I really don't believe twitch is blocking Firefox. Check your add-ons, clear cookies, etc.
You're right. I only get this when Twitch can see I'm using a VPN.
This might be understandable if they have various sets of blocked/disallowed content depending on local laws, but OTOH I wish they'd more clearly communicate why you're being blocked then.
I've also had trouble logging into Twitch a few times over the last year on Firefox, but the same is true for Paypal. Both of them don't work in a private window without any addons either, and at least for Paypal changing the user agent didn't help. Twitch works fine If I'm already logged into Twitch, same with Paypal. Just the login fails for some reason.
There's other payment options, and I seldomly watch streams anyway.
Firefox is actually one of the recommended browsers, if you were to click on that link. Twitch just has some issues sometimes
Yup, I use Twitch all the time on Firefox (including yesterday), and with an ad-blocker as well.
I just logged in, no issues, probably check your extensions. Mine are minimal, includes uBlock, regular Firefox updated to latest.
Same, just logged in fine. Firefox on Linux from Arch repos.
Differing experiences might mean that Twitch is performing A/B testing on blocking Firefox.
Usually it means that OP either uses a "hardened" fork, or did some messing around with about:config like resistFingerprinting, without understanding the ramnifications of such hardening on various web technologies that aren't primarily related to tracking/tracing.
Seems to be working OK for me on FF with Ublock and Privacy Badger running.
Same here
I had this come up when I was using a locked down version of FF.
Basically what happened was the security settings were not allowing Twitch the access it required.
Once I went through and allowed access it worked fine.
Change user agent. Log in, opting to stay logged in for 30 days. Change user agent back.
That's my routine with LibreWolf.
I also believe they don't like a particular security setting present on FF based browsers, though I don't recall off the top of my head which one.
Aite maybe this is a dumb question, but what is “changing the user agent”?
When your browser connects to a website, it will tell the webserver what type of browser you are using in the HTTP headers. This can be used for serving a special web page for browsers with quirks, or it can be used to block certain browsers.
It may look something like this:
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0
But you can use an extension like this one to spoof your user agent and send out one that corresponds to a chromium browser.
Grazie for the link
Something you shouldn’t have to do in order to use the internet.
There are browser plugins that let you change your user-agent request header to masquerade as another browser (e.g., Chrome).
Thanks!
User-Agent is a string of information that browsers use to identify to a site what browser, version, build, etc you are using.
You can download FF extensions that allow you to spoof a different user-agent, making the site think you're instead using Chrome, as an example.
Thanks!
I also believe they don't like a particular security setting present on FF based browsers, though I don't recall off the top of my head which one.
You need to disable resist fingerprinting. It's annoying, but you can reenable it after you've logged in
That's the solution if you immediately tried to login and it didn't work.
Twitch login has in general very misleading error messages. The exact same message with unsupported browser also appears if you take too long to login
No, you need to email twitch that they have a bug.
And boycott them if they're intentionally trying to harm marginalized folks.
I'm all for FOSS browsers, but how are Firefox users marginalized folks?
The issue isn't Firefox. The issue is users who have privacy protections enabled. Marginalized folks need such protections to stay safe
Stop using recommended when you mean required FFS.
This is a cookies/tracking issue, not a Firefox issue.
If you set it to allow tracking, it will let you login, and you can disable tracking again after and it will remember you.
Now that is a long password lol
Idk someone could probably brute force it in only a few trillion years, I'd make it longer if you plan to be using Twitch long-term.
You assume the person would never change the password. Someone with that long password is probably security concerned and is likely to change it after some time, even if its once in a year.
Yeah but you'd have to write it across like, 10 post-it notes along the top of your monitor. That'd get expensive!
Or just use a password manager. Then you only need to store one password across 15 post-it notes.
NIST does not recommend changing passwords. Its usually a bad practice
Why is changing passwords bad practice? What is the reasoning behind this? Changing passwords is highly recommended. There are many reasons why one should do this. Found this article: https://www.linkedin.com/pulse/why-passwords-must-periodically-changed-roger-grimes and don't agree. The argumentation seems like if you have to remember all passwords, but totally ignores password managers.
NIST used to tell orgs to require password rotation. Some years ago they changed their recommendation with an explanation that it adds not security benefits while it encourages users to write down or use shittier passwords.
Yes, as I said, that is with the assumption if people do not use password manager and get lazy. Then I can see this argument being true. But with such long and complicated random passwords on many different services (like I do), it's expected to use password managers and only remember a single password. Therefore this is the preferred method over bad passwords, which are not changed frequently, as the NIST recommends. I do not agree with that.
Password managers.
Yup, most of my passwords are like 30 characters, and I don't remember any of them except the one to unlock my password manager (and a couple other important ones).
