Google forcing ReCAPTCHA on all searches from my HE assigned IPv6 address

[doktornotor]

#metoo again - and yeah, the IPv6 no-AAAA hack still works.

Sigh.

[supergvozd]

#metoo again - and yeah, the IPv6 no-AAAA hack still works.

More details please

[Jenick]

If it helps, HE.net support told me to change my LAN side networks to my /48 routed, not the /64 default they hand you when you first created your tunnel.  However, if you're running pfSense and pfBlockerNG you can give this a try... https://github.com/pahtzo/hurricane-tunnel-dohdot The main issue I believe is chromium based browsers have their own built-in DNS client which automatically goes for DOH-DOT by default and maybe not even against your system based DNS servers.  I've disabled my pfBlockerNG no-AAAA for google.com and www.google.com but retained my Windows 10 registry settings to disable the built-in DOH-DOT in Brave, Chrome, and Edge.  Still working just fine.

[supergvozd]

I changed routed prefix to /48. Still works

[TheViperZero]

Still no fixes for /64 routed?

[micalizzi]

I'm getting google captcha on my /48 now as well

[ipekshev]

getting google captcha on /64

[quite]

We began getting goog recaptchas maybe a week ago. Have one routed /64 from the allocated /48 network in use at home. And... just now I got a abuse complaint from HE, forwarding a goog complaint stating "We are seeing automated scraping of Google Web Search from a large number of your IPs/VMs.". No, none such going on.

[ChrisDos]

Has HE been working with Google on this?  I have a couple of customers using 6in4 and this is very annoying.  Why can't Google see the benefits of this.

Edit: Still not working of December 27th.  Uggg.

[quite]

I'm "guessing" that HE is not working on it more than forwarding the complaint to the users, hoping that the few accounts that perhaps were actually causing problems take steps to correct themselves. And then the big machine in the sky might stop the captchas... Uh.

I've had to stop using the HE IPv6 Tunnel Broker at home for now.

[Pentium4User]

I'm "guessing" that HE is not working on it more than forwarding the complaint to the users, hoping that the few accounts that perhaps were actually causing problems take steps to correct themselves. And then the big machine in the sky might stop the captchas... Uh.

I notice that from 2001:470::/32 some scans occur and I contacted he's abuse desk.
I dunno if a relevant of abusers use their AS to query the Google search.

Although, Google is a company that doesn't care about the users if only a small amount of them is affected by their decisions.

I use another search engine (4get.plunked.party) that can also show results from Google.

[cholzhauer]

This just hit me too...time to disable the tunnel :(

[cecilspiqwuc]

I first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted. 

I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error.  Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel. 

Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.

I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix.  They worked at first but all ended up the same after the first few hours.

Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.

I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....

[ChrisDos]

I first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted. 

I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error.  Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel. 

Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.

I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix.  They worked at first but all ended up the same after the first few hours.

Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.

I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....

Boy, I had not idea it had gotten that bad.  I was waiting for it to clear up again before re-enabling it, but based on what you were saying, I don't think that is going to happen.

Time to look to see if there is another provider of of IPv6 tunnels.  It sure is a lot of work on my end to switch everything over if an alternative exists.