Most active commenters

    ←back to thread

    408 points blindgeek | 12 comments | | HN request time: 2.259s | source | bottom
    1. lupusreal ◴[] No.42172579[source]
    I hope AI stuff makes captchas completely obsolete soon. I am sick of them. The cure is worse than the disease.
    replies(5): >>42172634 #>>42172698 #>>42172704 #>>42172762 #>>42173240 #
    2. edm0nd ◴[] No.42172634[source]
    Captchas have been obsolete for the past decade plus.

    With solving services like DeathByCaptcha and AntiCaptcha, it takes seconds to solve them. It costs something like $1.90 per 1,000 successfully solved captchas using human typers and OCR. It can easily be rolled into your code with a few lines.

    3. jeroenhd ◴[] No.42172698[source]
    AI stuff is why CAPTCHAs exist. It's also why they've gotten so much worse the last few years.

    CAPTCHAs are going to get much worse before they're replaced by account paywalls or remote hardware attestation.

    4. exe34 ◴[] No.42172704[source]
    AI are already much better at them than I am.
    5. xdennis ◴[] No.42172762[source]
    But surely, it's only going to get worse: it will force the de-anonymization of the internet. You already have to provide a phone number for many services.

    If websites can't trust that their users are authentic they will probably institute even more intrusive checks.

    I haven't been optimistic about the future of technology for a while now. :'(

    replies(1): >>42172888 #
    6. rvnx ◴[] No.42172888[source]
    In the future I think we will again go to "notarization"/"attestation" of the operating system / hardware.

    Essentially, the manufacturer of the device + operating system will generate a unique signature per each device, and web browsers will be able to access it.

    https://en.wikipedia.org/wiki/Web_Environment_Integrity

    replies(2): >>42173093 #>>42173214 #
    7. slooonz ◴[] No.42173093{3}[source]
    How does that works for, say, Chromium or Firefox on Linux ?
    replies(1): >>42173498 #
    8. spacebanana7 ◴[] No.42173214{3}[source]
    I'm very grateful the WEI proposals were put down. It'd have an enormous privacy impact on normal users, and not give that much protection against bad actors using device farms & similar tools.
    replies(2): >>42173646 #>>42175087 #
    9. remram ◴[] No.42173240[source]
    CAPTCHAs already don't work. If they are not annoying enough to turn your customers away, they are very easy for an attacker to pay people to solve.
    10. rvnx ◴[] No.42173498{4}[source]
    I believe the plan was to ask the TPM of the computer.

    From what I understood, each TPM has a unique private/public key pair (Endorsement Key (EK)), and then this key is certified by the manufacturer of the TPM.

    From there, you can generate a Attestation Keys, and these keys are signed by the EK.

    https://security.stackexchange.com/questions/235148/whats-th...

    So essentially, at the end of the day, Chromium would ask the TPM for attestation, and it would act as a unique Device ID.

    Then they can allow only a selected list of TPM manufacturers certificates, to prevent emulators for example.

    TL;DR: Chromium on Linux would ask the TPM chip for a signature, and each TPM chip has a different signature from the moment it is out of the factory.

    11. blindgeek ◴[] No.42173646{4}[source]
    But the WEI proposals were never about protecting from bad actors with device farms. They were always about guaranteeing that a certain ad company who also makes browsers can always push ads to users, thus maximizing value for shareholders. Protecting from device farms was just the bait.
    12. marcosdumay ◴[] No.42175087{4}[source]
    Oh, the really bad part of WEI is not the privacy impact.

    The real thing is the gating of every kind of information exchange and treatment in the hands of a few entities, that get the power to say who will participate on those activities and doing exactly what.

    That is, the complete elimination of the freedom of association and initiative from our society. At least around any one of those that involve computers.

    The lost of privacy is a rounding error.