[Nottingham] T-shirt purchase and more pertinently, PayPal rant
neal at tutamail.com
Wed Jul 6 05:25:35 UTC 2016
Following my recent enquiry about a GNU/Linux T-shirt I'm pleased to say that
I've been on eBay and bought one with the standard Stallman GNU logo on it.
What I'm not pleased to say is that I'm now locked out of my PayPal account.
I've had my PayPal account (and matching eBay account) for over a decade and
I've learned (and been burned) in the past that; after buying something from
eBay using PayPal it's best to go directly to the PayPal website and make
sure that you're logged out. In the past I've managed to open a tab straight
to my PayPal summary page, because eBay has cheekily kept me logged in after
buying something. I think they may have sorted out this quirk a few years
ago, but it definitely was a thing, and I always like to check.
So I pay for my T shirt (bottle green, sartorial chums!), and head on over to
PayPal in a different tab to check that I'm still not logged in. I'm
presented with the PayPal login screen, but this time it has a banner saying
that there's been suspicious activity on my PayPal account because someone's
logged in from Rugby, UK.
Immediately I snort to myself "yeah, you idiots, that's because I'm currently
connected via VPN that happens to be based in Rugby. Nothing suspicious
So PayPal now want me to change my password because of their incorrect
assumption that I'm being hacked from where my VPN connection is.
I store my passwords in Keepass and they are piped through to Firefox using a
combination of the PassIFox plugin for Firefox , and also using an AES binary
that you have to manually 'sudo mv' into the Keepass /usr/lib directory
(it's on GitHub, called KeePassHttp.plgx).
PassIFox and KeePassHttp.plgx then communicate with each other when a
password needs to be decrypted from the vault and injected into the browser.
Firefox password manager is disabled and when the password is piped through
from Keepass it's AES decrypted in the time it takes to be pumped into the
browser login box. It's a pretty neat system once you get it set up. The only
annoyance is that it sometimes borks Firefox Sync because the sync password
is stored outside of Firefox. An annoyance I can live with by manually
signing into Firefox sync every now and then.
So, I sigh to myself, before begrudgingly generating a new random
alphanumeric password to use for PayPal. Then PayPal tells me I haven't
included any special characters. "Whoops! Fair enough!" I think, and get
Keepass to generate something which probably contained a plethora of special
characters. I enter my second attempt at changing my password and by now
PayPal have had it with me. My account is locked and I'm vainly trying to
call an 0800 number at 5 in the morning to speak to a PayPal call center,
which was (un)surprisingly a dead end.
I'll sort it out at a later date. But isn't it wonderful that one of the
Internet's biggest payment processors don't even acknowledge that their users
might be using a VPN?
My T-shirt is in the post. It probably won't fit, but thanks for listening to
me vent my spleen about PayPal.
I feel (slightly) more cleansed!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nottingham