Website whinging

The joys of recaptcha return

I’ve managed to avoid websites that use Google’s daft recaptcha thing until recently. But now PayPal wants it even though I log in and enter the SMS’d 2FA code. Despite clearing all cookies and probably-illegally stored crud it simply will not work on my Mac.

The daft thing is PayPal works fine on my iPhone – well, ok that’s the app version not the website. But I keep cookies disabled on the phone and run a cookie cruncher on the Mac. Even with that turned off recaptcha simply does not work on the Mac and it seems I’m the only one with an issue. Google hates me… but then, I rarely need to interact with it, given I use DuckDuckGo for searches and I have transferred almost all email that used to come to my Gmail account to a more reliable host.


MacBook Pro battery replacement

Recently the battery in one of our old MacBook Pro laptops gave up the ghost, big time. First, it would run for a few minutes but not long after it was totally dead, with the Mac loosing power completely if the charger was removed. We replaced this Mac as it was a vital component in our IT armoury but I wanted to fix it and, hopefully sell it as working. It’s a 2015 13″ model.

So, off to the excellent iFixit site, specifically in our case this. The guys that put these pages together are a huge help to those of us daring to venture into repairing our own kit. Anyway, I have a decent range of tools for abusing small electronic devices such as phones and laptops, so why not?

The case comes apart quite easily:

Getting the battery unstuck – my goodness they glue them in well – is hard but not so much so that it cannot be done with care. A note here, this is solely from my own experience, do not rely on this!

It took maybe 20 minutes and 4 old credit cards to very carefully unstick the entire battery. I had a new OEM battery from the Replace Base that arrived within a day, came in a neat package and included the necessary screwdrivers but I already have plenty. The price of the battery was somewhere between the cheapest eBay price for a non-OEM part and the price from Apple. Everything went back together with no screws left over (!) and the Mac works nicely, holding 100% charge and with a battery recharge indicator of 1. oh yes and I managed to throw Big Sur onto the Mac too.

I have to say though, I went through this because I have some time, being retired, and I wanted to not be beaten by something that should be simple, i.e. changing a battery. Having been through the exercise, and bearing creases on my palms for a couple of days from the force needed to unstick the battery, paying Apple to do this is actually fairly good value for money!

Data protection Privacy

Proof of existence

In the march to get rid of paper records and have everything online it is becoming increasingly difficult to prove one’s details when signing up to, or dealing with a process still based on old school mechanisms such as requiring bank statements and proof of address. This, plus the fact that in becoming ever more online the World is requiring people to own and know how to use a mobile phone while having little, if any regard to the affordability of such an item. Cursory throw-away lines such as pointing people without online access at home to their public library is becoming increasingly moot with library closures and, not least with Covid19.

Examples of the complexities one may face are rife but here are two real-world examples, carefully crafted so as to not give any names away.

Person A works for organisation B and is changing roles within B. B needs two proofs of ID and two of address from A for the new role. However, A only has one proof of address, a bank statement. B states that a second bank account will do. A can open a bank account with another bank (C) online. C only needs a single proof of ID and a single proof of address, and A’s existing bank statement will suffice for the latter. Therefore, C has a lesser requirement for proof of ID and address than B and will provide a second proof of address to A to send to B. While one may argue that C has too low a burden of proof or that B has one too high one cannot get round the fact that B already has all the information It needs as it is A’s employer.

Another example. A needs government department B to change some details about property C. B will not accept the evidence available to A but government department D does hold valid details about C. B tells A to purchase these from D. Why? Both B and D are government departments. In this case A simply dropped the issue given they had informed B of an error in the records held by B regardless of whether or not B would do anything about it.

In both the above cases the organisation in question (B in each case) has access, directly or otherwise to the information that they require from A. In the first example via existing employment records, and in the second by simply requesting it from another department.

Now, in each case, if A had an official government-scheme ID card, as was proposed and shot to bits several years ago in the UK, B would not require any further information because all such information would be tied into the ID card provided to A. A hypothesis therefore exists that the establishment, governmental, quasi-governmental and commercial, are collectively making processes so hard for all the ‘A’s in the country that a future proposal for all citizens to be issued with ID cards will succeed by the mere fact that people are so fed up with having to find more exotic ways of proving their existence that they will not vote against it.

That cannot be right.


Why is this so hard

I had to edit and then print an official form downloaded from a Government website today. All it needed was some names and addresses putting in at the prescribed lines. Easy… hmmm.

First off, the form is an MS Word document. Ok, I have Pages on the Mac. Ah, but the format is wrong and lines appear in places they should not. Oddly, the first half is fine, but the second where it needs a date entering ends up with a line through the date.

Ok. Borrow a laptop that has Word. Download the form again and it was filled in properly. I had to struggle to get a USB stick to be recognised even though it has been in there before – two goes and it found it. This is because I did not want to store the edited document on the laptop at all, well, other than whatever temporary files Windows wants to create.

So, to print.

The laptop will not find the printer

The copy of Word will not print to PDF


Finally I managed to export to PDF, stuff it on the USB, put the USB in the Mac, open it (and check the format is still ok! The ‘p’ in PDF is not always what it makes out to be) and print it.

Two laptops, one USB stick, about 10 edited lines in a document.




So we’re out of the EU as of 23:00 on 31st December, 2020. Two things come to mind.

