Anyone using ublock origin hardmode will know what I’m talking about.
Pretty much all websites (I’d say at least 75% from experience) use one of the following scripts:
google (.com)
gstatic
Google fonts
googletagmanagers (disabling this one, never breaks any websites)
Mostly because of recaptacha.
How can we know that these scripts only contain recaptacha fonctionality and nothing else?
You can inspect them.
I don’t have that knowledge unfortunately. Are you implying that Google (.com) and gstatic are safe and only contain the recaptcha scripts?
No, I’m lazy and just trust my content blocker to block known trackers. I don’t inspect them unless the website failed to function properly.
As for the gstatic.com CDN, I trust Google not to provide malicious JS, and their security is good enough to prevent hijacking. If you are really worried about the CDN, see nobody/LocalCDN: A web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. - Codeberg.org. Note that the last time I checked, it didn’t work properly on Firefox and provided no benefits with hardened settings or mitigated with other software.
To me, the whole de-googling thing sounds ironic when you’re aware that Google is pretty much on every website.