Comment by edarchis 3 days ago
Visa application is riddled with scams. From the simple website that charges you twice the price to websites that will tell you that you were rejected and then fake your documents to get in with your name. So they're probably trying to see that you're not one of those web servers, a proxy for them or detect some known C2 channels.
I had to deal with the DS-160 multiple times over the year. I don't think you give justice to how bad this website really is. I have started to notice that these "timeouts" are very random. At the worst times, the session "times out" immediately after login.
These random logouts happens more frequently during certain times of the day and seems to follow a semi-predictable pattern. It is almost certainly tied to system load in some way.
Also, the site's HTML and JavaScript are bloated beyond hope for what should be a fairly simple set of web forms. And itnhas been thisnway since at least 2018 with exactly zero improvements.
One thing a developer sat in DC or SV with a 5G iPhone 16 doesn't realize too, is that if you are visiting these web sites with a phone plan that has a tiny monthly data allowance then this bloat can blow out an entire month in one sitting.
I worked with people on parole that were given free phones to use for job applications, finding their way around etc, and they would only get 3GB data a month. Some of the sites they visited were dropping 250MB of payload on the home page. You'd get some plans that would drop down to 2G, but try using that for Google Maps when you're trying to find a bus to get you across the city.
> You'd get some plans that would drop down to 2G, but try using that for Google Maps when you're trying to find a bus to get you across the city.
Sure, I'll do my best to try it. I'll approximate the throttle by limiting chrome to 128kbps, 500ms delay, and 5% packet loss for fun.
With a fresh incognito session, google responds to "here to 4th street" in 10 seconds, and when I click to open maps it needs just under two minutes to load. Then I can click on the transit option and it needs another 10 seconds to update.
Not too bad for a cold cache. If I do it again with a hot cache it only takes 20 seconds to go through the whole process. And I expect the app to be similar to the hot cache situation. Even with 64kbps I'd expect reasonable results. Do any cell providers throttle worse than that?
I agree with your argument about bloat in general, but google in particular has a lot of good engineering resources and tries to work well on bad connections.
Also I would be in favor of some spectrum licensing rules that say you can't throttle below 1Mbps...
You might be making the assumption that the US wants to make the process easier.
Not to defend the US immigration system, but my experience is that this user-hostile behavior (modulo the port scanning lol) is endemic across US government websites - including those that nominally want to serve you, those that are at the state level instead of the federal level (such as the DMV sites), and those that are even internal for use by government employees only.
It's bad enough that in some cases I believe the designers should be threatened with legal penalties.
That e-filing web site for taxes has never worked for my son because he can’t complete the id.me process, it might be as simple as you are an unperson if you use an android phone or maybe because he’s just started in the workforce he does not have a long history of tax filing and credit history to match up with.
Two years in a row we’ve been able to fill out a 1040 and the NY state equivalent and make a paper submission in less time than it takes to reach an operator on hold.
These identity verification services look like a scam to me. LinkedIn incessantly hassles me to verify with CLEAR and it always fails without a clear error message, either “it just doesn’t work” or my hair has grown too much since I got my driver’s license or it is making me take my glasses off and comparing to a driver’s license photo where I am wearing glasses.
> user-hostile behavior (modulo the port scanning lol) is endemic across US government websites
I discovered this when it was late at night and I was procrastinating going to bed and I was curious what my estimated Social Security benefit would be at retirement so I tried to log into mySSA and it said the website is closed from like 11 PM to 5 AM or something like that.
I couldn't believe it. I could understand a weekly several-hour maintenance/batch processing window, but DAILY?
It starts to make a lot more sense when you realise there is a huge group in the US actively trying to make the government fail. It's pretty hard to make a good and user-friendly website when every few years some high-level people try to kneecap you.
These aren't unsolvable problems. The UK, for example, had invested a lot of time and effort into making their websites user-friendly. In most countries filing taxes online is something you can do during your lunch break - without paying the Turbotax maffia. Driver's license? You can order that online, and make an appointment for a 15-minute window to pick it up.
If interacting with the government is painful, it is almost always because someone benefits from it being painful.
Gaming of the procurement system. The websites are all written by big consulting outfits. Not to mention the disaster that is big corporate IT projects combined with government rules.
Obama had the Digital Service (that Trump shut down) which paid higher salaries. Those folks were sharp and everything they touched was actually decent.
As I noted this is not unique to government. Large corporate projects at the Fortune 500 are often the same sort of consultant-driven crap.
