Website Security.

[An OtherParticipant @another21905]

I use Privacy Badger in Firefox (Linux) to prevent online trackers following me – there are at least 4 active trackers using the new ME site.

However, after finding that I could not log in to the ME site, because the log-in process required use of a Recaptcha input, and this did not appear on my screen. Eventually, I traced it to the Privacy Badger add-on blocking the Recaptcha input.

I can disable Privacy Badger, so the Recaptcha works, and then I can log in successfully.

But I now have another problem: by disabling Privacy Badger, I have allowed the 4 trackers to tack my data.

A work-around is to disable Privacy Badger, log-in, then re-enable Privacy Badger. I don’t know if this stops the trackers.

the Recaptcha system is coming under fire in some quarters because it is so cumbersome. Somewhere in the forums it is noted that it is used to prevent spam and bots using the ME site – but users are exposed to trackers, so we have to put up with targeted adds and other nasties.

So my question is: What use is Recaptcha on this site?

[Michael GilliganParticipant @michaelgilligan61133]

As I am sure you are aware [although others may not be], Recaptcha is a Google product: https://developers.google.com/recaptcha

… and Google itself does a lot of tracking.

So, who can we trust ?

MichaelG.

.

https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%3F#:~:text=Quis%20custodiet%20ipsos%20custodes%3F%20is,will%20watch%20the%20watchmen%3F%22.

[An Other]

On 30 October 2023 at 08:34 An Other Said:

I use Privacy Badger in Firefox (Linux) to prevent online trackers following me – there are at least 4 active trackers using the new ME site.

However, after finding that I could not log in to the ME site, because the log-in process required use of a Recaptcha input, and this did not appear on my screen. Eventually, I traced it to the Privacy Badger add-on blocking the Recaptcha input.

I can disable Privacy Badger, so the Recaptcha works, and then I can log in successfully.

But I now have another problem: by disabling Privacy Badger, I have allowed the 4 trackers to tack my data.

A work-around is to disable Privacy Badger, log-in, then re-enable Privacy Badger. I don’t know if this stops the trackers.

the Recaptcha system is coming under fire in some quarters because it is so cumbersome. Somewhere in the forums it is noted that it is used to prevent spam and bots using the ME site – but users are exposed to trackers, so we have to put up with targeted adds and other nasties.

So my question is: What use is Recaptcha on this site?

Good question!

The advantage is Recaptcha insulates the forum and its users from automated bots.  These are rarely smart enough to solve a visual puzzle.

The risk is real.  When the new forum was first switched on, it attracted a swarm of bots – fresh meat, yum yum.  Once inside bots read the whole forum end-to-end at super-human speed, putting a heavy load the server.   As the forum is already struggling with a performance problem, several bots arriving at the same time trashed the user experience.

Many bots are benign – for example, we want content to be indexed by search engines.  Others are dubious, such as those analysing content to establish which adverts would suit our users, an activity linked to tracking.  Some are downright evil, looking to place spam, find loopholes, or cause other trouble.

The disadvantage is Recaptcha annoys legitimate users, appearing heavy-handed, slightly irrational, and officious.

I use Privacy Badger too  (fitted to Ubuntu Firefox 119.0).  I find setting the sliders to stop cookies blocks tracking, but allows Recaptcha through.

The slider has 3 positions.  Using one to block a domain like google.com entirely may be over the top because not everything Google do is unacceptable.  On the other hand, as I dislike being tracked, I don’t want to allow google full access.

My settings:

 

Having to switch Privacy Badger on and off manually is a right pain.  You may be able to avoid that by tweaking the Badgers sliders.

Security is always a b***y nuisance.  Unfortunately, very unwise to ignore security requirements.  I don’t believe Recaptcha is permanent, but the webmaster judges it useful at the moment.

Dave

 

 

[peak4Participant @peak4]

I can see why folks find ReCaptcha a pain, and so do I, but it may be better than alternatives.
Unfortunately, mainly since Covid, I’ve spent more time on forums than in the workshop.
One of those was my local city forum, which underwent a similar update to this one, though the new version used one of the commercial forum software packages.

Somehow, bots occasionally get in, often evading the new member sign-up somehow (which doesn’t have a visual checker like ReCaptcha)

It’s regular, though rare(ish) to log on and find up to 10 spam posts on each topic, so 100+; some are just spam, others phishing for personal data, and others deep linking to extreme porn sites.
There’s only one active mod, and it might take at least half a day before she is able to deal with the issues

As an aside, I occasionally find some of the advertising tracking quite useful; I’m able to wear blinkers most of the time and ignore advertising, targeted or otherwise, as well as using ad-blockers.
If for example I’m looking to buy some more interesting coffee beans, I just search once on Facebook, and then read the ensuing list of special offers from a variety of retailers, specially targeted for me; it saves lots of time searching through my regular suppliers.

Bill

[An OtherParticipant @another21905]

One of the trackers blocked by reCaptcha (owned by Google as pointed out by Gilligan) is http://www.googletagmanager.com. Adjusting the sliders in Privacy Badger is, at best a very temporary solution – new trackers are not caught, and they change frequently.

A far better solution would be to replace the Google-owned reCaptcha.

[An OtherParticipant @another21905]

Another possible source of trouble – in the post above, I did not make the URL an active link, the software on this site did it automatically. I am sure if I wait long enough, there will be software available which will compose, write and send my emails without any input from me.

[An Other]

On An Other Said:

…

 

Adjusting the sliders in Privacy Badger is, at best a very temporary solution – new trackers are not caught, and they change frequently.

…

No, Privacy Badger is better than that – it actively searches for new ones.  When I posted yesterday it was blocking 4 trackers on this site, today it’s blocking 5.  3 are google, 2 not.

I see reCaptcha as the lesser of two evils at the moment.  It massively reduced the trouble caused by bots earlier. No idea how long it will last – been reported as of this month that AI (Bing GPT-4 and probably others)  can solve reCaptcha challenges.   Ironic when many humans find reCaptcha too difficult…

No technology is perfect, it’s all a compromise.

Dave

 

[Author]

Posts