4 Matching Annotations
  1. May 2020
    1. A real-world example of this would be an e-commerce site that allows users to “hold” items in their cart while they’re using the site or for the duration of a session. In this scenario, the technical cookies are both necessary for the functioning of the purchasing service and are explicitly requested by the user when they indicate that they would like to add the item to the cart. Do note, however, that these session-based technical cookies are not tracking cookies.

      I'm not sure I agree with this:

      [the technical cookies] are explicitly requested by the user when they indicate that they would like to add the item to the cart.

      The only thing they requested was that the item be held in a cart for them. They didn't explicitly request that cookies be used to store information about items in the cart. They most likely don't understand all of the options for how to store data like this, and certainly wouldn't know or expect specifically that cookies be used for this.

      In fact, localStorage could be used instead. If it's a single-page app, then even that would be necessary; it could all be kept in page-local variables until they checked out (all on the same page); such that reloading the page would cause the cart data held in those variables to be lost.

  2. Mar 2020
    1. How "Invisible Captcha" Works Invisible Captcha, or reCAPTCHA, requires end-users to click a button that says "I'm not a robot" and Google can determine whether to prompt the user with additional question (i.e. select pictures that best describe X) to verify if that person is in fact not a robot.

      That's not accurate. Invisible Captcha is only one kind of reCAPTCHA. The terms are not simply interchangeable, as is implied here.

      From https://www.google.com/recaptcha/admin/create, we can see 2 main reCAPTCHA types:

      • reCAPTCHA v3 - Verify requests with a score
      • reCAPTCHA v2 - Verify requests with a challenge

      And these subtypes for reCAPTCHA v2:

      • "I'm not a robot" Checkbox - Validate requests with the "I'm not a robot" checkbox
      • Invisible reCAPTCHA badge - Validate requests in the background
      • reCAPTCHA Android - Validate requests in your android app
    2. a complete snapshot of the user's browser window at that moment in time will be captured, pixel by pixel.

      Is this even technically possible?

      If it were:

      • how are they not disclosing this better, since it seems like a privacy concern since there could be any amount of private data in that form, that would what, get sent to Google??
      • wouldn't that be a lot of pixels (a lot of data to upload), which would take a lot of time to upload, especially at high screen resolutions?
    3. an additional reCAPTCHA-specific cookie will be added to the user's browser

      It appears to actually set a non-reCAPTCHA-specific cookie:

      NID — This cookie is set by DoubleClick (which is owned by Google) to help build a profile of your interests and show you relevant ads on other sites. The main purpose of this cookie is: Targeting/Advertising. (cookiepedia)