Most active commenters

    ←back to thread

    I was banned from the hCaptcha accessibility account for not being blind (2023)

    (michaels.world)
    405 points blindgeek | 11 comments | 18 Nov 24 10:13 UTC | HN request time: 0.518s | source | bottom
    Show context
    soraminazuki ◴[18 Nov 24 13:01 UTC] No.42171953[source]
    The title kind of makes it appear far less of a problem than it actually is, because according to the article, hCaptcha made multiple rude and evidence-free accusations of lying despite the author actually being blind.
    replies(1): >>42172658 #
    jerf ◴[18 Nov 24 14:41 UTC] No.42172658[source]
    Remember that from hCaptcha's point of view, by this point they've probably dealt with hundreds of other people claiming that they are blind when they really aren't, so their bots will work.

    This isn't a defense, just an explanation... but it is also an explanation of why the entire idea of "we'll not give blind people a way past the CAPTCHA but just give a pass to 'real' blind people so we can pass ADA", which is that it should have been transparently obvious that this approach is completely infeasible and unscalable. As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

    This shouldn't have gotten deployed and then become a problem; it should have been a 5 minute diversion in the meeting where it was proposed to analyze it's completely infeasible and never made it to so much as the design phase, let alone the deployment phase.

    If you had a system for completely accurately identifying characteristics like "who is blind" in the presence of extremely hostile attacks on the system, you'd have something far more valuable than the CAPTCHA system itself! The whole idea intrinsically depends on having a stronger solution to the problems CAPTCHAs are meant to solve than the CAPTCHA system itself provides... it's fundamentally a logically unsound idea.

    replies(6): >>42172809 #>>42172827 #>>42172892 #>>42172894 #>>42173711 #>>42175433 #
    1. michaelt ◴[18 Nov 24 15:00 UTC] No.42172894[source]
    > As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

    In several countries, the government issues certificates of blindness [1] which grant access to certain extra types of support. We don't want severely vision-impaired people being forced to drive, after all!

    So there are legal standards for what exactly blind is, and certificates.

    The question is whether tech companies are inclined to hire enough people to wrangle the paperwork involved in checking such certificates, worldwide.

    [1] https://www.mass.gov/info-details/benefits-for-people-who-ar...

    replies(3): >>42172973 #>>42172985 #>>42173608 #
    2. inetknght ◴[18 Nov 24 15:07 UTC] No.42172973[source]
    > So there are legal standards for what exactly blind is, and certificates.

    In the USA, people are not yet required to provide identification when signing up for "free" services. There are real concerns around privacy.

    A certification of blindness is exactly one of those privacy concerns, being a medical issue. You think it would be a good idea to give that private information to the criminal organizations of big tech?

    replies(2): >>42173706 #>>42179422 #
    3. jerf ◴[18 Nov 24 15:09 UTC] No.42172985[source]
    If "having a government identity" was a solution to the identity problem, it would be solved.

    It is not solved.

    That is at most the beginning of a solution to the problem.

    And in practice, it is little more than the beginning of the problem, as the government's definition of blindness is very unlikely to be a precise match to "has problems completing our visual CAPTCHA", and if multiple governments have standards there is no chance they will match.

    Do not underestimate the resilience and resourcefulness of scammers. They aren't just some individuals here and there who decide one day that they could make a couple extra bucks spamming people, and just sort of start sending out whatever scam strikes their fancy. They're international businesses with engineering teams, and a constant feed of low-level operatives who can scam governments about how blind they are if the governments leave any hole in their system. They're thousands of people dedicating their full human-level intelligence to the task of defeating your system and extracting the value from it. They are not as easy to defeat as "let's just put the obvious certification in place", for the same reason that the CAPTCHA problem isn't solved with "Let's just issue everyone official identities".

    replies(1): >>42173369 #
    4. michaelt ◴[18 Nov 24 15:38 UTC] No.42173369[source]
    > They're international businesses with engineering teams, and a constant feed of low-level operatives who can scam governments about how blind they are if the governments leave any hole in their system.

    I don't know about your country, but in my country the government is pretty keen on avoiding abuses of the benefits system. After all, a blind person gets tax breaks and cash benefits totalling about $5000/year.

    So the existing system is used to dealing with financially motivated adversaries. I doubt the additional financial motivation of being able to bypass hCaptcha would mean much, in comparison.

    replies(1): >>42178844 #
    5. gruez ◴[18 Nov 24 15:58 UTC] No.42173608[source]
    This is a moot point anyways because the Americans with Disabilities act bans businesses from asking people about their specific disabilities. Asking for proof of blindness will almost certainly be in contravention of that.
    6. Scarblac ◴[18 Nov 24 16:06 UTC] No.42173706[source]
    These are already users that want to let the company know that they are blind in order to qualify for special treatment. In that case showing the certificate doesn't seem to be much of an extra privacy issue to me.
    replies(2): >>42173769 #>>42174456 #
    7. RobMurray ◴[18 Nov 24 16:12 UTC] No.42173769{3}[source]
    Accessibility isn't special treatment! As I said before I would never provide proof of identity to simply access a website.
    replies(1): >>42175891 #
    8. soraminazuki ◴[18 Nov 24 17:10 UTC] No.42174456{3}[source]
    Nah, it's the companies that's demanding proof over what's basically sane treatment rather than users wanting to surrender their medical info.
    9. kelnos ◴[18 Nov 24 19:21 UTC] No.42175891{4}[source]
    > Accessibility isn't special treatment!

    Perhaps not in all cases, but it can be. This article is literally about special treatment for accessibility purposes.

    It's of course debatable if this is how things should be, but that's another discussion.

    10. jokethrowaway ◴[19 Nov 24 00:25 UTC] No.42178844{3}[source]
    I'm sure some rural country somewhere would start selling certificates en masse the moment this is implemented.
    11. webspinner ◴[19 Nov 24 02:00 UTC] No.42179422[source]
    I would have a privacy concern with it, and then your going to force everyone to do verification. Age verification isn't even passed here in the US, although a lot of companies do it. They wanted to make it law over the last couple years.