Mastodawn

Stephen Godwin Feb 21

Harley 🐝🌿

- do you want to use google to sign in?
- do you want to add a passkey?
- do you want to add a 2FA token?
- we know you have 2FA but we've sent you an email instead
- this login attempt seems suspicious we've sent you a text about it
- can you click on these buses?
- you failed to click on the buses click on these bicycles instead
- should we save these details for next time?
- do you accept these trackers?
- you can opt out but we've decided it's legitimate interest anyway
- would you like to see a list of our 847 partners we share your data with?
- can we send you desktop notifications?
- can we access your location?
- do you want 10% off for signing up to the mailing list?
- do you want me to translate this page?
- hi I'm your friendly chatbot how can I help?
- oh no you can't buy this, reach out to us for a quote!
- do you want—

I'm tired boss

Laika Noumi Feb 21

@lichendust Damn, it sounds really too much

Judah Hansen Feb 21

@lichendust This service comes with hitting-you-in-the-head-with-a-frying-pan technology (don't worry, you can opt out by verifying your email and contacting our legal team!)

Man aging with madness Feb 21

Sign in using 2FA hardware token, receive email "We've received a suspicious login! Click here to confirm it's you"

ffs, I used my bleeding hardware 2FA token; yes, it's me.

Man aging with madness Feb 21

Even worse:

Attempt to sign into website on which I have my hardware 2FA configured. Correct password gets rejected. Oh, look; they sent me an email because they "don't recognize the computer" or "it's a sign-on attempt from a new location". I have hardware 2FA configured; don't fecking email-2FA me. I have hardware 2FA set up for a damned reason!

@praxiscode @lichendust Github has another trick: My (correct) password is rejected ever since I configured a passkey. I can still change the password after logging in with the passkey, but it is only ornamental.

Chris Hessert Feb 21

I move on after only 2 of those, and consider myself patient. 😉

ಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)Feb 21

@lichendust On the desktop, I use uMatrix (technically unmaintained) with deny-all as the default. So useful for cutting down on so much of this!

Christian Stadelmann Feb 22

@chiraag ublock Origin does almost the same job, if you want to switch to actively maintained software

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

*EDIT: Fixed autocorrect issue, added URL

uBlock Origin – Get this Extension for 🦊 Firefox (en-US)

Download uBlock Origin for Firefox. Finally, an efficient wide-spectrum content blocker. Easy on CPU and memory.

ಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)Feb 22

@genodeftest @lichendust Yes, I already use uBO, but even its advanced mode can't match the granularity of uMatrix, unfortunately!

Ambulocetus Feb 21

@lichendust "It looks like you are using an ad-blo-" CLICK

Akin to.. Just sign up to continue reading this article.

Ari [APz] Sovijärvi Feb 21

@lichendust Are you tired? We have a solution for you! Our brand new AI can sort all this out for you in no time! No need to think for yourself any more.

LΞX/NØVΛ 🇪🇺Feb 21

@lichendust you forget the popup that nag you to disable your adblocker xD

ɩɐɥɔɐɿɐɯ Feb 26

@lexinova @lichendust oh, I just block those like another ad, lol

Stéphane Audic . For Hire Feb 21

@lichendust Even creating a gmail address has become a nightmare...

Flamekebab Feb 21

@lichendust if your site only has a form to ask for a quote, you're dead to me. If I could afford you then you'd have a price.

Paul_IPv6 Feb 21

by the time i'm through all that, i sometimes struggle to remember why i was trying to log in in the first place...

@paul_ipv6 @lichendust

https://twit.social/@viharm/116113342676568553

viharm (@[email protected])

@[email protected] @[email protected] This is a real issue. And I can feel for those with ADHD out there. For every new thing I'm doing, I open a new browser window, so all tabs in that window are related to the topic. the first tab is a web search, with the search phrase of what Im doing (of course the search engine is Qwant, DDG, Brave or Ecosia). subsequent tabs might be the rabbit hole for that topic, but at least im not forgetting shit 🤪

TWiT.social

@lichendust we see you made a purchase would you like to add a worthless protection plan and these completely unrelated items

@lichendust All questions to make more money. Nothing there to actually support YOU.

Greys Abiding 🎹Feb 21

@lichendust 'Text 'STOP' to get on our list of people who actually respond to text messages.'

@lichendust "you've successfully authenticated with your passkey. please enter your 2fa code."

jfc i just remembered that nextcloud does this & i only forgot because you can touch your yubikey instead of entering a code

mapleleafroundel

@lichendust I have a headache by the SMS 🤕

@EdwinG @lichendust Is that because SMS is ridiculously bad for 2FA, or just because it's ghetto?

TheNovemberFella ✊🏳️‍🌈 🇺🇦☸️🛰️🚀Feb 21

@lichendust 👍💯👍

Ian Bradbury Feb 21

@lichendust - I see you’re using an ad blocker. Click here to pay a small fee in order to watch this 15 second short, into which we’ll inject 3 pre-roll adverts.

Joe Alexander Feb 22

@bradbury @lichendust Even better - get a pihole, use Google Chrome, or Chromium, or Edge. Go to Hulu, doesn't work. You can't actually block the Hulu ads, have no rules against them - you even pay for ad free. But you block Google, datahog, logging services, trackers - SO WE REFUSE TO RENDER THE VIDEO. For about two weeks you could still use Safari - then they closed that hole.

