It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
HypersomniacLive: I got that most annoying "I'm not a robot" captcha today at my very first login.
Is this a deliberate change? If yes, why?

You sure make it more and more annoying to visit this place...
avatar
JudasIscariot: It's been here since last year if you are referring to the reCaptcha https://www.gog.com/forum/general/i_hate_this_new_recaptcha_with_pictures/post4
Yep, I do remember them, but they seemed to disappear long ago and didn't come back until today. Are you sure nobody touched anything?
I had to change the e-mail address in use with my account because my Yahoo address started acting up on me again and I wasn't receiving e-mails....

Now, i'm stuck on the security code part of the login, after i punched in the code the first time....and it didn't hold, and now hitting resend security code doesn't even work.


I also can't disable the two-stage even temporarily so that I can access Galaxy for the same reason. The code e-mails aren't showing up anymore.
high rated
avatar
JudasIscariot: It's been here since last year if you are referring to the reCaptcha https://www.gog.com/forum/general/i_hate_this_new_recaptcha_with_pictures/post4
Up until yesterday, it appeared at login only under certain circumstances, like a few failed attempts (wrong credentials), or after a few log-ins and log-outs within the span of 60min. So, no, it was not introduced as part of the very first login screen last year, it was sneakily introduced today.

Besides being annoying, it prevents MaGog from collecting and delivering updates data.

I'd like an official, public statement as to if this is intentional, if it's here to stay, why it was sneakily introduced, and what GOG hopes to achieve with it.
avatar
JudasIscariot: It's been here since last year if you are referring to the reCaptcha https://www.gog.com/forum/general/i_hate_this_new_recaptcha_with_pictures/post4
yes, but not at first attempt to login.

can we have official explanations why if the changes are not a bug. (since it's also a problem for MaGog).

some insights would be nice.
Post edited September 21, 2016 by DyNaer
avatar
HypersomniacLive: [..] it appeared at login only under certain circumstances, [..], it was not introduced as part of the very first login [..]
I had almost forgot about this, when GOG left me puzzled today. The usual login didn't work, because I'm blocking 3rd party content by default and since the captcha is powered by Google tech it simply didn't show. Just the entered password vanished as if it was wrong.

Tsk, tsk, GOG. How could you let me believe my account was haccked! :-)
I haven't encountered the problem people are reporting with reCaptcha personally yet, but if it is interfering with MaG I hope that GOG will communicate with mrkgnao the author of MaGog to try to come up with a solution that works as MaGog is now pretty much a very important community resource for the GOG community and breaking it without any communication to try to figure out how to resolve the situation would be very bad. It's the sole source of highly detailed information we get concerning updates these days and losing that as well as the other functionality that MaGog provides would be a serious blow to the overall GOG experience even though it is an unofficial 3rd party resource.

og
Post edited September 21, 2016 by skeletonbow
avatar
ssoerss: Hi people,

Could you please check if the orders history is working for you? I think it should be fixed now.
It's all working perfectly, now ^^
Thanks guys!

avatar
almabrds: Keep us informed, please.
avatar
moonshineshadow: Just quoting so that you see the news :-)
Thank you!

"Think twice before you speak, because your words and influence will plant the seed of either success or failure in the mind of another."
Post edited September 25, 2016 by almabrds
avatar
JudasIscariot: It's been here since last year if you are referring to the reCaptcha https://www.gog.com/forum/general/i_hate_this_new_recaptcha_with_pictures/post4
Any news on why they suddenly are there everytime when logging in?
high rated
avatar
DeMignon: I had almost forgot about this, when GOG left me puzzled today. The usual login didn't work, because I'm blocking 3rd party content by default and since the captcha is powered by Google tech it simply didn't show. Just the entered password vanished as if it was wrong.

