Yeah, I may have spoken too soon. Tonight, my credit union web site ran me through a dozen captchas before I broke out to investigate. It was uBlockOrigin! Captcha wouldn’t let me pass if I didn’t let Google Analytics track me!
Now that should be downright illegal.
It’s unfortunate that Google (dis)services infest so much of the internet, and especially maddening when websites think they provide some kind of “security.” See Google Shadow Profiles
When I have had to get past captchas, I’ve noticed that it’s gstatic
that has to be temporarily enabled… but to get the gstatic
script to show, I have to enable another Google script first; google.com
, I think.
We can only hope that this stuff will eventually become the subject of a privacy-abuse lawsuit.
You can take action by switching financial institutions and/or becoming unbanked.
Generally, it’s not my banks, credit union, investment institution, or credit card issuers that throw captchas at me.
I highly value access to financial products, by the way, so I don’t plan to get myself “unbanked” any time soon.
Sure, I understand. I prefer not waiting around until data breaches and/or privacy-abuse lawsuits happen by third-parties at their own convenience. By then, I assume that it is too late to take action.
Change banks? (Unless you’re in Australia, I think they only allow four. But that’s what they told me 40 years ago.)
Then there is my bank that lets me login to my account through the Tor browser. I’m not joking. I did it like 50 times and all functions and services worked just as good as If I used a normal web browser. It is just significantly slower.
My bank doesn’t like the available browsers
My browser doesn’t like the available banks.
There was an old joke from the Tonight Show about 50 years go with Johnny Carsron, I think it was Jonathan Winters who told it. It was a monologue and he steered it to his visit in Switzerland, with a bunch of money trying to establish one of those secret Swiss Bank Accounts. After asking about where one of these banks was, he was directed to an upstairs room at a Tavern where he found this litte old man sitting behind a desk. Asking about an account, he makes the deal and he give the little old man a briefcase full of money and the little old man takes and puts it behind his desk. Before leaving he asks the little old man, “Well don’t I get a secret bank account number?” “Indeed” said the little old man. “Well what is the account number?” The little old man said: “One.”
Angelfish is the only browser I managed to find that allows me to log in to my bank.
Could it be that angelfish doesn’t block stalkers or does angelfish block a certain way different from other browsers?
~s
An interesting point! But that would be illegal according to which Law, in what Country or aggregate of nation-states( like EU) having common legislation?
In fact, I can’t remember ever seeing any law or regulation restricting the use of GA or Gstatic by websites - anywhere they would be hosted in the world…
But that would be illegal according to which Law, in what Country or aggregate of nation-states( like EU) having common legislation?
Always a fair question - and sometimes quite difficult.
However in the context of this topic - your bank - then you and your bank are likely to be in the same legislative regime, so it’s not as difficult as it could be.
I don’t see why a bank would be bothered with a CAPTCHA. Some sites use it to stop automated login attempts but that can be countered by locking the account out, for a while or until there is manual intervention, after a moderate number of failed logins (even though in some cases that might allow a DoS) or at least deferring the use of a CAPTCHA until that number of failed logins. Some sites use it as an anti-scraping mechanism but I wouldn’t think that applies here.
I can’t remember ever seeing any law or regulation restricting […]
In this case “should” refers to what I think ought to be the case but which is not the case.
It is arguable that any general anti-tracking right could blow Google out of any web site that it has its tentacles in.
Good security practice suggests that important web sites should avoid third party content.
Good security practice suggests that important web sites should avoid third party content.
Amen to that.
Some web sites may just be checking the User-Agent string … hence installing a Firefox extension that allows you to override the User-Agent and then cloning the User-Agent from a device that works may work around the problem.
This has worked tremendously well for me! (Given the shitty situation where websites actively discriminate by user agent.)
I’ve found Mobile View Switcher to work best, because it lets me enter one user agent string, then allows me to toggle between the correct and the fake one at will.
Toggling between real and fake turned out a useful feature, because faking the user agent occasionally breaks other websites.
Remember though: You’re responsible for your own due diligence when you use web extensions. These are often updated automatically, and can turn rogue at any time. I’m currently learning about Debian packaging because I want to depend less on silent automatic updates.
In this case “should” refers to what I think ought to be the case but which is not the case
Ah, very sorry! I misunderstood the use of “should” in the context of your remark - I thought you were referring to some new magical regulation that had suddenly appeared, which I would not be aware of…
Well, too bad,so.
The Evil Giant Octopus always wins then - nothing we can do about that!
I’m guessing it is down to the user agent it sends.
The user agent add-on works. Set it to chrome 115 or something.
Why doesn’t Purism install regular Firefox as their default browser. I know that works. Firefox ESR does not even though I have the most recent version.
Why doesn’t Purism install regular Firefox as their default browser.
Ask Purism support:
General questions
To: support@puri.sm
What: explanations and additional information about Purism products, services or software, if these are not provided already on our website or wiki, or simply not clear enough.
- This is not meant as a replacement for the support@ and ops@ addresses (see further below).
- Before sending questions to “info”, please first check our website: general , products , phone , FAQ and wiki pages, your question may be already answered!
Subject: [product or service] question summary
Usual response time: under 24 hoursExample email subject: [Librem laptops] SSD models in Librems