reCAPTCHA

[Alan CharlestonParticipant @alancharleston78882]

Hi,

When I click on the reCAPTCHA icon on the bottom right of the screen it seems to give me a way to set my preferences for cookies. A pop up box opens showing that I Accept All cookies with another button saying I Reject All cookies. If I press that button the pop up box disappears, implying that my preference had changed. If I click on the caption again however, my preference has reverted back to Accept All. Can I in fact Reject All cookies?

Why is reCAPTCHA on this site at all? Are my activities on this site sent to a third party?

Regards,

Alan

[Kiwi BlokeParticipant @kiwibloke62605]

It seems pointless, and is annoying. When I click on the box, it just agrees that I’m not a robot: I’m never challenged, or asked to indicate the parts of an image containing traffic lights, etc. I have to allow a Google script, which brings up reCAPTCHA, in order to log in. I suppose it’s just another example of Google getting its tentacles – or should that be hyphae? – into as many things as possible. Grrr…

[Michael GilliganParticipant @michaelgilligan61133]

Alan

I’m not sure if it displays like this for everyone … but on my iPad the icon at bottom-right is actually two icons overlaid !

The cookie settings icon  being pasted on top of the reCAPTCHA

[only on this site could that be considered unsurprising]

They serve two different purposes.

MichaelG.

.

[John HinkleyParticipant @johnhinkley26699]

I tried clicking on those icons on my PC (Windows 11 + Firefox v126.0) several times in the past and absolutely nothing happened.  Prompted by this posting, I did it again and the cookies window popped up.  I found that, rather than selecting the Reject All button, if I deselected the Functional and Analytical choices separately then clicked on the Save Preferences button, it worked as you would expect.

John

 

[Kiwi BlokeParticipant @kiwibloke62605]

I’m using MX Linux with Firefox, with AdBlock Plus and NoScript add-ons, and a few Firefox set-up tweaks. I disable everything I can that doesn’t cause problems. No adverts, no pop-ups, no stacked icons, no hassle! But I’m annoyed I have to allow a Google script in order to log in, when it provides (me) with no useful function. What it does for Google is anyone’s guess…

[Grindstone CowboyParticipant @grindstonecowboy]

As John Hinkley says, if you reject ALL cookies, it has no way of remembering your choice so you have to do it every time. Bit of a Catch-22, but understandable, really.

Rob

[John HinkleyParticipant @johnhinkley26699]

Rob,

Doesn’t that make it a CAPTCHA-22?

John

 

[Clive FosterParticipant @clivefoster55965]

I imagine CAPCHA comes with the site “operating system” as part of teh precautions against a bot getting onto the site and rummaging g around.

I find the ability of modern computers to exploit their enormous computing power to search out seemingly trivial connections between nuggets of personal data and tome in on any weakness to find out who you are seriously scary. The really worrying thing is that the effort per person is so close to trivial that the nefariously inclined can do it for “everybody”.

Simply going after passwords is so last century.

However careful you are you simply can’t go dark enough in the internet and mobile phone spaced to hide unless you go back to paper and pen. Which is no longer possible, however limited your life style. My paranoid friend Rodney still uses cheques, writes letters and is very careful how he uses his credit card but even he has had to accept E-Mail and some aspects of t’net. The saga of (not) persuading the local post office to accept a cheque for this years car tax was interesting. Four months later he eventually found human at DVLA willing to accept a cheque and sort it all.

Principles are all well and good but sometime life is too short.

Clive

[Michael GilliganParticipant @michaelgilligan61133]

The history of reCAPTCHA is quite interesting :

https://en.wikipedia.org/wiki/ReCAPTCHA

MichaelG.

[Alan Charleston]

On 31 May 2024 at 07:03 Alan Charleston Said:

Hi,

When I click on the reCAPTCHA icon on the bottom right of the screen it seems to give me a way to set my preferences for cookies. A pop up box opens showing that I Accept All cookies with another button saying I Reject All cookies. If I press that button the pop up box disappears, implying that my preference had changed. If I click on the caption again however, my preference has reverted back to Accept All. Can I in fact Reject All cookies?

Why is reCAPTCHA on this site at all? Are my activities on this site sent to a third party?

Regards,

Alan

It’s in the nature of security countermeasures for system administrators to be coy about whys and wherefores. As Moderators aren’t in Morton’s inner circle, my observations are joining the dots!

