I have a weird Internet setup: I use a Peplink mobile router to bond two cellular connections via its fantastic SpeedFusion VPN. This necessarily uses a remote bonding server that sits in a datacenter somewhere, which is where the websites that I visit see my traffic originate.
Aside from this, I'm just a regular user with a Macbook and a mainstream browser devoid of any exotic security settings.
My everyday browsing experience is an exercise in frustration.
Citi refuses to let me log in, flashing a form validation error for a split second before simply refreshing the login page. United works fine - until I try to search for a flight - at which point my session suddenly expires and I am unceremoniously logged out. GrubHub is content to let me find a restaurant, choose my items, add them to cart, and go through the checkout process - it's just that any credit card I enter is invalid.
A site using Google's reCAPTCHA will make me go through five rounds of clicking on squares that have bicycles in them, except the whole damn picture is of a motorized scooter (is that a type of bicycle? does the person on it count as a bicycle?), so I have to click 12 times - per round.
If a website embeds a YouTube video, I can't watch it without logging in to prove I'm not a robot (to protect the community!) - except embedded YouTube videos don't come with a log in button and tracking cookies are all-or-nothing.
I am exhausted by completing entire checkout flows in an effort to, you know, buy something, only to run headfirst into some fraud detection tech that prevents the business in question from taking my money and seldom bothers to let me know that it's done so.
Aside from this, I'm just a regular user with a Macbook and a mainstream browser devoid of any exotic security settings.
My everyday browsing experience is an exercise in frustration.
Citi refuses to let me log in, flashing a form validation error for a split second before simply refreshing the login page. United works fine - until I try to search for a flight - at which point my session suddenly expires and I am unceremoniously logged out. GrubHub is content to let me find a restaurant, choose my items, add them to cart, and go through the checkout process - it's just that any credit card I enter is invalid.
A site using Google's reCAPTCHA will make me go through five rounds of clicking on squares that have bicycles in them, except the whole damn picture is of a motorized scooter (is that a type of bicycle? does the person on it count as a bicycle?), so I have to click 12 times - per round.
If a website embeds a YouTube video, I can't watch it without logging in to prove I'm not a robot (to protect the community!) - except embedded YouTube videos don't come with a log in button and tracking cookies are all-or-nothing.
I am exhausted by completing entire checkout flows in an effort to, you know, buy something, only to run headfirst into some fraud detection tech that prevents the business in question from taking my money and seldom bothers to let me know that it's done so.
Is this the state of modern web security? Entire ASNs are effectively shadowbanned from completing only the most important parts of what the user is actually trying to do, and this is invariably implemented in a way that makes me long for the days of plaintext nginx 403 Forbidden pages.
The sad thing is, we really do have the technology to do better. Browser fingerprinting is sufficiently advanced to serve as a unique identifier - but only for advertising. When it comes to validating if someone is a real user, we just look up their IP address and show them the door.