If your password don't overflow the input field, its not long enough
It was doing this to me a while back. Are you using a VPN or using an ad-blocker specifically for Twitch's embedded stream ads? (e.g. TTV-LOL-Pro) The latter work by using proxies and so I think trigger the same sort of effects. Disabled it and it worked fine. It also happened on a Chromium-based browser when I tested it out.
Everyone boo this service!
BOOOOOOOOOOO!
When I got that message I just refreshed the page and tried logging in again and it worked.
As if I needed more reason to not go to Twitch. 😂
But it actually works fine for me. Firefox beta 122.0, uBlock Origin and Consent-O-Matic installed.
Does it still let you sign in? I am currently signed in and it works
No, I tried to log in so i can change my password
I had to disable an extension to log in last time I got this message. Alternatively, force refresh the page.
Are there many open source frontends for Twitch? I Xtra on Android
worked for me but I do have 2-factor
The same thing happens with webkit.
Please don't post pictures of text without transcribing the words
the title describes the screenshot entirely
Fuck blind people who need to google error messages, right?
/s
Upper screen: [Twitch Logo] Login to Twitch
Box with error notice: Your browser is currently not supported. Please use a recommended browser or learn more here.
Sorry I'm blind, and I cannot see the image. Would you mind telling me what you posted?
A gif
Sorry I'm a fucking monkey, can you translate your comment to monkey noises?
Just a comment: IMO it's not worth using strong passwords on which you depend on privative/unknown security platforms. Who knows how many times they get hacked or have backdoors? Unless they specify they only store the hash I refuse to sacrifice one of my strong passwords.
Edit: To all talking about password managers. I don't believe in single point of failure as a way to go. The fact that i've to explain that xd...
You should use randomly generated passwords from a password manager, there is no short supply of strong random passwords.
Waste one of my 2272657884496751345355241563627544170162852933518655225856 possible 32 character passwords on Twitch! Outrageous! What if I run out?
Bro over here still using one of his "strong passwords" trying to give other people security advice 😅
Sacrifice? Tf you on about?
Genuinely terrible advice. Every popularly available password manager service hashes all your passwords, if they have a data breach they have extremely strict reporting compliance and the majority of services will re-hash all your passwords. If youre so extremely concerned about that, host your own.
But what concerns me the most is
Unless they specify they only store the hash I refuse to sacrifice one of my strong passwords.
... What to you mean sacrifice?
Keeping all on one password (password manager) is a single point of failure, which i don't like. I mean sacrifice because my brain can only remeber a few 512bytes long passwords (again i don't use password managers because of single point of failure).
Does your threat model involve The Mossad? There's no way on earth that you are genuinely remembering multiple 512 byte random passwords, let alone actually taking the time to type them in.
Having a password manager, with MFA, a strong master password, and rule based device verification is ultimately more secure as you can have every password be randomized.
Best practices are best practices for a reason. I recommend you follow them.
Mossad or other agencies arent God. If my device is cryptographically secure and doesn't have backdoors it's unfeasible to access any data with current technology. I guess you are right if you take into account Intel management engine and similar, but since I use libreboot bios that does not apply to my computer (only place that I treat as secure).
If you use Apple, Microsoft, google, etc devices, those are 100% vulnerable even if you use idk rsa 2048 (xd). The problem is who you are trusting.
That's a good point. But, yeah again I don't fall in those categories. I try to ensure that my security is only based and covered behind cryptography theory and nothing else.
The point is that if someone really wants to get into your device, they will. It doesn't matter if youre using open source firmware, in a custom implementation of linux, on a MIPS CPU, and you personally build every package from source and complete a compliance code review before installing it, etc.etc.etc. If government agency x is targeting you specifically, your best line of security is to lock your device in a safe, take a boat into the middle of the ocean, and then dump it at an unrecorded location and never retrieve it.
A device is only secure as long as you are not using it, and it is not accessible physically, or by network.
You do you dude, I'm just saying your advice is awful for the average user.
Yeah, you are right. Anyways this always applies to anyone seeking security.
Isn't your computer a single point of failure? A keylogger will get your password database or you manually entered passwords all the same.
Who says I have the same password for my root, my user account, and my LUKS encrypted hard drive? Losing one doesn't mean losing everything like in a Password manager.
Not that, I meant a keyloggers could get the password to your password database in the same way it could get any accounts you log into by typing your password into a browser.
That is definitely an autofilled one-off password from a password manager.
You can see the keypassxc plugin button right there. What is the thread op on about lol.
How about just using a password manager and create a unique strong password for every website? That way you don't have to store so much in your brain and you get better security on any website. You also don't have to worry about more than one website being breached from reused passwords.
BitWarden is pretty great and is open source and free to use.
You can also self-host it if you don't trust them storing your hashed passwords.
I really don't believe twitch is blocking Firefox. Check your add-ons, clear cookies, etc.