1. When the new forum launched, response times where unacceptably slow, with brown-outs, and other symptoms of system overload.   Part of this was due to the new website being spidered (interrogated end-to-end by bots).   Some of these were legitimate, such Google indexing our content into it’s search engine.   Others are less desirable, perhaps analysing the type and volume of content with a view to targetting adverts, and some are downright criminal – searching for security loopholes.   The new forum was comprehensively rogered, like as not because one of the bad guys spotted a new kid on the block who might be vulnerable, and told all their mates.  Feeding frenzy!
2. Live websites are attacked regularly, especially big juicy ones, looking for maintenance defects.  Possibly by a spotty yoof, more effectively by one of many automated bots available. Those developed by organised crime and Foreign Intelligence Services are particularly dangerous.
3. Morton’s have legal requirements to meet, notably an obligation to allow users to decline cookies if they want to.   Cookies aren’t totally evil, but unfortunately they can be abused in several ways.

reCAPTCHA provides a solution to all 3 problems:

Problems 1 & 2 are solved by forcing an interaction that humans find easy, but bots find difficult.   Many bots are derailed simply by being asked to tick a simple “I am Human” check-box, and few of them can cope with having to identify bits of an image.   Unfortunately, bot developers are smart too, and it’s only a matter of time before someone develops a bot with AI based image recognition, one that can recognise motorbikes!

Problem 3 is a legal requirement.  There are many ways of implementing it. and Morton’s happen to be using reCAPTCHA, probably because it came with the package.   As cookies might be useful  some users switch them on and off depending on what they are doing. Personally, I always take a hard-line on cookies, rejecting all apart from those necessary to operation of the website because there’s a high risk the others are used for tracking, advertising and other forms of privacy intrusion.   It’s not that I believe this forum is up to no good, it’s that my security policy says that I will reject all unnecessary cookies on all websites.   There has to be a special reason for breaking that rule, and as this forum works fine with cookies disabled, I forbid them here too!

Not tested it yet, but I hope the way the forum managing rejecting cookies is retained across sessions.  It’s possible that cookies have to be rejected each time a new login starts.   Good security isn’t easy!

Dave

Like insurance, fire extinguishers and burglar alarms computer security is a pain in the butt.   It’s a complete waste of time.  Until that is,   there’s an incident, during which all hell breaks loose…

[Grindstone CowboyParticipant @grindstonecowboy]

Good one, John 🙂

Speaking of security breaches, I believe the latest may involve Ticketmaster – a notification from Malwarebytes reads:

“This week, news broke that Ticketmaster had allegedly been breached and 560 million customers’ data had been put up for sale online. The data is said to include full names, addresses, email addresses, phone numbers, credit card details, order information, and more.”

So if you have a Ticketmaster account, may be an idea to monitor bank and credit card accounts. Also watch out for scam calls or emails regarding ticket purchases you haven’t made as you may be fooled into clicking on a link or replying to a con-man (person?).

Not sure if any of the ME Exhibitions use Ticketmaster?

Apologies for drifting off-topic.

Rob

[Kiwi BlokeParticipant @kiwibloke62605]

Thanks for the informative post, Dave (SOD). Like you, I try to block cookies.

With all cookies blocked, reCAPTCHA brings up the picture puzzle, accepts that I’m not a robot, and the site doesn’t accept my log-in attempt; it goes back to the log-in screen. With cross-site cookies blocked, behaviour is as described in my earlier post. This is security in action? Any ideas?

[jaCK HobsonParticipant @jackhobson50760]

MichalG seems to have it correct. Two icons are overlaid.

reCapture is not cookie consent.  reCapture has my full support. It’s purpose is to defeat bots/attachers automating login attempts to try and guess usernames/passwords. It does a good job without being too intrusive for humans.

I am not exactly sure if reCapture has another purpose for Google. I suspect this site sources reCapture directly from google, and so any cookies set at the goolge.com doman will be sent when the request to get the reCapture code is sent by the browser. And this means google might be tracking you via cookies that are not set by this site but are effectively notified to Google when accessing this site.

The consent preference IS stored in a cookie – so it can remember preference. The argument would be that this cookie should be considered ‘necessary’ and so exempt from the cookie law. I don’t think this use of cookies has been tested in law as to whether it is ‘necessary’ … and this is good as there are more important things to worry about. My personal and sometimes controversial opinion is that the cookie law was a poorly thought through bit of legislation that probably causes net negative impact on human happiness.

If your browser preferences refuse all cookies then it won’t remember cookie preference settings.

This site has a good go at honouring cookie law – I see many worse. But be aware that google is probably able to track.

 

 

 

[SillyOldDuffer]

On SillyOldDuffer Said:

On 31 May 2024 at 07:03 Alan Charleston Said:

Hi,

When I click on the reCAPTCHA icon on the bottom right of the screen it seems to give me a way to set my preferences for cookies. A pop up box opens showing that I Accept All cookies with another button saying I Reject All cookies. If I press that button the pop up box disappears, implying that my preference had changed. If I click on the caption again however, my preference has reverted back to Accept All. Can I in fact Reject All cookies?

