Yeah, I may have spoken too soon. Tonight, my credit union web site ran me through a dozen captchas before I broke out to investigate. It was uBlockOrigin! Captcha wouldn’t let me pass if I didn’t let Google Analytics track me!
4 Likes
Now that should be downright illegal.
5 Likes
It’s unfortunate that Google (dis)services infest so much of the internet, and especially maddening when websites think they provide some kind of “security.” See Google Shadow Profiles
When I have had to get past captchas, I’ve noticed that it’s gstatic that has to be temporarily enabled… but to get the gstatic script to show, I have to enable another Google script first; google.com, I think.
We can only hope that this stuff will eventually become the subject of a privacy-abuse lawsuit.
5 Likes
You can take action by switching financial institutions and/or becoming unbanked.
2 Likes
Generally, it’s not my banks, credit union, investment institution, or credit card issuers that throw captchas at me.
I highly value access to financial products, by the way, so I don’t plan to get myself “unbanked” any time soon. 
1 Like
Sure, I understand. I prefer not waiting around until data breaches and/or privacy-abuse lawsuits happen by third-parties at their own convenience. By then, I assume that it is too late to take action.
1 Like
Change banks? (Unless you’re in Australia, I think they only allow four. But that’s what they told me 40 years ago.)
1 Like
Then there is my bank that lets me login to my account through the Tor browser. I’m not joking. I did it like 50 times and all functions and services worked just as good as If I used a normal web browser. It is just significantly slower.
3 Likes
My bank doesn’t like the available browsers
My browser doesn’t like the available banks.
8 Likes
There was an old joke from the Tonight Show about 50 years go with Johnny Carsron, I think it was Jonathan Winters who told it. It was a monologue and he steered it to his visit in Switzerland, with a bunch of money trying to establish one of those secret Swiss Bank Accounts. After asking about where one of these banks was, he was directed to an upstairs room at a Tavern where he found this litte old man sitting behind a desk. Asking about an account, he makes the deal and he give the little old man a briefcase full of money and the little old man takes and puts it behind his desk. Before leaving he asks the little old man, “Well don’t I get a secret bank account number?” “Indeed” said the little old man. “Well what is the account number?” The little old man said: “One.”
4 Likes
Angelfish is the only browser I managed to find that allows me to log in to my bank.
1 Like
Could it be that angelfish doesn’t block stalkers or does angelfish block a certain way different from other browsers?
~s
1 Like
An interesting point! But that would be illegal according to which Law, in what Country or aggregate of nation-states( like EU) having common legislation?
In fact, I can’t remember ever seeing any law or regulation restricting the use of GA or Gstatic by websites - anywhere they would be hosted in the world…
1 Like
Always a fair question - and sometimes quite difficult.
However in the context of this topic - your bank - then you and your bank are likely to be in the same legislative regime, so it’s not as difficult as it could be.
I don’t see why a bank would be bothered with a CAPTCHA. Some sites use it to stop automated login attempts but that can be countered by locking the account out, for a while or until there is manual intervention, after a moderate number of failed logins (even though in some cases that might allow a DoS) or at least deferring the use of a CAPTCHA until that number of failed logins. Some sites use it as an anti-scraping mechanism but I wouldn’t think that applies here.
In this case “should” refers to what I think ought to be the case but which is not the case.
It is arguable that any general anti-tracking right could blow Google out of any web site that it has its tentacles in.
Good security practice suggests that important web sites should avoid third party content.
2 Likes
Amen to that. 
2 Likes
This has worked tremendously well for me! (Given the shitty situation where websites actively discriminate by user agent.)
I’ve found Mobile View Switcher to work best, because it lets me enter one user agent string, then allows me to toggle between the correct and the fake one at will.
Toggling between real and fake turned out a useful feature, because faking the user agent occasionally breaks other websites.
Remember though: You’re responsible for your own due diligence when you use web extensions. These are often updated automatically, and can turn rogue at any time. I’m currently learning about Debian packaging because I want to depend less on silent automatic updates.
3 Likes
Ah, very sorry! I misunderstood the use of “should” in the context of your remark - I thought you were referring to some new magical regulation that had suddenly appeared, which I would not be aware of…
Well, too bad,so.
The Evil Giant Octopus always wins then - nothing we can do about that!
2 Likes
I’m guessing it is down to the user agent it sends.
1 Like
The user agent add-on works. Set it to chrome 115 or something.
Why doesn’t Purism install regular Firefox as their default browser. I know that works. Firefox ESR does not even though I have the most recent version.
1 Like
Ask Purism support: