provided, then click Whitelist

    A message should appear indicating the whitelisting has been completed for the IP used for your connection.

  • edited November 5 Posts: 1
    I also had this same problem in the beginning and used this firefox add-on with great success https://addons.mozilla.org/addon/cloudhole/. To me it just seems better than going to a website and basically asking permission each time you browse (admittedly I haven't used the website route at this point.)
    Post edited by Aronin on
  • edited November 5 Posts: 112
    Aronin said:
    I also had this same problem in the beginning and used this firefox add-on with great success https://addons.mozilla.org/addon/cloudhole/. To me it just seems better than going to a website and basically asking permission each time you browse (admittedly I haven't used the website route at this point.)
    As I understand it, this convenience does have a price, of allowing perfect tracking and even deanonymizing of your traffic.

    If you are using Tor for example, instead of Cloudflare seeing numerous indvidual, unrelated traffic from different exit node IP addresses, you'd be willingly providing identification to prove all those different activities from different IPs are just you on Tor. This is an important point to consider when assessing the usefulness of such a tool.
    Post edited by sn0wmonster on
  • Posts: 389
    Aronin said:
    I also had this same problem in the beginning and used this firefox add-on with great success https://addons.mozilla.org/addon/cloudhole/. To me it just seems better than going to a website and basically asking permission each time you browse (admittedly I haven't used the website route at this point.)
    As I understand it, this convenience does have a price, of allowing perfect tracking and even deanonymizing of your traffic.

    If you are using Tor for example, instead of Cloudflare seeing numerous indvidual, unrelated traffic from different exit node IP addresses, you'd be willingly providing identification to prove all those different activities from different IPs are just you on Tor. This is an important point to consider when assessing the usefulness of such a tool.
    While true, I sort of agree that the extension could be a decent compromise for users of just PIA as it allows to selectively allow the minimum amount of tracking required for CloudFlare to be happy without really allowing all cookies.

    It's far from ideal but if that's a dealbreaker enough to stop using PIA rather than fill in the captchas, might as well give your identity to CloudFlare but at least stay protected for most other cases.
  • Posts: 600
    As I understand it, this convenience does have a price, of allowing perfect tracking and even deanonymizing of your traffic.

    If you are using Tor for example, instead of Cloudflare seeing numerous indvidual, unrelated traffic from different exit node IP addresses, you'd be willingly providing identification to prove all those different activities from different IPs are just you on Tor. This is an important point to consider when assessing the usefulness of such a tool.
    Thanks for the warning! What you're saying makes sense when using Tor. I tend to leave my Tor Browser vanilla and would only install Firefox Add-ons in Tor Browser with the utmost of caution. But I can see how some people might not think such matters through carefully.

    Max-P said:
    While true, I sort of agree that the extension could be a decent compromise for users of just PIA as it allows to selectively allow the minimum amount of tracking required for CloudFlare to be happy without really allowing all cookies.

    It's far from ideal but if that's a dealbreaker enough to stop using PIA rather than fill in the captchas, might as well give your identity to CloudFlare but at least stay protected for most other cases.
    Captchas are indeed a huge pain where they do pop up. I'm not going to disable my vpn to avoid them (so it's not a matter of being a "dealbreaker") but at the same time it would be nice to at least cut down on the number of times I run into them.

    So now I'm conflicted because of what appears to be two disparate opinions. Some clarification between the opinions of @sn0wmonster and @Mac-P is in order.

    If I access Tor I only use Tor Browser and wouldn't install something like Cloudhole anyway. But for everything else I run Firefox. Will installing Cloudhole in Firefox mean that I'm surrendering my privacy? If so how much privacy is surrendered? And is it just to Cloudflare? If so please describe how/why that happens via Cloudhole. Thank you.
  • Posts: 389
    They're not really contradictory. I fully agree with what @sn0wmonster said. All I added is that for a lot of users, those captchas are a dealbreaker (I've issued way more refunds than I have fingers to count on) and as such the reduced privacy of allowing some tracking cookies to make the captchas go away is an acceptable compromise.

    As for how the extension operates, I don't know I didn't even know about it until this thread a couple hours ago. But from the addon page:
    Tired of solving CloudFlare captchas for half the websites you visit because you're using a VPN or TOR? This add-on is for you.

    CloudFlare is a great service, and there's nothing wrong with having to solve captchas to prove you're not a robot, but it can get very tedious since their clearance cookie is not applied to other websites, prompting you to solve a captcha for each and every website you visit that is using their service.

    This add-on stores the user agent and clearance cookie when you solve a captcha, and re-uses it on other websites as long as it's still valid, easing the pain during your browsing session.

    It can also sync your clearance cookies using the CloudHole API, allowing you to re-use them on other devices, embedded systems or API calls which can't use a full browser to solve those captchas.
    Looks like it targets CloudFlare specifically. So that extensions basically means CloudFlare knows about every CloudFlare website you visit and can track you across them instead of essentially having a new identity for each site you visit.
  • edited November 8 Posts: 112
    @tomeworm
    If I access Tor I only use Tor Browser and wouldn't install something like Cloudhole anyway. But for everything else I run Firefox. Will installing Cloudhole in Firefox mean that I'm surrendering my privacy? If so how much privacy is surrendered? And is it just to Cloudflare? If so please describe how/why that happens via Cloudhole. Thank you.
    You would be surrendering a certain amount of deniability and enabling traffic correlation, but whether or not that ultimately leads to surrendering privacy is completely up to which activities you're performing that are linkable to your identity. If you're duckduckgo searching for "sad Keanu Reeves meme" while browsing 4chan, you're not going to be doing much for anyone who would seek to track you. If on the other hand you're whistleblowing while using facebook and signed into your reddit viewing your own profile, then yes, that could be an issue, especially if your adversary is a nationstate.

    Once again it comes down to OPSEC threat models, in this case, practicing proper INFOSEC by recognizing the threat of potential correlation and proceeding with your activities with that risk in mind. Personally, as a daily Tor user, I'd never consider opening that hole, but if I were just using PIA to avoid cyberstalking or DCMAs while Torrenting, of course it woudln't matter much to me because the parties who would need to correlate that information would likely be violating data privacy laws in the country I reside just to do it.
    Post edited by sn0wmonster on
  • Posts: 600
    Thanks guys for the clarification. This confirms what I'd assumed already. But it's good to have confirmation.
Sign In or Register to comment.