Is there something like an addon that generates (or picks from a list of) random cookies so you don't fall into captcha hell if you have to use Google?

PiraHxCx@lemmy.dbzer0.com · edit-2 3 days ago

Is there something like an addon that generates (or picks from a list of) random cookies so you don't fall into captcha hell if you have to use Google?

solrize@lemmy.ml · 3 days ago

That’s not really possible if the server does anything sane to authenticate the cookies. All you can do is log in the hard way, then save the cookie you get in the hope of re-using it later.

clean_anion@programming.dev · 3 days ago

TL;DR: not possible with random cookies, too much work for too little gain with already-verified cookies

There is no such add-on because random cookies will not work. Whenever someone has been authenticated, Google decides the cookie the browser should send out with any subsequent requests. Google can either choose to assign and store a session id on the browser and store data on servers or choose to store the client browser fingerprint and other data in a single cookie and sign this data.

Additionally, even with a verified session, if you change your browser fingerprint, it may trigger a CAPTCHA, despite using a verified cookie. In the case of a session token, this will occur because of the server storing the fingerprint associated with the previous request. On the other hand, if using a stateless method, the fingerprint will not match the signed data stored inside the cookie.

However, this could work with authenticated cookies wherein users contribute their cookies to a database and the database further distributes these cookies based on Proof of Work. This approach, too, has numerous flaws. For instance, this would require trusting the database, this is a very over engineered solution, Google doesn’t mind asking verified users to verify again making this pointless, it would be more efficient to simply hire a team of people or use automated systems to solve CAPTCHAS, this approach also leaks a lot of data depending on your threat model, etc.

emotional_soup_88@programming.dev · 3 days ago

To think that I’d live to see somebody with cookie knowledge! Hats off!

Special Wall@midwest.social · 3 days ago

Yeah, any authentication cookie will be unique to you, so if you do use one, Google will be able to track you across browsing sessions, which is likely what you’re trying to mitigate by clearing them.

PiraHxCx@lemmy.dbzer0.com · 3 days ago

Thought about something like a cookie repository, addon loads a random cookie from it, Google track it through that tab, new tab the addon loads a different random cookie, etc. But other comments are saying it’s not possible so ok.

doodoo_wizard@lemmy.ml · edit-2 3 days ago

That won’t work.

The best you can do is clear your cache and history every time you close the browser and use some kind of containerized system like the Firefox plugin.

What you’re asking about is fundamentally not how the web is designed.

E: and of course close the browser when you’re done looking at the website.