Tsk, tsk, GOG. How could you let me believe my account was haccked! :-)
It's an immense PITA if one also uses RequestPolicy Continued, and has everything Google blocked by default.
avatar
DeMignon: I had almost forgot about this, when GOG left me puzzled today. The usual login didn't work, because I'm blocking 3rd party content by default and since the captcha is powered by Google tech it simply didn't show. Just the entered password vanished as if it was wrong.

Tsk, tsk, GOG. How could you let me believe my account was haccked! :-)
avatar
HypersomniacLive: It's an immense PITA if one also uses RequestPolicy Continued, and has everything Google blocked by default.
Ha you want real fun make it so you redirect connections to google through Tor. In many cases they send you to the text re-captcha with a series of rnm and the like all smooshed together. That is if it works at all.

I wish if folks were going to implement these things in an access critical manner they'd get something that ran on their own servers, I really really don't like google.
avatar
HypersomniacLive: It's an immense PITA if one also uses RequestPolicy Continued, and has everything Google blocked by default.
The formula is a bit more complex than that I'm afraid. I use RequestPolicy Continued, along with NoScript, CookieMonster, Disconnect, Privacy Badger, BetterPrivacy and other security and privacy addons blocking everything by default everywhere, only allowing individual sites and subresources on a site by site basis for years now. The last time I've seen a reCaptcha on GOG.com was the last time someone gifted me a GOG code to redeem and it pops up a reCaptcha on the redeem code screen that you need to proceed.

I haven't personally been given any mandatory reCaptchas beyond that to date, so there's something else different to add to your suggested formula although I don't know what it is. :) Perhaps it is... "use RequestPolicy Continued, block Google by default" plus "live somewhere that is not Canada" or "not in close proximity to the pope" or "rep > 2000".

Can't be sure either way, but no additional reCaptchas being shown to the boney bow man in the land of maple syrup yet. :)
Security bug report to add to the "broke" list: mantis.gog.com still does not support HTTPS, even though GOG has claimed for a long long time now to have "HTTPS everywhere".

http://mantis.gog.com/view.php?id=4590

It's like putting security guards with machine guns and attack dogs at all of the entrances to your business, but leaving the basement door entrance unlocked and unguarded. It's 2016 GOG, c'mon, it takes like 15 minutes tops to reconfigure a webserver to support HTTPS properly, install an SSL certificate and redirect http to https and confirm the setup using Qualys SSL Pulse.

The Firesheep attack years ago should have taught companies worldwide to start using SSL always everywhere with no exceptions. The problems are known about for over 16 years now. Time to have a unified security model.
Post edited September 22, 2016 by skeletonbow
avatar
skeletonbow: [...] only allowing individual sites and subresources on a site by site basis for years now. [...]
Do you allow them on a permanent basis? If yes, this is what makes the difference. I allow them only temporary, even those that I "trust".
avatar
HypersomniacLive: Do you allow them on a permanent basis? If yes, this is what makes the difference. I allow them only temporary, even those that I "trust".
When I am troubleshooting a new site, if it requires cookies (usually meaning a login session), I allow that permanently through for the site because not doing so gives no benefit and only causes login headaches. I may do it "all" or "session-only" depending on the website and how much I trust them and how often I'm likely to log in there however.

For RequestPolicy Continued, and NoScript I normally only allow temporary at first until I can confirm what the minimal amount of domains/subdomains are needed through experimentation to allow for proper site operation. Once I have determined the minimum set, I flush the temporary rules and make permanent rules for the site if it is a site like GOG that I'll be using all of the time or on some kind of regular basis. If it is a one-off view of some random site then I normally only use temporary.

My personal goal is to greatly reduce the attack surface of potentially malicious content, spyware/tracking content, consumer-unfriendly content, resource wasting content, etc. while maintaining a balance of convenience for the sites that I frequent the most.
For some minutes the forum acted like I wasn' logged in. Favourite topics were gone (also marked forums), it showed only 15 (?) threads per site and I couldn't post. I could reach my library though.

Now everything seems to be back to normal.