Why is reCAPTCHA on this site at all? Are my activities on this site sent to a third party?

Regards,

Alan

It’s in the nature of security countermeasures for system administrators to be coy about whys and wherefores. As Moderators aren’t in Morton’s inner circle, my observations are joining the dots!

1. When the new forum launched, response times where unacceptably slow, with brown-outs, and other symptoms of system overload.   Part of this was due to the new website being spidered (interrogated end-to-end by bots).   Some of these were legitimate, such Google indexing our content into it’s search engine.   Others are less desirable, perhaps analysing the type and volume of content with a view to targetting adverts, and some are downright criminal – searching for security loopholes.   The new forum was comprehensively rogered, like as not because one of the bad guys spotted a new kid on the block who might be vulnerable, and told all their mates.  Feeding frenzy!
2. Live websites are attacked regularly, especially big juicy ones, looking for maintenance defects.  Possibly by a spotty yoof, more effectively by one of many automated bots available. Those developed by organised crime and Foreign Intelligence Services are particularly dangerous.
3. Morton’s have legal requirements to meet, notably an obligation to allow users to decline cookies if they want to.   Cookies aren’t totally evil, but unfortunately they can be abused in several ways.

reCAPTCHA provides a solution to all 3 problems:

Problems 1 & 2 are solved by forcing an interaction that humans find easy, but bots find difficult.   Many bots are derailed simply by being asked to tick a simple “I am Human” check-box, and few of them can cope with having to identify bits of an image.   Unfortunately, bot developers are smart too, and it’s only a matter of time before someone develops a bot with AI based image recognition, one that can recognise motorbikes!

Problem 3 is a legal requirement.  There are many ways of implementing it. and Morton’s happen to be using reCAPTCHA, probably because it came with the package.   As cookies might be useful  some users switch them on and off depending on what they are doing. Personally, I always take a hard-line on cookies, rejecting all apart from those necessary to operation of the website because there’s a high risk the others are used for tracking, advertising and other forms of privacy intrusion.   It’s not that I believe this forum is up to no good, it’s that my security policy says that I will reject all unnecessary cookies on all websites.   There has to be a special reason for breaking that rule, and as this forum works fine with cookies disabled, I forbid them here too!

Not tested it yet, but I hope the way the forum managing rejecting cookies is retained across sessions.  It’s possible that cookies have to be rejected each time a new login starts.   Good security isn’t easy!

Dave

Like insurance, fire extinguishers and burglar alarms computer security is a pain in the butt.   It’s a complete waste of time.  Until that is,   there’s an incident, during which all hell breaks loose…

Dave you rightly stated ‘When the new forum launched, response times where unacceptably slow’ I still find it so to be fair currently it is the only problem I do get these days, I find the site slow to open then ‘latest replies’ again slow and posting is a real pain very slow.

H

[Alan CharlestonParticipant @alancharleston78882]

Thanks John. I deselected the Functional and Analytical choices and saved them as My Preferences and it worked as you said. It will be interesting to see if they are still deselected when I open the site tomorrow night.

As far as the relatively slow way this site opens, I’m fairly sure that nearly everyone rejects all cookies, so why include that step in the site opens? Is there any way to bypass this and speed up the time it takes for the site to load?

Regards,

Alan C.

[Michael GilliganParticipant @michaelgilligan61133]

For a further layer of obfuscation … https://support.apple.com/en-gb/102591

.

Find out how Automatic Verification makes signing in to apps and websites more convenient, private and accessible on your iPhone, iPad or Mac.

.

Yes, it works

MichaelG.

[jaCK HobsonParticipant @jackhobson50760]

re cookies…

Probably the budget for this site comes out of the Marketing budget. They like to know how to spend their money, what adverts attract potential customers, what adverts make money etc etc. If they can show metrics that support some theory then they can use them to justify the budget spend and we get to keep the site.

Cookies help generate metrics. Marketing people  and pointy-haired bosses like the metrics.

Still, I hate tracking cookies and I hate the impact the cookie law has had on browsing.

[Harry Wilkes]

On Harry Wilkes Said:

…

Dave you rightly stated ‘When the new forum launched, response times where unacceptably slow’ I still find it so to be fair currently it is the only problem I do get these days, I find the site slow to open then ‘latest replies’ again slow and posting is a real pain very slow.

H

On Alan Charleston Said:

… Is there any way to bypass this and speed up the time it takes for the site to load?Regards,

Alan C.

Like Harry I find the forum on the slow side, though not unbearably so.   It helps to have a fast network connection and computer.

