←back to thread

I was banned from the hCaptcha accessibility account for not being blind (2023)

(michaels.world)
405 points blindgeek | 8 comments | 18 Nov 24 10:13 UTC | HN request time: 1.641s | source | bottom
Show context
soraminazuki ◴[18 Nov 24 13:01 UTC] No.42171953[source]
The title kind of makes it appear far less of a problem than it actually is, because according to the article, hCaptcha made multiple rude and evidence-free accusations of lying despite the author actually being blind.
replies(1): >>42172658 #
jerf ◴[18 Nov 24 14:41 UTC] No.42172658[source]
Remember that from hCaptcha's point of view, by this point they've probably dealt with hundreds of other people claiming that they are blind when they really aren't, so their bots will work.

This isn't a defense, just an explanation... but it is also an explanation of why the entire idea of "we'll not give blind people a way past the CAPTCHA but just give a pass to 'real' blind people so we can pass ADA", which is that it should have been transparently obvious that this approach is completely infeasible and unscalable. As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

This shouldn't have gotten deployed and then become a problem; it should have been a 5 minute diversion in the meeting where it was proposed to analyze it's completely infeasible and never made it to so much as the design phase, let alone the deployment phase.

If you had a system for completely accurately identifying characteristics like "who is blind" in the presence of extremely hostile attacks on the system, you'd have something far more valuable than the CAPTCHA system itself! The whole idea intrinsically depends on having a stronger solution to the problems CAPTCHAs are meant to solve than the CAPTCHA system itself provides... it's fundamentally a logically unsound idea.

replies(6): >>42172809 #>>42172827 #>>42172892 #>>42172894 #>>42173711 #>>42175433 #
1. Workaccount2 ◴[18 Nov 24 15:00 UTC] No.42172892[source]
This is a problem so chronic across so many fields that I wish there was single term to describe it.

User POV :"Wow, provider is a really shitty entity and had no respect for my legitimate problem."

Provider POV: "We get a huge number of illegitimate claims identical to legitimate ones regularly, the system would collapse if we didn't do heavy triage, the problem is the level of abuse, not a moral bankruptcy on our part."

I suppose "this is why we can't have nice things" captures some of it.

replies(6): >>42172981 #>>42173537 #>>42173719 #>>42173784 #>>42173803 #>>42175494 #
2. RandomThoughts3 ◴[18 Nov 24 15:08 UTC] No.42172981[source]
The actual problem is that Provider real POV is actually: "We already do the bare minimum required by the law and you are too insignificant to damage our reputation. It would actually cost our shareholders money to do more so please go die in silence somewhere else and stop bothering us. Replying to you costs us money too."

This kind of article is actually useful because it raises the risk of actual reputational damage thus encouraging companies to do more.

3. rwmj ◴[18 Nov 24 15:52 UTC] No.42173537[source]
This is just an indication that their process is wrong. (Or in this case, their entire reason to exist is wrong.)
4. cwillu ◴[18 Nov 24 16:07 UTC] No.42173719[source]
“Moral bankruptcy” seems like a quite apt description of the state of affairs of being unable to afford to operate morally at a given level of scale.

Scaling is not a right.

replies(1): >>42174145 #
5. account42 ◴[18 Nov 24 16:13 UTC] No.42173784[source]
In cases like this the provider is someone I don't want to have any business with in the first place. I don't care how hard reliable CAPTCHAs are to implement and as a user I shouldn't have to.
6. dataflow ◴[18 Nov 24 16:14 UTC] No.42173803[source]
The problem is that this very problem also happens simultaneously in the reverse direction. i.e. people have to deal with so many awful entities screwing them over due to sheer self-interest, negligence, or even malice, that they have a hard time knowing which ones legitimately are trying their best and genuinely don't have a better solution.

That's what happens when trust erodes, and why we can't have nice things.

If anyone should be be more understanding and absorb the costs to appease the other, it's probably the big corp, not the little guy.

7. danaris ◴[18 Nov 24 16:44 UTC] No.42174145[source]
> Scaling is not a right.

God I wish this could be plastered in letters 1000 feet high above Silicon Valley.

8. miki123211 ◴[18 Nov 24 18:42 UTC] No.42175494[source]
What users don't see is that a single good actor will make, at most, a dozen such claims in their life, while a malicious one might literally make hundreds of them a day. The scales are different, by orders of magnitude.

It's not unimaginable that just 0.001% of your users (in terms of actual humans / entities physically using your service) are fraudsters, but 99% of your signup or login attempts / interactions with your service / "I'm not a fraudster, pinky swear" support claims are fraudulent.