I think you only need to allow ajax.googleapis.com, gstatic.com and ofc google.com for the captcha to work. I give them only temporarily permissions.

I can't play my games on Origin at all because they blocked the VPN I have to connect from. I can't even get on their website when I could use it fine a year ago. Nothing changed with my VPN and it's nothing rigged, it's just a standard VPN, but they updated Origin and now I can't access anything EA. There is no true offline mode because you have to log in with a connection and go into offline mode, and it will randomly require an authentication of your account, which seems to be every time I don't have my connection.

So yeah, those are a couple of standard security things they are asking for so someone can't use support to gain access to your account. The alternative are companies that could care less about customers that may just cut access to your hundreds of dollars worth of software at any time on a whim. I know Steam is better and has an actual offline mode, but you still don't own anything you buy on Steam. They can just as easily change their policies to block all VPN and remove offline mode.

So any little gripes I have with GoG's website are not enough to make me consider one of the alternatives, unless I just don't actually care about owning what I'm buying.

Plus GoG has a much smaller base, which allows them to take suggestions and actually listen to us. I have a feeling that even when GoG inevitably gets much bigger and maybe a direct competitor to the other three platforms (Steam, Origin, Uplay), they will still listen to their customers since I think GoG is actually made up of and owned by actual gamers. Unlike the "customer service" moron from EA that said he understands my frustration with not being able to access the games I bought for over a year since he is "a real gamer too" and ultimately told me to fuck off.... Certainly unlike those at the top of the chain of nearly any major game developer or sales platform.

Class action would be the only feasible option, no?

I'm not sure it would be feasible. I think users would find it hard to prove they have never accepted Google's T&Cs regarding this. Plus, even if they won, is there any loss for a court to compensate?

Who would bother to collect PI if it wasn't valuable?

Not sure about the new ones (with sign posts and stuff) but the old ones where it was blurry letters or numbers it was definitely true.
But actually as far as I'm aware reCaptcha had been doing it before Google got involved with them.

And what they're doing is helping digitise and transcribe old books to preserve them. Which I would imagine no one who shops on GOG should have an issue with, all things considered.

Sure, it's 'unpaid labour' but you can either have a security feature that takes a few seconds of your time for no benefit or one that improves the preservation of knowledge with your input. I know which one I'd choose.

Whether the new picture choosing style (which I believe was implemented over accessibility issues with the word / number ones) still does something similar I'm not sure. I don't know what AI would need to recognise street signs or shops or to what purpose.

Because they need to know it's actually you. You could have left the computer with the browser open and logged into GOG, or you could have set up the browser to automatically log into GOG when you access the site; in either case someone else could start messing with your account. This is arguably why you need to log in again to do anything significant.

That would depend on the court involved but as for the first issue I sure as hell never accepted Google's Ts&Cs when using another site.

Poor excuse for bad design. I actually don't need to log in again on GOG to do anything significant. I only need to log in to the support site because they didn't make the cookies cross domain. And it's a once off in any case, once I'm logged in it lasts as long as the cookies last, so there's no extra security and someone else can do practically anything by just opening the page.

You could see the main argument against GoG and companies offering titles on their platform that the games are easily distributed by pirates with no need for a work around. I'm fine with a few extra steps so GoG can say they are doing whatever they can to prevent their games being pirated and keep offering DRM free games.

I have to log in to EA Origin each time just to access my games or account. There is no remembered log in, it's not just when I'm trying to access my account, but to do anything at all. I'm completely fine with GoG requiring a few extra steps to access my account and personal information. I'm not even sure what your issue is, you only have to enter your email address one time as part of the support ticket form. It's not like you have to do this every time you access their site or even to buy games. If it is, it may be because you are not using the authentication. I use their authentication and once my device is registered, there are no more security checks and I have complete access from all of my registered devices.

Yes, you could leave whilst you're logged into support, but you'll likely not be logged into support often, whereas you could be logged into GOG every time you start up your browser. And if you try to change your email or password, you'll also be asked to provide your credentials again, so it's not just support. If you think you have a better system, then I'm all ears, but just removing these checks is not an improvement. The added security is easily worth it; it's not like dealing with GOG support or changing email/password is an everyday thing, now is it?

There is no added security. In fact I just clicked on sign in and I'm now registered on support. Didn't have to enter any credentials. This is pure lazy design or either not knowing how to set cookies over multiple domains.

Discouraging people from making support requests = profit, and making people think that it enhances security = added bonus. ;p

You're right, it's a one click thing, which sure is a big obstacle. But it seems you still have to log in again to change password and email. Presumably they keep the correspondence via email in order to ensure the validity of the requests.