Forums

Remove catpatchakThread is locked

Quick find code: 278-279-793-66111678

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
The client is done using a custom network protocol and the UI is literally done with a custom interface, whilst you could make an autotyper that in general does the same thing, it's efficiency would be 1% of that which is possible via the web login that can be done thousands of times potentially without even opening a browser (unless Captcha).

2FA for web login is coming 2020.

20-Jul-2019 20:07:26

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
The companion app being usable through a web interface is besides the point, firstly, captcha isn't a security measure by itself but one to mitigate abuse from bots, and secondly, you're going to be hit by a captcha at some point getting to the companion when it existed, such as making an account, if not logging into it.

The captcha is trying to prevent bots from using the site, if you're seeing click the images or write out the sounds or whatever, that's because your browser is giving off signs of not being a human through various metrics at a threshold (and in Googles V3 captcha, I believe these thresholds are variable).

So feasibly, Jagex could lower the threshold (account creation could be more demanding for authenticity than just a general log in), but I doubt they'll ever remove catpatchak.

21-Jul-2019 09:52:35 - Last edited on 21-Jul-2019 09:53:06 by Hmm

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
There was a blog a few weeks back saying that the websites are hoping to eventually have 2FA for log in in the next year, it says so here.

Original message details are unavailable.

Coming soon:
Email notifications and validations for account behaviour changes
Authenticator checks on the website


Captcha still serves many purposes outside of preventing people from bruteforcing passwords just to sign in. Removing Captcha would for example make it even more trivial for bots to create accounts in an automated fashion, Steam suffered from this problem hugely in the past few months and had to redo their account creation flow, part of which involved, adding a captcha!

As for the Chinese users, all I really have to say on that matter is that a country that specifically makes its infrastructure a hassle to work with is not looking for your best interests. The great firewall is a threat to all none chinese technology companies, why bother catering to a country that could cut you off for a million reasons at its own whim, and has been shown to regularly.

It doesn't help that China is up there in the rankings for fraudulent and automated abuse of systems to begin with.

23-Jul-2019 11:10:42

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
No, the google captcha is influenced by your own individual web activity and browser privacy settings. Attempts to log in to your account are not factored as Google doesn't have this information, so it's not a suggestion the account is under attack.

28-Aug-2019 18:17:37

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
"May".

You say I'm incorrect on a vague as hell section of the privacy policy that is a catch all for anything Jagex decides to do, and is specifically targetted around a specific category of third party links and integrations.

The fact of the matter is whilst they "may" do it, they do not tell Google how many times your account has been logged into, because Google couldn't care less. It is not a metric that is used in their system to determine your bot likelyhood.

The API is freely accessible. You do not give them anything about your users information. They already have what they need seeing as Google is deeply embedded on the majority of the public facing internet.

https://developers.google.com/recaptcha/docs/v3

I get you have an issue with Captcha bugging you, but please don't call me a liar by posting things that have no relevance.

You can clearly see the only information Jagex gives Google is the API key of the RuneScape site

and you can also see exactly the response Google gives Jagex back

Original message details are unavailable.
grecaptcha.execute('reCAPTCHA_site_key', {action: 'homepage'}).then(function(token) {


Original message details are unavailable.
{
"success": true|false, // whether this request was a valid reCAPTCHA token for your site
"score": number // the score for this request (0.0 - 1.0)
"action": string // the action name for this request (important to verify)
"challenge_ts": timestamp, // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
"hostname": string, // the hostname of the site where the reCAPTCHA was solved
"error-codes": [...] // optional
}


So yes. Jagex "May" do that, as in, they are allowed to. But I am telling you explicitly, they are not actually doing it, and you are not beneffiting people by telling them they're under attack when they are not.

29-Aug-2019 08:26:11 - Last edited on 29-Aug-2019 08:37:14 by Hmm

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
What Mod Lyon said and what I said are not contradictory statements.

Captcha will help prevent accounts from being brute forced. Captcha does not factor how many times an account has been attempted to be logged into. Google does not have this information. If it did, zezima would never be able to login ever since the captcha would never be satisfied.


Original message details are unavailable.
As players we do not know, apart from the API, what else is shared about us.



So which is it? You don't know and therefore have no proof of what you claim or you do know since you're claiming it.

So again, please stop posting unrelated quotes to discredit me.

You are telling people to panic when there is zero evidence to.


If you have a legitimate concern with data sharing, you can email dpo@jagex.com for answers.

29-Aug-2019 10:59:39 - Last edited on 29-Aug-2019 11:00:04 by Hmm

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
Jagex couldn't know if you solved the recaptcha, as in, you actually did any extra work. The majority of people pass the Captcha without ever even seeing it. Jagex only recieves information on whether you pass the captcha, not whether you were challenged during it.

As before, the entire API for the captcha is here.
https://developers.google.com/recaptcha/docs/v3

There is nothing else other than above that Jagex can see from the captcha, and nothing they can provide google apart from the API key for RuneScape. As you can see, the fact you have a Chromebook also is of no concern to Jagex. Google is responsible for the entireity of the Logic, so Tophurious' comment of "Jagex dumb" is literally just spiteful for the sake of being spiteful. Actually having a Chromebook *does* help you pass the Captcha easier, since the Chromebook is running Google verified software and so can report back to Google all your browsing history, which running Chrome on any other OS does too. You are 100% treated more suspicious by Google if you don't run Chrome logged into a Google account that gives them all your websites you're visiting, that's a Google monopoly problem, not a "hurrdurr Jagex dumb".

I'm amazed this thread continues to be discussed. Lyon has straight up said Captcha isn't going to be removed, and half of this thread is misinformation about how the Captcha works and inspiring fear for the sake of it. You have gotten a response from the team that has control over this and they rejected it. The proper thing to do now would be to just move on.

12-Sep-2019 10:24:03 - Last edited on 12-Sep-2019 10:26:10 by Hmm

Hmm

Hmm

Posts: 12,355Opal Posts by user Forum Profile RuneMetrics Profile
If they're seeking clarity, I certainly wouldn't advise them to read this thread. There isn't "multiple angles", there is misinformation and lies. I'm not seeing questions how Captcha works, I am seeing lies presented as facts and at one point convinced someone to be concerned for their account security where there was no legitimate source for concern.

You're right, I don't have to answer. That's why I didn't make a response for 3 weeks, even though I read everything in that meantime, because for that entire duration my logic is "They have nothing more to discuss so the discussion will stop", followed by a meme suggestion just to keep stirring a thread that's long lived it's usefulness, and here I am.

If you want actual answers, ask them. If you want other people to see them, present them nicely in another thread designed for it. No one reading this thread is going to learn how Captcha works, they're going to read the lies about your account being brute forced causes you to have a captcha to begin with, and panic as a result.

12-Sep-2019 10:45:29

Quick find code: 278-279-793-66111678Back to Top