You're right. I only get this when Twitch can see I'm using a VPN.
This might be understandable if they have various sets of blocked/disallowed content depending on local laws, but OTOH I wish they'd more clearly communicate why you're being blocked then.
I've also had trouble logging into Twitch a few times over the last year on Firefox, but the same is true for Paypal. Both of them don't work in a private window without any addons either, and at least for Paypal changing the user agent didn't help. Twitch works fine If I'm already logged into Twitch, same with Paypal. Just the login fails for some reason.
There's other payment options, and I seldomly watch streams anyway.
Firefox is actually one of the recommended browsers, if you were to click on that link. Twitch just has some issues sometimes
Yup, I use Twitch all the time on Firefox (including yesterday), and with an ad-blocker as well.
I just logged in, no issues, probably check your extensions. Mine are minimal, includes uBlock, regular Firefox updated to latest.
Same, just logged in fine. Firefox on Linux from Arch repos.
Differing experiences might mean that Twitch is performing A/B testing on blocking Firefox.
Usually it means that OP either uses a "hardened" fork, or did some messing around with
about:configlikeresistFingerprinting, without understanding the ramnifications of such hardening on various web technologies that aren't primarily related to tracking/tracing.Seems to be working OK for me on FF with Ublock and Privacy Badger running.
Same here
I had this come up when I was using a locked down version of FF.
Basically what happened was the security settings were not allowing Twitch the access it required.
Once I went through and allowed access it worked fine.
Change user agent. Log in, opting to stay logged in for 30 days. Change user agent back.
That's my routine with LibreWolf.
I also believe they don't like a particular security setting present on FF based browsers, though I don't recall off the top of my head which one.
Aite maybe this is a dumb question, but what is “changing the user agent”?
When your browser connects to a website, it will tell the webserver what type of browser you are using in the HTTP headers. This can be used for serving a special web page for browsers with quirks, or it can be used to block certain browsers.
It may look something like this:
But you can use an extension like this one to spoof your user agent and send out one that corresponds to a chromium browser.
Grazie for the link
Something you shouldn’t have to do in order to use the internet.
There are browser plugins that let you change your user-agent request header to masquerade as another browser (e.g., Chrome).
Thanks!
User-Agent is a string of information that browsers use to identify to a site what browser, version, build, etc you are using.
You can download FF extensions that allow you to spoof a different user-agent, making the site think you're instead using Chrome, as an example.
Thanks!
Looks like it's tracking of course
Anecdotally, it's still working for me. Using uBlock Origin, logged in with a Twitch account.
What does the "recommend browser" link point to? Is it this page, which lists Firefox as a supported browser? https://help.twitch.tv/s/article/supported-browsers?language=en_US
You need to disable resist fingerprinting. It's annoying, but you can reenable it after you've logged in
That's the solution if you immediately tried to login and it didn't work.
Twitch login has in general very misleading error messages. The exact same message with unsupported browser also appears if you take too long to login
No, you need to email twitch that they have a bug.
And boycott them if they're intentionally trying to harm marginalized folks.
I'm all for FOSS browsers, but how are Firefox users marginalized folks?
The issue isn't Firefox. The issue is users who have privacy protections enabled. Marginalized folks need such protections to stay safe
Stop using recommended when you mean required FFS.
This is a cookies/tracking issue, not a Firefox issue.
If you set it to allow tracking, it will let you login, and you can disable tracking again after and it will remember you.
Now that is a long password lol
Idk someone could probably brute force it in only a few trillion years, I'd make it longer if you plan to be using Twitch long-term.
You assume the person would never change the password. Someone with that long password is probably security concerned and is likely to change it after some time, even if its once in a year.
Yeah but you'd have to write it across like, 10 post-it notes along the top of your monitor. That'd get expensive!
Or just use a password manager. Then you only need to store one password across 15 post-it notes.
NIST does not recommend changing passwords. Its usually a bad practice
Why is changing passwords bad practice? What is the reasoning behind this? Changing passwords is highly recommended. There are many reasons why one should do this. Found this article: https://www.linkedin.com/pulse/why-passwords-must-periodically-changed-roger-grimes and don't agree. The argumentation seems like if you have to remember all passwords, but totally ignores password managers.
NIST used to tell orgs to require password rotation. Some years ago they changed their recommendation with an explanation that it adds not security benefits while it encourages users to write down or use shittier passwords.
Yes, as I said, that is with the assumption if people do not use password manager and get lazy. Then I can see this argument being true. But with such long and complicated random passwords on many different services (like I do), it's expected to use password managers and only remember a single password. Therefore this is the preferred method over bad passwords, which are not changed frequently, as the NIST recommends. I do not agree with that.
Password managers.
Yup, most of my passwords are like 30 characters, and I don't remember any of them except the one to unlock my password manager (and a couple other important ones).