This. The website for buying treasury products is straight out of the year 2002. The login is so bad I would never consider buying them there - the service fee charged by brokerages is absolutely worth it in this case.
The web front ends are awful, but the back ends are even worse. The backlogs for some of these applications is insane. I was at a US embassy one time and got talking to a girl who had just had her application approved after an 18 year wait.
18 year wait for approval or 18 year wait for family sponsored immigrant visa? Because from some countries those do have 18 year backlogs.
I believe it was the latter, if memory serves correct.
You use the same system for Business visas. Hard to imagine US wouldn’t want those as easy as possible.
You don't have a good enough imagination for how stupid our current leadership really is.
The VISA appointment scheduling site rate limits to a ridiculous degree these days. As in refresh your page within 10seconds and get a 429 error.
That's probably because of the fact that the appointments are near impossible to get, they only allow booking a few months out and it's always completely booked. So everyone was refreshing (or if clever botting) to get an appointment slot.
Hey, this is actually something I have a keen interest in as I'm fighting my government (as an MP) to drop those scammers where possible. Do you have any media links to send me about them selling the "good hours" on the black market?
Even if the US has a horrible visa system – as I can attest, despite only having to do it every 5 years – the EU countries could benefit from attracting talent by being more welcoming. So that is part of my mission as an MP and tech-entrepreneur. Any help and pointers is welcome.
Hi, about the Schengen visa situation in Turkey you can find articles like these that describe how the appointments are on the black market(In Turkish but I'm sure AI will do good job translating):
https://www.bbc.com/turkce/articles/cz5r2l43kn2o
https://medyascope.tv/2024/01/22/vize-sorunu-kontrolden-cikt...
On the social media the anecdotes differ but some say they were able to get the visa appointments bots, others say it was agency personel selling it to them under the table. Maybe its really the agency personel, or maybe it's people running bots to snap appointments and sell those pretending to be from the agency - can't know for sure but there are multiple services where people purchase appointments unofficially.
In general the news situation in Turkey isn't very good as with the law enforcement but as you can see even BBC took notice.
Generally speaking, these visa agencies are very unfriendly and unreachable. They seem to just collect the money, provide no personalized help at all. My GF had some questions about her US visa application, we were not able to reach VFS Global. The phone numbers provided don't work, it's not even like taking long to speak with a human, the phone just gives you calling error.
She previously used the same company for her Schengen visa for a company event in Paris, of course unreachable again and no appointments available. Because she works at a French corporation, she was able to ask a high ranking French person in the company who has a contact with the French embassy and they arranged the appointment shortly.
I had this problem too last year. I found, at the time, it was the website was poorly managing the session in some browsers causing the timeout countdown to not be reset on activity. I had to find a windows computer and use microsoft edge I think (maybe it was chrome). But no browser on my mac would not have that issue.
> In the process she was also directed to a non-.gov website for something during the process, I thought she was getting scammed but no.
No clue if this specific instance if scam but such scams have indeed been done before
https://www.bbc.com/news/articles/cdr56vl410go
> According to Ablakwa, a locally recruited staff member and "collaborators" were allegedly involved in a "fraudulent" scheme whereby they extracted money from visa and passport applicants.
> It is alleged that the scheme consisted of creating an unauthorised link on the embassy's website to redirect visa and passport applicants to a private firm where they were "charged extra for multiple services" without the knowledge of the foreign ministry.
> Ablakwa added that the staff member "kept the entire proceeds" in their private account, and that the scheme had been going on for five years.
> Applicants seeking visas were charged unapproved fees ranging from almost $30 (£22) to $60 by the private firm.
The hard truth of it all is that both the US and (partially) the EU don’t want to make this easier because seeing as wanting “outside” people is now a political liability. You may want to adjust your expectations around that.
Turkish tourist are desired, Turks love spending money on restaurants and activities especially since the prices in Turkey have become more expensive than most of the EU. Greeks even introduced special non-Schengen on-arrival visa valid on the Greek islands especially for the Turks. Besides that, EU has "green passport" exception for the Turkish nationals, where they can travel visa-free on this kind of passport that is provided to individuals that meet certain criteria and millions of such passports were issued.
The rejection rates are also not bad and EU has a "return agreement" with Turkey, which is designed to keep the middle eastern refugees in Turkey(essentially, if you come from Turkey EU can send you back to Turkey right away ).
