I'd guess this is due to some Paypal fraud protection thing thinking that Linux on M1 is an "impossible" configuration to have and that anyone with that configuration must be spoofing their hardware.
If you click onto the bug she filed, it's also kind of sad/funny that the Mozilla employee responding to it ALSO assumes that nobody can actually run Linux on M1 and renames the bug to "paypal.com - Spoofing as Apple M GPU breaks the login process by triggering a block to the security challenge".
It's a shame because Asahi runs really well on M1 & M2. I hope that they're able to get this resolved and that other issues like this don't pop up in the future.
Wouldn't be a problem if everyone wasn't probing every bit of the User's system for their own ends, but given the incentives we've put in place, that ship has sailed.
I think the real problem is that any website can get a ton of information on your GPU, including vendor, model, supported extensions etc. via WebGL/WebGPU.
With PayPal you don't need to imagine, you will get cut off randomly just by using it. Oh you have triggered fraud detection, let's waste a week of your time talking to customer support.
Probably tripping some client fingerprinting/fraud detection system because it thinks of it as an anomaly mistaking it for a bot or something. Unlikely to be intentional malice against Asahi users.
Yes but shit like this still means that if your hardware is in a minority category you will lose access to services.
For a time I couldn't access a number of website because Linux+Firefox was apparently too rare, with Linux+Chrome at least I could pass a captcha (was Akamai I believe).
so the question is should fraud protection err on the side of too lenient, allowing _some_ fraud to go thru to ensure zero innocent users get marked?
Or should fraud protection err on the side of stringency, where all fraud gets caught, but at the cost of getting innocents blocked too (in some greater number)?
This is just a guess, but maybe "inconsistent" identifiers are a good signal of being an attack bot instead of a user.
Not defending that btw. Auto-generated signals are likely a problem for any desktop Linux user, not just Asahi, since most bots will run on Linux VPSs.
Why would anyone use PayPal at the first place? I have only negative experiences with them. Constant blocking, freezing account and then unfreezing it with no explanation why it was frozen in the first place just panacea "fraud detection", chargebacks months after the purchase.
> A lot of people do not have a negative impression of Paypal. They think it always works.
I, for myself, i read a lot of negative stuff about it: accounts blocked because of various reasons, people denied access to their money because of various reasons.
They are not treated as a bank so they evade financial regulations.
For small merchants, it's really easy and convenient for accepting credit card payments from customers. You don't needs sophisticated card-processing stuff on your end (you just send the invoice and redirect the customer to paypal.com), and the fees are (relatively) low and simple, unlike traditional credit card processors that are really geared for big customers. There just isn't much competition in this space, maybe Stripe.
One click checkout vs filling in credit card info on yet another website. None of your issues apply to using PayPal as a form of payment; you don’t need to keep a balance at all.
[+] [-] ndiddy|4 months ago|reply
If you click onto the bug she filed, it's also kind of sad/funny that the Mozilla employee responding to it ALSO assumes that nobody can actually run Linux on M1 and renames the bug to "paypal.com - Spoofing as Apple M GPU breaks the login process by triggering a block to the security challenge".
It's a shame because Asahi runs really well on M1 & M2. I hope that they're able to get this resolved and that other issues like this don't pop up in the future.
[+] [-] salawat|4 months ago|reply
[+] [-] rnhmjoj|4 months ago|reply
[+] [-] fnands|4 months ago|reply
Seems very unrelated.
Anyone who works on fraud protection who can explain how this info is used?
[+] [-] OptionOfT|4 months ago|reply
There is a bug in either that process, my monitor, or the DP protocol.
Sometimes when that detection happens, my monitor turns grey, which is what it's supposed to do when you play HDCP content over a non-HDCP link.
But I'm not doing that. I'm just visiting a website.
[+] [-] herbst|4 months ago|reply
Glad to hear that's going to change as well.
[+] [-] hulitu|4 months ago|reply
It changed a long time ago.
[+] [-] j-bos|4 months ago|reply
[+] [-] general1465|4 months ago|reply
[+] [-] mid-kid|4 months ago|reply
[+] [-] em-bee|4 months ago|reply
[+] [-] tgma|4 months ago|reply
[+] [-] Timshel|4 months ago|reply
For a time I couldn't access a number of website because Linux+Firefox was apparently too rare, with Linux+Chrome at least I could pass a captcha (was Akamai I believe).
[+] [-] chii|4 months ago|reply
Or should fraud protection err on the side of stringency, where all fraud gets caught, but at the cost of getting innocents blocked too (in some greater number)?
[+] [-] leothetechguy|4 months ago|reply
[+] [-] netsharc|4 months ago|reply
[+] [-] ajb|4 months ago|reply
Not defending that btw. Auto-generated signals are likely a problem for any desktop Linux user, not just Asahi, since most bots will run on Linux VPSs.
[+] [-] general1465|4 months ago|reply
[+] [-] hulitu|4 months ago|reply
> A lot of people do not have a negative impression of Paypal. They think it always works.
I, for myself, i read a lot of negative stuff about it: accounts blocked because of various reasons, people denied access to their money because of various reasons.
They are not treated as a bank so they evade financial regulations.
Thanks, but no thanks.
[+] [-] shiroiuma|4 months ago|reply
[+] [-] hombre_fatal|4 months ago|reply
[+] [-] dontlaugh|4 months ago|reply