Never-ending CAPTCHA requests when using Firefox

I’ve recently started using Whonix in a virtual machine. They are basically ‘fresh installs’ in that I’ve done little except import the gateway and workstation into virtualbox and installed TOR in the workstation.

Every time I do a search in Firefox, I am prompted to complete a CAPTCHA due to the ‘unusual traffic’ that has been detected. These CAPTCHAs don’t seem to work, and I have literally done them several dozen times without ever being able to go to the site(s) I was wanting to.

I can search for things in search engines easily enough - when I am using duckduckgo, but whenever I try to go to a site… never-ending CAPTCHA requests…

What could be causing this? And how do I fix it?

This doesn’t seem to happen when using TOR - only Firefox.

  1. You shouldn’t use vanilla Firefox because it lacks the tracking protections of Tor Browser.

  2. Cloudflare is recently whitelisting the Tor Browser user-agent for most of their clients and so any other browser coming from the Tor network will run into their CAPTCHA wall.

CAPTCHA checks are aggressive for Tor & Proxy/VPN users. It started probably around two or three years ago with Cloudflare. Cloudflare was citing that nearly 100% of traffic from the Tor network as malicious. The Tor Project started diplomacy with them shortly after that to reach a solution. Google/Alphabet routinely uses CAPTCHA as well; and they are intertwined with many websites. Some websites allow CAPTCHA checks without javascript enabled, but most of them are designed to fail unless you allow scripts.

Sometimes accessing sites with a vanilla browser (but still behind a proxy) will get an easy pass, since there are so many fingerprinting vectors for the site to analyze and decide if you are a bot. Not a very good solution from the user perspective, you might only want to do that in a disposable workstation.

If it wasn’t so frigging slow, it wouldn’t be so infuriating to use. I do use it, but it would be nice to have something that was faster than a 1990s dial up connection…

Hm this doesn’t make sense. Tor Browser is mostly FF and in your setup they both use Tor. What you’re doing is pseudoanonymity at best.