←back to thread

I was banned from the hCaptcha accessibility account for not being blind (2023)

(michaels.world)
405 points blindgeek | 7 comments | 18 Nov 24 10:13 UTC | HN request time: 0.422s | source | bottom
Show context
lupusreal ◴[18 Nov 24 14:33 UTC] No.42172579[source]
I hope AI stuff makes captchas completely obsolete soon. I am sick of them. The cure is worse than the disease.
replies(5): >>42172634 #>>42172698 #>>42172704 #>>42172762 #>>42173240 #
1. xdennis ◴[18 Nov 24 14:49 UTC] No.42172762[source]
But surely, it's only going to get worse: it will force the de-anonymization of the internet. You already have to provide a phone number for many services.

If websites can't trust that their users are authentic they will probably institute even more intrusive checks.

I haven't been optimistic about the future of technology for a while now. :'(

replies(1): >>42172888 #
2. rvnx ◴[18 Nov 24 15:00 UTC] No.42172888[source]
In the future I think we will again go to "notarization"/"attestation" of the operating system / hardware.

Essentially, the manufacturer of the device + operating system will generate a unique signature per each device, and web browsers will be able to access it.

https://en.wikipedia.org/wiki/Web_Environment_Integrity

replies(2): >>42173093 #>>42173214 #
3. slooonz ◴[18 Nov 24 15:17 UTC] No.42173093[source]
How does that works for, say, Chromium or Firefox on Linux ?
replies(1): >>42173498 #
4. spacebanana7 ◴[18 Nov 24 15:26 UTC] No.42173214[source]
I'm very grateful the WEI proposals were put down. It'd have an enormous privacy impact on normal users, and not give that much protection against bad actors using device farms & similar tools.
replies(2): >>42173646 #>>42175087 #
5. rvnx ◴[18 Nov 24 15:48 UTC] No.42173498{3}[source]
I believe the plan was to ask the TPM of the computer.

From what I understood, each TPM has a unique private/public key pair (Endorsement Key (EK)), and then this key is certified by the manufacturer of the TPM.

From there, you can generate a Attestation Keys, and these keys are signed by the EK.

https://security.stackexchange.com/questions/235148/whats-th...

So essentially, at the end of the day, Chromium would ask the TPM for attestation, and it would act as a unique Device ID.

Then they can allow only a selected list of TPM manufacturers certificates, to prevent emulators for example.

TL;DR: Chromium on Linux would ask the TPM chip for a signature, and each TPM chip has a different signature from the moment it is out of the factory.

6. blindgeek ◴[18 Nov 24 16:01 UTC] No.42173646{3}[source]
But the WEI proposals were never about protecting from bad actors with device farms. They were always about guaranteeing that a certain ad company who also makes browsers can always push ads to users, thus maximizing value for shareholders. Protecting from device farms was just the bait.
7. marcosdumay ◴[18 Nov 24 18:07 UTC] No.42175087{3}[source]
Oh, the really bad part of WEI is not the privacy impact.

The real thing is the gating of every kind of information exchange and treatment in the hands of a few entities, that get the power to say who will participate on those activities and doing exactly what.

That is, the complete elimination of the freedom of association and initiative from our society. At least around any one of those that involve computers.

The lost of privacy is a rounding error.