Crime rates for Turks show up among the lowest ones, unlike others from the region. So I don't think that EU is trying to reduce visas for Turks.
>> the system just kick her out
The "waterfall model" is a toxic way of thinking that pervades corporate management. Simplistic minds can't fathom any states other than "done" or "not done". Corporations are determined to crush the human soul. That is why it's not a progressive series of forms, saving your progress all along.
More-or-less agreed about the waterfall model, but you can't blame horrific US government website performance on "corporations" or "corporate management". This is precisely the sort of thing that would get you fired in any real-world corporation that wants to survive, and it's precisely the fact that you can't get fired by the federal government that allows this sort of thing to continue.
Another data point - 5he Indian visa system is similar. The official website ending in .gov.in, which is hard to find, offers a visa for $10 and minimal hassle. The scam websites, with better SEO sell the same shit for $80. They’re just proxying your application to the real website and pocketing the difference.
It would be good if the Indian government could block the scammers but I guess it’s a lower priority for the moment.
Not sure if this is the case for India, but I've experienced similar situations for other countries, but the 'scam websites' actually provided a real service - if you needed some ultra-urgent processing (like you only realized you needed a visa to this country before boarding a flight, once you were already at the airport check-in...) they were able to provide 30 minute approval, whereas the official site's accelerated processing was 24 hours.
So obviously the only way they could to this is with government contacts meaning the government themselves could already do it, but a lot of immigration stuff everywhere is full of people taking kickbacks.
No the scammers were slower than the official Indian website.
This was the case with Ghana. The Embassy in the US had an unofficial offical partnership with an expediter scam (charge more for faster shipping, looks very official). They fired the whole visa staff when it finally came to light. Probably because someone forgot to let their manager's manager in on the scam.
My understanding is that India visa processing improved quite a bit. Back when I was speaking internationally quite a bit, I actually had to cancel trips to India on two separate occasions because of delays in getting visas. (Once was under the old visa system and the other was because of delays in switching to a new system. Both times were through a visa expediting service.)
Or a browser automation server (Marionette/CDP). I seem to remember watching a presentation where it was mentioned you could detect them this way, <s>but I don't remember where or what it was called.</s> this one: https://www.youtube.com/watch?v=4nZD6ee2Xo8 (WHY2025: Stealth Web Scraping Techniques for OSINT)
I imagine it may not be a proxy in the true sense, but a headless browser that's "proxying" the application process rather than the network traffic itself.
Proxy is being used in the traditional sense here. It’s common for a business (scam or legit) to handle visa applications on behalf of customers.
If the proxy scams are just a little clever, they'll run the proxy on an another IP.
it's riddled with scams, and thinking any of this will detect any of the things you mention is very foolish, native and show a total lack of understanding of the scams. of you think using a proxy is essential for visa scam, i would even know where to begin to correct you.
it's one hundred per cent clueless privacy invasion. they are probably also opening ports via other means and using that for side channel ID like Facebook does.
just like any other documentation scam, the only weak point is on the "last mile" that's why you will always have a human interviewer.
the visa process is abusive and unpractical because people will work around any hurdle and their kpi will never be affected no matter how crappy they manage to make to whole process. or how many doge kids implement useless privacy invasion tech just because.
That would be quite clever for an incredibly horrible website. The other day my SO, who is a Turkish citizen, was filling up her visa application and after half an hour of meticulous form filling the system just kick her out. I think the session times out or something. If you haven't created an account or you haven't write down the current application ID everything is lost. In the process she was also directed to a non-.gov website for something during the process, I thought she was getting scammed but no.
It actually makes sense to have a paid service that makes this abomination less painful. Though they work with VFS Global for collecting the applications and relevant documents, the VFS Global itself is an abomination and doesn't help with the handling of the form filling anyway.
Recently EU streamlined the Schengen visa application process for Turkish citizens as those "visa agencies" that are the official agencies and the only way to apply for a visa for many countries don't actually help with anything and are scamming people by selling the "good hours" for the visa appointment on the black market. An agency was dropped for this and the scams by agencies were listed among the reasons to streamline the application process.
Both with US and EU people are losing scholarships etc. due to outrageous wait times that are sometimes are years ahead or there's an issue with the systems handling the applications.
I guess there must be an opportunity there to fix all this together with smaller stuff like handling transliteration and character encodings, I wonder if some of those scam site are not scams and actually help with it. An AI agent can be useful here.