Bitstamp and ebay both insult their established customers with captchas, and lose custom

As a matter of principle, businesses should be able to authenticate their own customers.

If a business provides service over the internet, they should be able to authenticate their customers over the internet.

If the business is handling a lot of valuable assets and / or money on behalf of their client, then the business must be able to authenticate their customers.  There is no excuse not to be able to.

Captchas are infuriating "prove you're a human" bullshit, that values the time of the "human" at zero, and presumes to put the "human" to work for free, training some machine-learning database, with the side effect of some dorks walking around claiming they "work in AI".  Captchas, at a stretch, may be acceptable as a way of filtering anonymous strangers who turned up at a web site and want to do something.  Maybe they want to post, maybe they want to create an account, maybe it's something else.  Captchas are never acceptable as an ingredient of the authentication for an already-known user, someone with an account, someone who previously signed up.  And they are certainly not acceptable as an authentication ingredient for a business customer.  If a business has this person as a customer, that business has to set them up so (mutual) authentication can happen to the business's satisfaction.

Under no circumstances is it acceptable for a business to present an established customer with a captcha or similar "prove you're a human" challenge.

It is never okay for a business to captcha a customer.  Never.

Last week I tried to buy several scanners on ebay Germany.  It was ~1k fiats(2022) worth. I was logged in to ebay. Ebay captcha'd me.  Stupidly, I attempted the captcha, because I wanted the scanners, and it seemed pragmatic to go along with it.  The exact task was to identify a particular type of bridge in the familiar 3x3 grid.  My civil engineering knowledge clearly isn't up to it, as I failed.  What level of idiocy does it require to think that operating a marketplace, so already-authenticated Hans can sell his old Fujitsu scanners to already-authenticated Tom, should have, interposed into the process, Tom having to distinguish pontoon bridges from other types of bridge by eye.  And that the sale must fail if Tom declines to take part in the activity of distinguishing pontoon bridges from other types of bridge, or tries the pontoon bridge challenge and fails.  This is what happens when nerds get to try and run things: things, in a very basic way, do not work, and the nerds think they're being clever.  Ebay's 10% from me over the last couple of decades adds up to a lot, but instead of enabling trade in a marketplace, they choose to insult me.  So is someone going to replace Ebay with something that works?

Today I went to Bitstamp to improve my record keeping and get whatever reporting is available for my account, year by year.  I have been a customer of Bitstamp for quite a few years.  The trades and transfers they've handled for me add up to quite a few million fiat(2022)s, and so the fees they got from me add up to quite a few tens of thousands of fiat(2022)s.  Yet, instead of authenticating me as a customer competently, they choose to insult me:


The problem of using captchas when authenticating established customers is part of the problem of businesses being unable to authenticate their own customers in general.  The most egregious case of this I experienced recently was Interactive Brokers withholding ~200k fiats(2022) from me, on the pretense of suddenly being unable to authenticate me: https://wibblement.blogspot.com/2021/11/interactive-brokers-have-stolen.html


Comments

Post a Comment

Popular posts from this blog

the persistent idiocy of "privileged ports" on Unix

TCP and UDP have ports.  These are 16 bit; there are 65535 or so per IP address. These protocols don't care to differentiate between the ports.  Elsewhere, IANA presumes to operate a process to allocate "well-known" ports in the range 1-1023, "registered ports" in the range 1024-49151, and to reserve the remainder, 49152–65535, for "ephemeral" ports.  The caller end has to have a port, which is how replies get back within the virtual connection, and these are conventionally picked from the ephemeral range by the OS's networking stack. The whole idea of ports is ridiculous, because it allows ISPs to arse around presuming to decide which services they will "not allow".  Anything that allows IPSs to do anything other than shift opaque packets will allow ISPs to meddle and break things, and due to the Law of Meddling, if they can, they will.  I am currently working around an issue with Claro, a pretend ISP, blocking port 5060, allocated to SI
Read more

google is giving more and more 500 errors

Image
Total state capture and moral bankruptcy are not the only problems facing Google.  They are also giving an increasing rate of 500 Internal Server errors.  This is the sort that means they've messed up, but not in a way that they should have messed up.  On the other hand, they have drawn a lovely picture of a robot falling apart. Today's example is from Google Calendar under calendar.google.com.  I was trying to make an appointment, and now I'm doing this. I remember, in 2018, a friend trying to convince me that 500 Internal Server Errors no longer happened, or if they did it was my fault, and that they hadn't seen any for years, and some other things.  They assured me that they would love to see screenshots of such a rare specimen, which I bored them with for a while.  That friend happens to be a Google employee. Well, there are plenty of others posting about Google Calendar on twitter today, including screenshots of 500 Internal Server errors, so I doubt this one is en
Read more

7 minute workout: a straightforward audio recording (and two broken google web sites)

Image
 Last year I had a simple rendition of the 7 minute workout routine recorded by a voice artist . I wanted a simple audio track to help get the timings right.  I used to have a good "app" that did it, but that handset died.  Subsequent "app"s have got rubbisher and rubbisher, by having mega-configurable exercise order and making it complicated, with intrusive advertising, by synthesizing unpleasant robot voices instead of simply recording a human voice, and by making everything sound so pumped. Youtube video mmq5zZfmIws is not bad, but they have not been able to resist having ads, and a quick part of the morning routine can not have ads, it's just too tacky.  But one can watch someone doing each exercise and see how to do it properly.  Incidentally, they are at 30M views, also because daily routine.  The track I got recorded, in m4a format, is: https://drive.google.com/uc?export=download&id=1c91iH6XJrfCiItTJErJAmIbNdGuHN0tr (direct download link) https://dr
Read more