The captcha is not visible, nor is the checkbox for “I am human”.
Enter username, enter password.
Username and password are blanked, checkbox for captcha is now shown.
Check “I am human”.
Now the fun bit - the Google Captcha.
It is very frustrating to fully and obviously correctly complete a captcha and have it fail, again and again. I think getting the captcha correct is not enough to pass; something else is going on.
The load time for image replacement after selecting an image is something very fast, and sometimes very slow; I think it is deliberately being slowed for suspect users. This makes completing a slow captcha significanty time consuming.
Then then captcha seems to go into “I think you’re false and I’m going to say no, no matter what you do”. You get a series of captchas, along the lines of “click on all squares contain stairs”, which means mousing and clicking about ten or twelve times, and then it fails, and then you get another captcha of the same time, and this simply goes on and on and on.
I rarely try to log in, for obvious reasons. I would say I succeed about one time in five.
This has never been my experience and is almost certainly caused by something in your browser. What browser are you using? What extensions do you have installed? Do you have any network-level adblocking in place?
Recaptcha is a major nuisance. Free labor for tech giants, like so much else online.
It also does not like users that are doing anything to protect their privacy online. Using a VPN, in particular, makes it like a 95% chance that I get challenged to ID stuff repeatedly
Framework has made their stance on this very clear many times. ReCaptcha is a necessary industry-standard security measure. Disabling it would subject them to a lot more abuse, and given how much time and effort they already spend fighting abuse, that is not something their team of less than 50 globally, nor the team of 4 volunteer moderators here on the forums (which is also protected by the same ReCaptcha) are prepared to handle.
Issue is caused by higher-than-usual security configurations we’ve set on the browser (e.g. against digital fingerprinting), 3rd party cookies blocking…etc, or VPN. That is, we have a stranger than usual access profile / characteristics…than a normal, less-secure browser of the average human.
I would say this instead: ReCaptcha has been deemed as one of the viable methods for implementing a necessary industry-standard security measure, and subsequently selected by Framework base on various considerations / constraints. i.e. ReCaptcha is NOT necessary. The security measure is. ReCaptcha is a mean to do that.
Also, it’s partially dependent on how fast you submit the login form (in combination with the aforementioned factors)…too quick and it’ll prompt you for the ReCapture.
The only setting more stringent in Firefox is to block all cookies. Furthermore I do have NoScript enabled although I’m slightly looser there since I basically trust this site and uBlock Origin is turned completely off. I do get a ReCaptcha prompt when I want to log in but it does not fail over and over. There must be a configuration issue on user end that causes it to break like it does for y’all. I do have decentraleyes enabled as well.
@Second_Coming Does the Firefox panel that allows you to view cookies hiding cookies somehow? Because when I look at installed cookies, the only one I see relevant to this discussion (the others are obviously from other sites I’ve visited) is the one from Framework. 8 cookies actually. So if that’s the case then Google doesn’t even factor into it as it would be blocked by both you and me. Since that would fall under “cross-site cookie”. It seems to me that a VPN is more likely the culprit here since I’m not using one. Even Google-Analytics is blocked via NoScript.
We’re both in the dark as to knowing how Google makes that determination…not going to spend more time on this other than saying that’s the observation from my end.
Google doesn’t factor into this. That’s what I’m saying. Even if Google claimed they were a first-party cookie, Mozilla disagrees. So unless Firefox is lying to me, there are no Google cookies present in my browser, nor are there Google services running in connection with the forum. The problem lies elsewhere. It may be your VPN, it may not be. I don’t know or claim to know but it simply cannot be cookie related.
Alright, I’ll test this theory myself by installing ProtonVPN. Probably the only free VPN I would actually trust.
EDIT: OK, I can’t install ProtonVPN proper but I can enable the browser extension and I don’t have any issues logging in. As usual, I get prompted for ReCaptcha but one pass clears that. Now I have no idea what the configuration issue is. The only thing I can suggest is turning off things and reintroducing them to determine root cause.
The authentication mechanisms in the industry is moving away from password as a factor…(i.e. passwordless is gaining adoption). Something to think about.
How you view the value of your data is yours to decide…and the same goes for other people. CIAM allows for opt-in step-up mechanism to be selected by each individual.
Similarly here, each person’s approach to security is different.
It’s a maturity progression…to offer additional means for user authentication.
Just to add: There are better solutions than ReCapture…at a cost. Would be a pain if logging into banks require a “Are you human?” prompt, for example. So, to @Morpheus636’s point, organisation size does play a factor in deciding / designing the login experience / user journey. But as those machanisms become more widely adopted, that will drive the competition of similar technology offerings and shift the norm of user expectations. (Ping and Okta)
How can I view sources to those plugins? For instance ublock has sources but the fingerprinting plugins don’t. How do you know you can trust the author?
Maybe the plugin works but how do we know that it only does one thing?
This is why I asked. If the author publishes the source then it means that they’re fine with everyone tampering with it in the wild because they’re sure that they publish a good thing.
If there is a source then there is a way to find out that somebody’s lying by not compiling the correct thing when issues with faking the sources is found.
But if there is no source then there is no accountability.
Thanks for providing a video which provides an argument that you could as well use to justify Windows and Google use. Their sources aren’t available “easily” so nobody should care what quality they provide. If you’re not given an ability to compile windows via these flatpak instructions then it has to be ok to use it. I don’t think that the guys in the video know what they’re talking about. Showing power by smoking a cigar and sitting in a light-up studio doesn’t make them smarter.
On the other note – if users are complaining by websites using reCaptcha then why hasn’t anyone given any alternatives that FW could consider? It’s easy to complain but why not actually try and do research?
If they constantly feel the pain when they use reCaptcha then they have to know about services that provide same or better levels of security that don’t require to use reCaptcha. I think it’s reasonable to expect that from those users.