The first order of business for me seems to be to go over PayPal’s 58 page User Agreement which is valid from today (1/1/21). 58 pages. It begins by indicating it is an agreement between me and them, they being PayPal (Europe). No surprises there then. It goes on to mention the Temporary Permissions Regime which I had never heard of. This says it “allows EEA-based firms that were passporting into the UK at the end of the transition period (31 December 2020) to continue operating in the UK within the scope of their previous passport permission for a limited period after the end of the transition period.” (1)

So, I have a 58 page document to read (and I always read T&Cs and such as should everyone) but I am a tad wary of this ‘temporary’ agreement which perhaps means there will be further updates from PayPal in due course. For all those who were celebrating our ‘escape’ it is, of course just the beginning.

Nothing wrong here of course and I use PayPal all the time. It is obvious they, and all manner of other companies need to produce new terms for this new age and this blog is not a political platform (I do all my political whining elsewhere!)

On to the second thing. I received an email this morning telling me that my .eu domain, which I abandoned a long time ago when Brexit got going, has been suspended. I am just letting it expire so no worries here. But it does rather tickle me that the people have a correspondence email for their domain which has a .ie address. So, they have moved their correspondence address to Eire, which is, of course still in the EU, in order to keep their .eu domain.


Cookies and tracking Privacy

Yup, more cookie observations

I have mentioned before that I have all cookies blocked on the phone. It’s a bit of a faff sometimes, I mean if I really need to access a site that requires a login or similar I need to re-enable cookies, do whatever I needed to do, then block cookies again, but it’s no big deal really.

And it is interesting to see what websites do not even need cookies to function, as well as which websites are so badly constructed that they do not even render anything with cookies blocked. Oh yes, and those websites that throw up a cookie banner but which still work once you are past that, of course with no actual cookies having been set.

As an example, I just visited a well known petition website to add my name. It showed the usual cookie warnings which I ignored and managed to sign the petition with no issues at all. I have an email confirmation so it worked just fine.

This brings me back to my question, should any website need to set any cookies before you enter a part that actually requires them to be set? I still say no.


Wagons role

New arrivals, a set of three Hornby wagons commissioned by the National Wagon Preservation Group (NWPG). They are modelled on wagons that the group is preserving in real life.

Cookies and tracking Data protection Website whinging

Crumbling cookies

With the fines and threats imposed by France on Google and Facebook it was interesting to note that both Facebook and, possibly unrelated eBay had logged me out overnight and I had a new-looking consent form presented by Facebook in the browser and eBay in the app. The Facebook app has not changed and I am still logged in.

So I had a look at Google again, specifically The cookie-wall – I’m calling it that because you need to agree to get past it – looks the same as the last time. Google sets two cookies on entry, one (NID) which my cookie crunching app defines as a tracker, and another called CONSENT with a 2038 expiry date. After a short while it sets another called SNID. More success on the iPhone where I keep cookies blocked. here, as before the cookie-wall appears and then vanishes.

My take on this is to question why Goole is setting these three cookies before I have consented to anything and, if they suggest that their product will not work without then why does it work without? To my simple mind nothing should set any cookies until I agree, and even then the only cookie that should be set if I do not agree is one indicating this so it knows next time. Of course, strictly necessary cookies are excepted, but I would argue that no such cookie is needed until I explicitly request a service for which they are required. This would, or at least surely should never happen on a websites entry page, with the exception of sites that require a login before one can access, and even there surely there will be a not-logged-in page where no cookies are required until one logs in.

Privacy Security Website whinging

Failed circular verification

So, you need access to a Google doc but when you log in Google senses that the PC has not been used before and is suspicious. It needs verification.

Ok, first off, this is not me. I have access to Google etc. And verification is a great idea. But there is a hole and as yet we’ve not found the bottom.

Verification is all very well provide you can actually do what is required. But what where your verification is your works telephone and you did not enter a mobile number, nor do you want to tell Google your mobile number anyway?

Google has ‘other ways’ to verify you. Following this path it sends you a code to an email address. The only email address in use was the works one. The code came but this is not enough. Google still wants to send a text to a phone – it still wants that mobile number you don’t want to put in. This ends up being circular, with another code being emailed and, once again another request for a mobile.

In the end it was quicker to ask the document owner to simply email it rather than trying to reach the bottom of the hole being dug by Google.

Cookies and tracking Website whinging

Google, sort-of positive

I know I whinge about Google from time to time but they do give me 15Gb of storage, of which I use a tiny amount and only for Gmail (which is also free of course). Having just received an email about account charges for dormant accounts or those using too much space I thought I would check, and managed to free up an extra 20Mb or so meaning I am using about 300Mb now for Gmail, much of which is me being too lazy to delete emails or pull attachments off onto local storage.

Yes, it does of course mean all those emails are sitting in Google somewhere and can be searched, but these days be honest, if you really don’t want The World to see something don’t put it on the Internet in the first place. Speaking as a privacy advocate and, indeed as a privacy researcher (Ph.D. in Internet privacy, 2017) you do need to take some responsibility for your own privacy. Encrypt important emails and let them scan all the remaining dross, ‘them’ here being all the nameless agencies around the globe rather than Google who, at the end of the day need to make money somehow in order to give us 15Gb of storage for free.

I’ve been in this game for a long time now and I remember Google when it was new. They made such a difference to web searches – anyone remember AltaVista? I ran Google Search Appliances for a number of years too which dramatically improved searches for our corporate websites.

But I will not stop whinging about the whole let’s track everyone across everywhere and see what they are looking for so we can tailor adverts to them… sorry.