Out of control Captchas (18+ clicks) when using PIA
In the past few weeks the number of captchas I'm encountering on PIA has got to ridiculous proportions.
I just signed up for THIS forum and only solving that one needed 18 clicks! First click the pictures with door numbers then the ones with storefronts.. but after each click a new picture appears so you have to keep going and going.
Today I tried to visit a forum that has images from various image hosts and the page loaded full of missing images. I had to open each image in a new tab, solve multiple captchas and refresh the original page to get it to work.. total clicks required to view a webpage, over 40!
I subscribed to PIA for a year, but find in order to actually use the internet I have to turn it off.. so thinking of cancelling my subscription.
It is only me, or are other people having this issue too?
I just signed up for THIS forum and only solving that one needed 18 clicks! First click the pictures with door numbers then the ones with storefronts.. but after each click a new picture appears so you have to keep going and going.
Today I tried to visit a forum that has images from various image hosts and the page loaded full of missing images. I had to open each image in a new tab, solve multiple captchas and refresh the original page to get it to work.. total clicks required to view a webpage, over 40!
I subscribed to PIA for a year, but find in order to actually use the internet I have to turn it off.. so thinking of cancelling my subscription.
It is only me, or are other people having this issue too?
Comments
Hello December,
I apologize for the issues you are having with reCAPTCHA/CloudFlare.
These blocks are occurring because the IP address you were using at the time appeared on a list of blocked IP addresses issued by CloudFlare, which the website you are trying to access is using to screen users.
If a given site or service decides to act upon this blacklisting, that is their choice and prerogative to do so. Our IPs will appear on these lists frequently; this is simply a reality of internet use. If you are unhappy with this development, I would suggest you contact the site in question and inform them of your concerns.
That said, it is possible for you to whitelist individual IPs when they're blacklisted. This can be completed by doing the following steps:
While connected to the VPN with the affected IP address, go to the website below:
http://www.projecthoneypot.org/white_list.php
A message should appear indicating the whitelisting has been completed for the IP used for your connection.
If you are using Tor for example, instead of Cloudflare seeing numerous indvidual, unrelated traffic from different exit node IP addresses, you'd be willingly providing identification to prove all those different activities from different IPs are just you on Tor. This is an important point to consider when assessing the usefulness of such a tool.
It's far from ideal but if that's a dealbreaker enough to stop using PIA rather than fill in the captchas, might as well give your identity to CloudFlare but at least stay protected for most other cases.
Captchas are indeed a huge pain where they do pop up. I'm not going to disable my vpn to avoid them (so it's not a matter of being a "dealbreaker") but at the same time it would be nice to at least cut down on the number of times I run into them.
So now I'm conflicted because of what appears to be two disparate opinions. Some clarification between the opinions of @sn0wmonster and @Mac-P is in order.
If I access Tor I only use Tor Browser and wouldn't install something like Cloudhole anyway. But for everything else I run Firefox. Will installing Cloudhole in Firefox mean that I'm surrendering my privacy? If so how much privacy is surrendered? And is it just to Cloudflare? If so please describe how/why that happens via Cloudhole. Thank you.
As for how the extension operates, I don't know I didn't even know about it until this thread a couple hours ago. But from the addon page:
Looks like it targets CloudFlare specifically. So that extensions basically means CloudFlare knows about every CloudFlare website you visit and can track you across them instead of essentially having a new identity for each site you visit.
You would be surrendering a certain amount of deniability and enabling traffic correlation, but whether or not that ultimately leads to surrendering privacy is completely up to which activities you're performing that are linkable to your identity. If you're duckduckgo searching for "sad Keanu Reeves meme" while browsing 4chan, you're not going to be doing much for anyone who would seek to track you. If on the other hand you're whistleblowing while using facebook and signed into your reddit viewing your own profile, then yes, that could be an issue, especially if your adversary is a nationstate.
Once again it comes down to OPSEC threat models, in this case, practicing proper INFOSEC by recognizing the threat of potential correlation and proceeding with your activities with that risk in mind. Personally, as a daily Tor user, I'd never consider opening that hole, but if I were just using PIA to avoid cyberstalking or DCMAs while Torrenting, of course it woudln't matter much to me because the parties who would need to correlate that information would likely be violating data privacy laws in the country I reside just to do it.