upvote
Google and Cloudflare both are not just looking at entropy of mouse movements, that was cracked years ago, they are fingerprinting you and correlating your session with all your activity cross domains to score your botlike behavior.
reply
I doubt they are doing it. You just have to get on a VPN to and see yourself being flooded with captchas despite browsing the web like a normal human and solving dozens of captchas along the way.
reply
I guess that raises the bot score given that the vpn IP is a data Center IP and thus in a lot of ban lists
reply
Also some of the free VPN apps support themselves by proxying this kind of traffic:

https://www.kaspersky.com/blog/what-is-wrong-with-free-vpn-s...

reply
Which also involves detecting entropy across sites I guess
reply
Supposedly, but not really. I regularly encounter sites where cloudflare serves me with an ambiguous ban notice rather than a proof of work. What's worse is that these apparent IP bans take effect even if I already had a valid active session (ie previously passed the check).

Yes, a VPN involved. That doesn't make it okay and notice that anubis by default works without issue (though possibly with a more difficult challenge) in the exact same scenario.

reply
There's lists of data center IPs. You're probably in them and That's why you're getting banned
reply
Regardless of the precise logic it's no excuse for the policy. Simply hand out a sufficiently difficult PoW to prevent widespread abuse.

I'm quite certain it isn't a generic "datacenter" list though because a given VPN exit that was working will suddenly stop. Meanwhile I have a valid cookie yet that is disregarded.

reply
Cloudflare often just straight up blocks me or makes me do a captcha. IMO those are both much worse than Anubis
reply