During testing I compared the volume of data sent by the old forum with that sent by the new, and found the new forum was about 3 times more verbose.  The extra information is admin overhead, part of the forum base software, there in case the developers need to add a new feature.     On my system the overhead is trivial, but no doubt it shows up on a slow set-up.

In the same way, adverts do not slow down a fast set-up significantly,  but of course they take time to download and display, which a slow system will highlight.   An adblocker may help, though it makes little difference to my performance.

The main delays, last time I checked, are at the server end.  The forum software comes with a multitude of complicated performance options, ranging from dirt-cheap to super-high-end expensive.  Again, I don’t know what performance options Mortons have implemented, other than we are hosted professionally on a proper server, not on an ancient PC hidden in the broom cupboard!

An interesting technical feature of the WordPress forum plug-in is that it uses the same database table for almost everything.  Thus when a user clicks on a feature, the feature is retrieved from the table and executed,  which in turn reads and writes posts and topics from the same table.   I’d expect this table to be kept very busy, potentially causing queues.  Databases are usually designed to spread the load by sharing accesses between many tables, each dedicated to one purpose.   If this is a bottleneck, it’s not easy to fix.

To answer Alan’s question, apart from buying a faster computer and network connection, I’ve not found anything a user can do to improve performance.  Turning cookies on and off makes no difference to performance, though ad-blocking might help.

At the moment Morton’s are only fixing bugs reported through the Help system .

Dave

 

[jaCK HobsonParticipant @jackhobson50760]

This site is going to be an effort for old browsers on slow hardware and poor internet connections.

Some people might find this interesting… the sort of thing I bet MichalG could lose a day in:

IF in chrome, use developer tools F12 to inspect all sorts of fun info.

If you do a ‘clear cache and hard reload’ then you can see all the stuff that gets loaded in the Network tab:

 

212 individual requests for items to draw a single page! 3Mb of transfer which is twice that when uncompressed.

An awful lot of that is javascript. All sorts of javascript needs to be parsed (to see if it needs running) and then maybe some if it needs running. Anyone on IE is going to feel pain… but not sure why anyone would still be using IE!

It is probably pretty greedy on memory as well. If you have lots windows like this open in chrome and you ‘only’ got 4 GB memory then things might start to slow down.

Pretty typical of a marketing site that is maintained by WordPress Content Management System. Incredibly inefficient.

Lots of that static content might be cached… locally at browser, and also on the web somewhere (cloudflare) to help with network speeds. So things should speed up after first page load, but javacript will still need running. Depends on detailed cache preferences/settings.

Unlikely to be server table locking.

[jaCK HobsonParticipant @jackhobson50760]

The first response time is pretty slow – just wating for the first response after the first request. 2 seconds delay.

After that, the page is pretty complicated. So for me, I just get the 2 second delay as my computer can chug through it fairly fast.

That 2 seconds is either beacuse server spec aint great, or just too many plugins.

The ‘performance’ tab gives a good breakdown:

[jaCK HobsonParticipant @jackhobson50760]

Go to ‘performance insights’ and you can emulate a slower network (e.g. mobile 3G) connection or a slower computer. 4x slower computer than mine makes javascript even more significant that waiting for server:

[jaCK HobsonParticipant @jackhobson50760]

Normally, for me, this sort of investigation is a bit too close to ‘work’ to be fun… but now that retirement is in sight it is becoming more interesting. Hours of fun.

[Anonymous]

I find the site slow to open then ‘latest replies’ again slow

I sometimes find it starts to open then hangs for 10 or 20 sec and at the bottom of the screen it says “waiting for Google”

 

[KEITH BEAUMONTParticipant @keithbeaumont45476]

All this questioning about Captcha has woken something up! I had to veryfy pictures of objects 3 times  to log in this time, Havn’t had to do that for some time,

Keith.

[SillyOldDuffer]

On SillyOldDuffer Said:

On Harry Wilkes Said:

…

Dave you rightly stated ‘When the new forum launched, response times where unacceptably slow’ I still find it so to be fair currently it is the only problem I do get these days, I find the site slow to open then ‘latest replies’ again slow and posting is a real pain very slow.

H

On Alan Charleston Said:

… Is there any way to bypass this and speed up the time it takes for the site to load?Regards,

Alan C.

Like Harry I find the forum on the slow side, though not unbearably so.   It helps to have a fast network connection and computer.

–

–

–

snipped

–

–

 

At the moment Morton’s are only fixing bugs reported through the Help system .

Dave

 

I’m not sure thats quite right Dave. I dont see anything in the help system relating to ‘bugs’ but there is a green ‘Report Bug’ button on most of this sites pages.

Ian P

[Author]

Posts