If your password don't overflow the input field, its not long enough
It was doing this to me a while back. Are you using a VPN or using an ad-blocker specifically for Twitch's embedded stream ads? (e.g. TTV-LOL-Pro) The latter work by using proxies and so I think trigger the same sort of effects. Disabled it and it worked fine. It also happened on a Chromium-based browser when I tested it out.
Everyone boo this service! BOOOOOOOOOOO!
When I got that message I just refreshed the page and tried logging in again and it worked.
As if I needed more reason to not go to Twitch. 😂
But it actually works fine for me. Firefox beta 122.0, uBlock Origin and Consent-O-Matic installed.
Does it still let you sign in? I am currently signed in and it works
No, I tried to log in so i can change my password
I had to disable an extension to log in last time I got this message. Alternatively, force refresh the page.
Are there many open source frontends for Twitch? I Xtra on Android
worked for me but I do have 2-factor
The same thing happens with webkit.
Please don't post pictures of text without transcribing the words
the title describes the screenshot entirely
Fuck blind people who need to google error messages, right?
/s
Upper screen: [Twitch Logo] Login to Twitch
Box with error notice: Your browser is currently not supported. Please use a recommended browser or learn more here.
Then there is just a standard login form
@TonyTonyChopper @library_napper It does not.
Sorry I'm blind, and I cannot see the image. Would you mind telling me what you posted?
A gif
Sorry I'm a fucking monkey, can you translate your comment to monkey noises?
Just a comment: IMO it's not worth using strong passwords on which you depend on privative/unknown security platforms. Who knows how many times they get hacked or have backdoors? Unless they specify they only store the hash I refuse to sacrifice one of my strong passwords.
Edit: To all talking about password managers. I don't believe in single point of failure as a way to go. The fact that i've to explain that xd...
You should use randomly generated passwords from a password manager, there is no short supply of strong random passwords.
Waste one of my 2272657884496751345355241563627544170162852933518655225856 possible 32 character passwords on Twitch! Outrageous! What if I run out?
Bro over here still using one of his "strong passwords" trying to give other people security advice 😅
Sacrifice? Tf you on about?
Genuinely terrible advice. Every popularly available password manager service hashes all your passwords, if they have a data breach they have extremely strict reporting compliance and the majority of services will re-hash all your passwords. If youre so extremely concerned about that, host your own.
But what concerns me the most is
... What to you mean sacrifice?
Keeping all on one password (password manager) is a single point of failure, which i don't like. I mean sacrifice because my brain can only remeber a few 512bytes long passwords (again i don't use password managers because of single point of failure).
Does your threat model involve The Mossad? There's no way on earth that you are genuinely remembering multiple 512 byte random passwords, let alone actually taking the time to type them in.
Having a password manager, with MFA, a strong master password, and rule based device verification is ultimately more secure as you can have every password be randomized.
Best practices are best practices for a reason. I recommend you follow them.
Mossad or other agencies arent God. If my device is cryptographically secure and doesn't have backdoors it's unfeasible to access any data with current technology. I guess you are right if you take into account Intel management engine and similar, but since I use libreboot bios that does not apply to my computer (only place that I treat as secure).
If you use Apple, Microsoft, google, etc devices, those are 100% vulnerable even if you use idk rsa 2048 (xd). The problem is who you are trusting.
That's a good point. But, yeah again I don't fall in those categories. I try to ensure that my security is only based and covered behind cryptography theory and nothing else.
The point is that if someone really wants to get into your device, they will. It doesn't matter if youre using open source firmware, in a custom implementation of linux, on a MIPS CPU, and you personally build every package from source and complete a compliance code review before installing it, etc.etc.etc. If government agency x is targeting you specifically, your best line of security is to lock your device in a safe, take a boat into the middle of the ocean, and then dump it at an unrecorded location and never retrieve it.
A device is only secure as long as you are not using it, and it is not accessible physically, or by network.
You do you dude, I'm just saying your advice is awful for the average user.
Yeah, you are right. Anyways this always applies to anyone seeking security.
Isn't your computer a single point of failure? A keylogger will get your password database or you manually entered passwords all the same.
Who says I have the same password for my root, my user account, and my LUKS encrypted hard drive? Losing one doesn't mean losing everything like in a Password manager.
Not that, I meant a keyloggers could get the password to your password database in the same way it could get any accounts you log into by typing your password into a browser.
That is definitely an autofilled one-off password from a password manager.
You can see the keypassxc plugin button right there. What is the thread op on about lol.
How about just using a password manager and create a unique strong password for every website? That way you don't have to store so much in your brain and you get better security on any website. You also don't have to worry about more than one website being breached from reused passwords.
BitWarden is pretty great and is open source and free to use.
You can also self-host it if you don't trust them storing your hashed passwords.