« previous next »
Pages: [1]   Go Down

Author Topic: Patreon anti-robot security  (Read 1924 times)

0 Members and 1 Guest are viewing this topic.

Offline IanMacdonaldTopic starter

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: gb
    • IWR Consultancy
Patreon anti-robot security
« on: August 02, 2018, 07:17:07 pm »
Think this qualifies as 'dodgy technology' so...

Message to Patreon support:

I'm finding that logins involve multiple pages of captchas. Also, it is no longer possible to update the browser* without that triggering a security alert which calls for re-validation by email. This also makes it difficult to use a separate browser (even on the same computer) to test-out the problems.

The captcha problem seems to be related to the use of privacy mode in Firefox.

As far as I can see from a few tests, the way this captcha works is actually much simpler than they claim. It looks for tracking/profiling cookies from previous visits to sites bearing advert-agency javascript. In privacy mode these cookies are not retained beyond the end of the browsing session. If no such cookies are found, the captcha assumes you are a spambot.

I cannot turn privacy mode off just for one site, and I don't think it's reasonable to expect that I should sacrifice my overall privacy for the sake of one site.

Appreciate you have a need for robot protection, but this approach is problematic. Think for a moment about what it would be like if tens or hundreds of sites did this. Nobody would be able to update or patch their computer.  -Would that be good for security?

Sent from Chrome Portable 68 on a virtual machine, with Google DNS, no proxy, no Adblock Plus, no VPN. Even so the first login attempt took five captcha screens. (Which is exceptionally low, last time it was 18)

-It remains to be seen how many captcha screens it will take to send this message. Unfortunately no way I can update you on that!

Regards, Ian. (an IT professional)

-------------------------------------

Actually took well into double figures of captchas to send. I lost count.

We do have a fairly sophisticated firewall here, but it causes no trouble on other sites. Damned if I'm going to turn it off (and hang a virtual 'kick me' sign on our IP address, so to speak) for the sake of Patreon, anyway.

* You can actually get round this by setting a fake useragent string. Doing so might cause problems on other sites though, as you're then sending them disinformation as to what your browser's capabilities are.

Bottom line, if they don't fix this soon I'm likely outa there. Sorry Dave et al, but my patience with this nonsense is coming to an end.
Logged
 
Pages: [1]   Go Up
« previous next »

Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf

 


EEVblog Main Site EEVblog on Youtube EEVblog on Twitter EEVblog on Facebook EEVblog on Odysee