Constant silly captchas!
Why am I, all of a sudden, being presented with stupid captcha things on almost every page I open? It got bad a while back when you had to click on a "yes I'm a real person" checkbox three times during the login process. Now you also have to do two lots of "click on some of the fuzzy images" for each checkbox during login - and then almost every other page you open thereafter! Really??! I thought I was logging into a FH research site, not the Bank of England!!
Yes, I'm on a VPN, can't do anything about that. Yes, I've got adblockers. For my own security. But it does it on Chrome (no adblockers), Librewolf and Vivaldi.
The biggest issue is that it's only FamilySearch that's quite as paranoid - I might get the occasional silly image game on other sites, but FS is the only one that manages to get in the way all the time!
Answers
-
@djb2 - I do wish that we might have a proper explanation for some of these features. As it is, it's as if explanations are regarded as being a security risk.
For what it's worth, from what I've seen elsewhere, my suspicion is that the Captcha stuff is not under the control of FamilySearch except that they have contracted with whoever (Cloudflare?) to provide security. The provider's algorithms may be fairly dynamic and make multiple checks depending on what the traffic looks like on that site, on that day. And what you see may not be what I see, for instance.
As an aside the most idiotic "Prove you are human" came when I was attempting to log out of FamilySearch - being flippant about it, the system was saying that I might be a bot so unless I could show that I wasn't, it would just have to keep me in FS. Joking aside, that's why I think that much of the security stuff is statistically driven, not logically driven.
Which may make it next to impossible to answer your reasonable concerns.
As for why FS is quite so paranoid about VPNs, the best speculation I have seen is that they are attempting to code for a contractual regime where certain data can be accessed only from certain countries and VPNs drive a coach and horses through that. However... Please see above for lack of authoritative comments.
1 -
In detail, I have to do the following each time I log on:
- go to FS log on page
- get "prove you're a human" checkbox to click
- choose from a set of fuzzy images, click verify
- some images change, choose again, click verify
- get another "prove you're a human" checkbox to click
- choose from another set of fuzzy images, click verify
- some images change again, choose again, click verify
- finally get to username/password page to fill in, click ok/go/login/whatever it is, can't remember
- get yet another set of fuzzy images to choose from, click verify
- once again, some images change, choose again, click verify
- finally get to the search page!
Then, randomly, but far too frequently, when opening a search result in a new window, I get the click/choose/choose again process before seeing the page.
I get that this is a free service, and much better than forking out for the paid for sites. But this is getting ridiculous. What are they actually trying to achieve? drive users away?
1 -
I am sure there are many global organisations who are (or appear) much better able than FS to negotiate the combination of VPN usage and supplier-imposed geographical restrictions, but, to be fair,
a) whether users have this in mind or are purely using VPNs for security purposes, VPNs do have a strong reputation, going back at least 20 years, as a way to obscure your geographical location
b) FS' supplier contracts are frequently with local record offices etc. which may be covered by strict legislation; may or may not have the technical or legal resources to go into this in detail; or may want to impose charges for doing so that aren't justifiable given FS is a free service
I suspect where we are may be the least worst option for now (they could be blocking VPNs altogether, after all).
1 -
Interestingly, today I'm back to just having a series of three checkboxes to login, no silly pictures to choose from!
2 -
Spoke too soon. Now I'm just getting the dreaded:
Something Went Wrong
Unfortunately, something went wrong and we are unable to display the record. Try refreshing the page, or come back later.
Reload the page
…for every result I try to look at. It was working earlier, when Amazon et al went bang.
0 -
Hmm - this suggests to me that the whole thing is dynamic. Which I suspected anyway. If, say, the VPN assigns your traffic to variable IP addresses (if) then today you got an IP address that FamilySearch's Cloudflare security (or whatever it is) is reasonably happy with. The other day, you got one that it was very concerned about - hence radically different degrees of proving that you are innocent.
Of course, IP address might not be the crucial factor - I think that there's a whole series of things that the security stuff considers - I just said that as a simple thing that I understand. The amount and type of other traffic from that patch of the internet is another possible aspect, as is whatever is happening at the FS end.
0 -
I have experienced captchas when accessing Community using mobile data, with no VPN active, but only a couple of times. I'm sure there's an IP address range angle as well as the VPN one (I'm assuming Cloudflare can detect specifically whether a VPN is active - does anyone know?)
0