You've paid. It's ad free - product flat out doesn't work if you block third party trackers. They would rather you cancel.

Joe Alexander Feb 22

@bradbury @lichendust Same for ESPN, Hulu, now YouTubeTV

Martin Enders (he/him)Feb 21

@lichendust hahaha I feel this pain

Michael McWilliams Feb 21

@lichendust The password field does not allow you to see what you typed. Even though you are at home and alone in the room.

John Deters Feb 22

@MichaelMcWilliams @lichendust They also disabled copy in the "type the new password twice" fields, so if you use a heckin' strong password generator that didn't include their special characters, and you fix it by hand, you won't see that the copy of the fixed password never happened and you're still pasting the bad one.

I want to spray those idiots with honey and spill an ant farm under their desks.

Joe Alexander Feb 22

@targetdrone @MichaelMcWilliams @lichendust sorry, we're so secure you can't use your password generator on our site! everyone here uses "letmein1"

Lilith Ashley Nyx Arson

@lichendust please don't leave! check out now to save 5% off your order

IAmTorva Feb 21

@lichendust For me the most frustrating was logging into Microsoft Authenticator on a new phone. With no access to the old one.

- You have 2FA configured.
- You must use 2FA to login.
- Cannot use 2FA - Use alternative method.
- To use alternative method, you must login first.

Back to the start
- You have 2FA configured.
- You must use 2FA to login.
- Cannot use 2FA - Use alternative method.
- To use alternative method, you must login first.

Resetting 2FA didn't break the loop. Instead, they still expected me to use Microsoft Authenticator to login to Microsoft Authenticator.

The only way out of this loop was to use Google Authenticator.

Kerr Avonsen (she/her)Feb 21

@TorvaFirmus @lichendust This demonstrates exactly why a phone is a Single Point of Failure.

Why don't they teach them comp.risks at these schools?

Yenn dc ☂️Feb 24

Just use Aegis. Much better than either of those. ;3

IAmTorva Feb 24

@yenndc Never heard of Aegis. Who owns that?

Yenn dc ☂️Feb 24

Aegis Authenticator?

It's GPL-ed software, so no one, at least in the usual sense. 😉
There isn't any corporation backing its development either (AFAIK).

You can check its "promotional website": https://getaegis.app/

Or it's code repository: https://github.com/beemdevelopment/Aegis

As a little green flag, it's available on F-droid as well: https://f-droid.org/packages/com.beemdevelopment.aegis

Aegis Authenticator

Aegis Authenticator is a free, secure and open source app for Android to manage your 2-step verification tokens for your online services.

LittlePolarBear Feb 21

@lichendust
Your email is suspicious! Please provide all these details to identify yourself before we can sell you our stuff.

Thomas Thyberg Feb 21

@lichendust
"- would you like to see a list of our 847 partners we share your data with?"

"You can opt out by toggling them individually"

@thyberg “Or you can just ‘continue without accepting,’ but then the 754 of them that have ‘legitimate interest’ will stay on.”
@lichendust

:kura_explode:Feb 21

@lichendust hi tired boss, do you want to use google to sign in ?

@lichendust hahaha jaaaa

Curioso 🍉 🇺🇦 (jgg)Feb 21

I miss the days when I could sign in with Google 2FA at work.

Now we are using Microsoft 2FA, and it is a fucking nightmare. Sessions get lost, half of the time the it refuses the login because of who knows why, and when it goes right it is even more cumbersome than Google's.

mousebot Feb 21

@lichendust gaslighting, abuse...

Dragofix Feb 21

@lichendust If your privacy settings are very good, this

"you failed to click on the buses click on these bicycles instead"

could go on for 6 (very slow) rounds and still fail and you have to start again. 🤣

Ashwin Dixit Feb 22

@Dragofix @lichendust

"Hmmm...seems like you are nearly blind. Would you like the audio version of captcha instead? It's called gotcha."

Dragofix Feb 23

@purrperl @lichendust 😂

Janeishly Feb 22

@Dragofix @lichendust Yep, I get that a lot. Extremely frustrating, but an exercise in just not accessing whatever it is and being content with that

Dragofix Feb 23

@janeishly @lichendust Indeed. I could swear that it doesn't even matter if you click on those perfectly right as long as you don't click too many wrongs. The trick is somewhere else. The clicking part is just cosmetic. 😁

Pseudo Nym Feb 21

It's extremely ironic that the AI image parsers have gotten good enough to solve the captcha that humans can't.

Joe Alexander Feb 22

@pseudonym @lichendust they are so good they won't solve them - because they refuse, not because they can't.

Why did I open this page? Don't remember, close tab.

@robelix @lichendust

This is a real issue. And I can feel for those with ADHD out there.

For every new thing I'm doing, I open a new browser window, so all tabs in that window are related to the topic. the first tab is a web search, with the search phrase of what Im doing (of course the search engine is Qwant, DDG, Brave or Ecosia). subsequent tabs might be the rabbit hole for that topic, but at least im not forgetting shit 🤪