[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 07/12/2020 13:02, Simon Waters wrote:
I'm having trouble with captcha on Ebay. Firefox is my main browser and for the last 3 weeks I have not been able to login Ebay on FF. It comes up with captcha at login, tick the pictures and it asks you to then copy a random script and paste it in a box. It then sits there doing nothing. If I go into Vivaldi I can click on sign in and log in using user name and password. In FF clicking on sign in brings up captcha. I think it happened when I got a bank customer service to talk me through resetting a password and they told me to clear all FF history. Baaaad move. It certainly makes using Ebay a pain. (I have duck-duck-goed the problem with poor results.)On Monday, 7 December 2020 11:52:55 GMT Brad Rogers wrote:Most worrying of all (IMO) is that banking companies, like WorldPay, rely on recaptcha for 'security'. Since nobody outside google knows what google gets during a recaptcha transaction, how WorldPay et al guarantee the security of bank card details, IDK.I suspect Worldpay are using it to reduce the rate of automated abuse, for which they only need to know its effect on legitimate transactions which I dare say at their scale is easy to measure. I doubt it is a key security control, but getting rid of the bulk of noisy rubbish is often handy with any service. Now if that impact is disproportionately on the disabled, that might open them to liability for discrimination, although that might be a good point for them to be a bit hands-off, since they could possibly argue "we thought Google had that covered with the extra options". As regards knowing what Google gets, well we can ultimately see that for the transaction itself, the bit that is less clear are things like reputation of IP address, or reputation from User-Agent string. Interesting question, does this amount to processing for GDPR Article 22(1)? Generally I'd say a Captcha doesn't generally have legal impact on the individual to qualify, nor amount to processing PII, but if enough services rely on the same Captcha service that could amount to "similarly significant affects" perhaps. One of those areas to be careful what you wish for, since if ReCaptcha vanished a lot of companies would be rolling their own with their own individual problems. Simon
George -- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq