Most active commenters

    ←back to thread

    I was banned from the hCaptcha accessibility account for not being blind (2023)

    (michaels.world)
    405 points blindgeek | 27 comments | 18 Nov 24 10:13 UTC | HN request time: 1.419s | source | bottom
    1. soraminazuki ◴[18 Nov 24 13:01 UTC] No.42171953[source]
    The title kind of makes it appear far less of a problem than it actually is, because according to the article, hCaptcha made multiple rude and evidence-free accusations of lying despite the author actually being blind.
    replies(1): >>42172658 #
    2. jerf ◴[18 Nov 24 14:41 UTC] No.42172658[source]
    Remember that from hCaptcha's point of view, by this point they've probably dealt with hundreds of other people claiming that they are blind when they really aren't, so their bots will work.

    This isn't a defense, just an explanation... but it is also an explanation of why the entire idea of "we'll not give blind people a way past the CAPTCHA but just give a pass to 'real' blind people so we can pass ADA", which is that it should have been transparently obvious that this approach is completely infeasible and unscalable. As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

    This shouldn't have gotten deployed and then become a problem; it should have been a 5 minute diversion in the meeting where it was proposed to analyze it's completely infeasible and never made it to so much as the design phase, let alone the deployment phase.

    If you had a system for completely accurately identifying characteristics like "who is blind" in the presence of extremely hostile attacks on the system, you'd have something far more valuable than the CAPTCHA system itself! The whole idea intrinsically depends on having a stronger solution to the problems CAPTCHAs are meant to solve than the CAPTCHA system itself provides... it's fundamentally a logically unsound idea.

    replies(6): >>42172809 #>>42172827 #>>42172892 #>>42172894 #>>42173711 #>>42175433 #
    3. anotherhue ◴[18 Nov 24 14:53 UTC] No.42172809[source]
    > If you had a system for completely accurately identifying characteristics like "who is blind" in the presence of extremely hostile attacks on the system, you'd have something far more valuable than the CAPTCHA system itself!

    You are unfortunately describing worldcoin.

    replies(1): >>42174689 #
    4. Swizec ◴[18 Nov 24 14:54 UTC] No.42172827[source]
    > something far more valuable than the CAPTCHA system itsel

    In terms of CAPTCHAs being valuable – the other day I couldn’t for the life of me solve a captcha. It was one of those “Solve the implicit question in the picture” kind where it can be hard to tell what it’s even asking you to do.

    So I took a screenshot and put it in chatgpt. Got it right immediately.

    The real detection mechanism is that you’re moving your mouse, thinking, and generally being slower than a bot anyway. The captcha itself is just a pointless annoyance.

    5. Workaccount2 ◴[18 Nov 24 15:00 UTC] No.42172892[source]
    This is a problem so chronic across so many fields that I wish there was single term to describe it.

    User POV :"Wow, provider is a really shitty entity and had no respect for my legitimate problem."

    Provider POV: "We get a huge number of illegitimate claims identical to legitimate ones regularly, the system would collapse if we didn't do heavy triage, the problem is the level of abuse, not a moral bankruptcy on our part."

    I suppose "this is why we can't have nice things" captures some of it.

    replies(6): >>42172981 #>>42173537 #>>42173719 #>>42173784 #>>42173803 #>>42175494 #
    6. michaelt ◴[18 Nov 24 15:00 UTC] No.42172894[source]
    > As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

    In several countries, the government issues certificates of blindness [1] which grant access to certain extra types of support. We don't want severely vision-impaired people being forced to drive, after all!

    So there are legal standards for what exactly blind is, and certificates.

    The question is whether tech companies are inclined to hire enough people to wrangle the paperwork involved in checking such certificates, worldwide.

    [1] https://www.mass.gov/info-details/benefits-for-people-who-ar...

    replies(3): >>42172973 #>>42172985 #>>42173608 #
    7. inetknght ◴[18 Nov 24 15:07 UTC] No.42172973{3}[source]
    > So there are legal standards for what exactly blind is, and certificates.

    In the USA, people are not yet required to provide identification when signing up for "free" services. There are real concerns around privacy.

    A certification of blindness is exactly one of those privacy concerns, being a medical issue. You think it would be a good idea to give that private information to the criminal organizations of big tech?

    replies(2): >>42173706 #>>42179422 #
    8. RandomThoughts3 ◴[18 Nov 24 15:08 UTC] No.42172981{3}[source]
    The actual problem is that Provider real POV is actually: "We already do the bare minimum required by the law and you are too insignificant to damage our reputation. It would actually cost our shareholders money to do more so please go die in silence somewhere else and stop bothering us. Replying to you costs us money too."

    This kind of article is actually useful because it raises the risk of actual reputational damage thus encouraging companies to do more.

    9. jerf ◴[18 Nov 24 15:09 UTC] No.42172985{3}[source]
    If "having a government identity" was a solution to the identity problem, it would be solved.

    It is not solved.

    That is at most the beginning of a solution to the problem.

    And in practice, it is little more than the beginning of the problem, as the government's definition of blindness is very unlikely to be a precise match to "has problems completing our visual CAPTCHA", and if multiple governments have standards there is no chance they will match.

    Do not underestimate the resilience and resourcefulness of scammers. They aren't just some individuals here and there who decide one day that they could make a couple extra bucks spamming people, and just sort of start sending out whatever scam strikes their fancy. They're international businesses with engineering teams, and a constant feed of low-level operatives who can scam governments about how blind they are if the governments leave any hole in their system. They're thousands of people dedicating their full human-level intelligence to the task of defeating your system and extracting the value from it. They are not as easy to defeat as "let's just put the obvious certification in place", for the same reason that the CAPTCHA problem isn't solved with "Let's just issue everyone official identities".

    replies(1): >>42173369 #
    10. michaelt ◴[18 Nov 24 15:38 UTC] No.42173369{4}[source]
    > They're international businesses with engineering teams, and a constant feed of low-level operatives who can scam governments about how blind they are if the governments leave any hole in their system.

    I don't know about your country, but in my country the government is pretty keen on avoiding abuses of the benefits system. After all, a blind person gets tax breaks and cash benefits totalling about $5000/year.

    So the existing system is used to dealing with financially motivated adversaries. I doubt the additional financial motivation of being able to bypass hCaptcha would mean much, in comparison.

    replies(1): >>42178844 #
    11. rwmj ◴[18 Nov 24 15:52 UTC] No.42173537{3}[source]
    This is just an indication that their process is wrong. (Or in this case, their entire reason to exist is wrong.)
    12. gruez ◴[18 Nov 24 15:58 UTC] No.42173608{3}[source]
    This is a moot point anyways because the Americans with Disabilities act bans businesses from asking people about their specific disabilities. Asking for proof of blindness will almost certainly be in contravention of that.
    13. Scarblac ◴[18 Nov 24 16:06 UTC] No.42173706{4}[source]
    These are already users that want to let the company know that they are blind in order to qualify for special treatment. In that case showing the certificate doesn't seem to be much of an extra privacy issue to me.
    replies(2): >>42173769 #>>42174456 #
    14. RobMurray ◴[18 Nov 24 16:06 UTC] No.42173711[source]
    I am perfectly happy with having to prove that I am blind to get my bus pass, but if It was necessary to access a website I would just not use that site. Lets hope it never gets that bad. There's always Anticaptcha to fall back on, but I hate their business model.
    15. cwillu ◴[18 Nov 24 16:07 UTC] No.42173719{3}[source]
    “Moral bankruptcy” seems like a quite apt description of the state of affairs of being unable to afford to operate morally at a given level of scale.

    Scaling is not a right.

    replies(1): >>42174145 #
    16. RobMurray ◴[18 Nov 24 16:12 UTC] No.42173769{5}[source]
    Accessibility isn't special treatment! As I said before I would never provide proof of identity to simply access a website.
    replies(1): >>42175891 #
    17. account42 ◴[18 Nov 24 16:13 UTC] No.42173784{3}[source]
    In cases like this the provider is someone I don't want to have any business with in the first place. I don't care how hard reliable CAPTCHAs are to implement and as a user I shouldn't have to.
    18. dataflow ◴[18 Nov 24 16:14 UTC] No.42173803{3}[source]
    The problem is that this very problem also happens simultaneously in the reverse direction. i.e. people have to deal with so many awful entities screwing them over due to sheer self-interest, negligence, or even malice, that they have a hard time knowing which ones legitimately are trying their best and genuinely don't have a better solution.

    That's what happens when trust erodes, and why we can't have nice things.

    If anyone should be be more understanding and absorb the costs to appease the other, it's probably the big corp, not the little guy.

    19. danaris ◴[18 Nov 24 16:44 UTC] No.42174145{4}[source]
    > Scaling is not a right.

    God I wish this could be plastered in letters 1000 feet high above Silicon Valley.

    20. soraminazuki ◴[18 Nov 24 17:10 UTC] No.42174456{5}[source]
    Nah, it's the companies that's demanding proof over what's basically sane treatment rather than users wanting to surrender their medical info.
    21. KETHERCORTEX ◴[18 Nov 24 17:30 UTC] No.42174689{3}[source]
    Worldcoin? Government issued auth service is a viable option too. Just get some flag like "isBlind" in it. Disabled status is granted by the government after all.
    22. miki123211 ◴[18 Nov 24 18:36 UTC] No.42175433[source]
    What is your suggested alternative?

    Audio captchas are inherently discriminatory to those with hearing issues or those that don't speak the 5 supported languages. They're also somewhat easy to solve with ASR models now. Text captchas are incredibly easy to solve with LLMs.

    The only other alternative I see is some incredible tracking / surveillance machine (think an actual non-browser app that you have to run on your computer), but is that really what we want?

    replies(1): >>42175599 #
    23. miki123211 ◴[18 Nov 24 18:42 UTC] No.42175494{3}[source]
    What users don't see is that a single good actor will make, at most, a dozen such claims in their life, while a malicious one might literally make hundreds of them a day. The scales are different, by orders of magnitude.

    It's not unimaginable that just 0.001% of your users (in terms of actual humans / entities physically using your service) are fraudsters, but 99% of your signup or login attempts / interactions with your service / "I'm not a fraudster, pinky swear" support claims are fraudulent.

    24. jabroni_salad ◴[18 Nov 24 18:51 UTC] No.42175599{3}[source]
    I'm actually pretty okay with the zero click cloudflare dealios and prosopo PoW captchas. You can make websites that simply do not have visual puzzles on them at all.

    Every now and then turnstile does get a little borked but I can honestly say that I would rather just do without whatever I was trying to do than click 7 motorcycles. Hcaptcha and recaptcha are becoming my personal brown M&M indicator for additional bad user experiences in a given web property.

    25. kelnos ◴[18 Nov 24 19:21 UTC] No.42175891{6}[source]
    > Accessibility isn't special treatment!

    Perhaps not in all cases, but it can be. This article is literally about special treatment for accessibility purposes.

    It's of course debatable if this is how things should be, but that's another discussion.

    26. jokethrowaway ◴[19 Nov 24 00:25 UTC] No.42178844{5}[source]
    I'm sure some rural country somewhere would start selling certificates en masse the moment this is implemented.
    27. webspinner ◴[19 Nov 24 02:00 UTC] No.42179422{4}[source]
    I would have a privacy concern with it, and then your going to force everyone to do verification. Age verification isn't even passed here in the US, although a lot of companies do it. They wanted to make it law over the last couple years.