Logging in to the web-site *stinks*

@amoun You’re right, user login security/ease is not the topic discussed here.

1 Like

How you view the value of your data is yours to decide…and the same goes for other people. CIAM allows for opt-in step-up mechanism to be selected by each individual.

Similarly here, each person’s approach to security is different.

It’s a maturity progression…to offer additional means for user authentication.

Just to add: There are better solutions than ReCapture…at a cost. Would be a pain if logging into banks require a “Are you human?” prompt, for example. So, to @Morpheus636’s point, organisation size does play a factor in deciding / designing the login experience / user journey. But as those machanisms become more widely adopted, that will drive the competition of similar technology offerings and shift the norm of user expectations. (Ping and Okta)


How can I view sources to those plugins? For instance ublock has sources but the fingerprinting plugins don’t. How do you know you can trust the author?
Maybe the plugin works but how do we know that it only does one thing?

Ah…the rabbit hole (timestamped):

Use what you trust. How you derive trust is a personal choice, source code or not.


This is why I asked. If the author publishes the source then it means that they’re fine with everyone tampering with it in the wild because they’re sure that they publish a good thing.
If there is a source then there is a way to find out that somebody’s lying by not compiling the correct thing when issues with faking the sources is found.
But if there is no source then there is no accountability.

Thanks for providing a video which provides an argument that you could as well use to justify Windows and Google use. Their sources aren’t available “easily” so nobody should care what quality they provide. If you’re not given an ability to compile windows via these flatpak instructions then it has to be ok to use it. I don’t think that the guys in the video know what they’re talking about. Showing power by smoking a cigar and sitting in a light-up studio doesn’t make them smarter.

On the other note – if users are complaining by websites using reCaptcha then why hasn’t anyone given any alternatives that FW could consider? It’s easy to complain but why not actually try and do research?
If they constantly feel the pain when they use reCaptcha then they have to know about services that provide same or better levels of security that don’t require to use reCaptcha. I think it’s reasonable to expect that from those users.

I see you’re new to the security scene.

You’re right about the second part…doesn’t make them smarter. They already are.

1 Like

I’m the newest.
This doesn’t make you better or superior.

Never claim to be. We can both be new.

People take offend for pointing out as new. When / if new is a fact, why get offended? It’s ok to learn about things, to grow. Take the ego out of the equation, learning means you’re growing.


In my decrepit age I am a bit slower and have to listen to more criticism, if only I could have heard it when I was young, it’s so much fun.

As my mum said “There’s none so deaf as those that don’t want to hear”

I heard that but not much else she said, I was young and new.

Now, going back to the question of source code of the plugins…if you must.

You already have them in the plugin xpi files.


More info here:


My mum said similar things to me over the years as well. She also taught me to be proud about being new. It means we’re exploring, getting out of our comfort zone…

Also, this perspective might help:
If someone look down on you, that’s on them.
If you get offended easily, that’s on you.

Having thick skin goes a long way.


If Captcha is a must, would Framework consider alternatives to Google’s reCAPTCHA?

1 Like