←back to thread

408 points blindgeek | 2 comments | | HN request time: 1.085s | source
Show context
isodev ◴[] No.42172859[source]
Why are captchas even a thing still? If folks want to scrape something or build an automation around something, then why not let them do it? They still have to respect the system they're logging in. Not to mention the privacy perk of not exposing your visitors to some captcha service with a dozen or more data subprocessors.
replies(7): >>42172909 #>>42172918 #>>42172983 #>>42173046 #>>42173133 #>>42173317 #>>42173643 #
stanmancan ◴[] No.42172918[source]
I had to add a captcha to a registration page a couple years ago. Bots were signing up for thousands of fake accounts with other people’s email addresses. The email confirmation we sent would then get reported as spam since the recipient didn’t sign up for our service. Our email provider suspended our account for high spam reports.
replies(2): >>42173176 #>>42174348 #
Spivak ◴[] No.42173176[source]
I hope the other lesson was the good email verification hygiene of making the user take an affirmative action and click a "verify email" button rather then send it unsolicited.

You essentially had an open public unauthed form that would send an email to any address you typed in it. Surely that alone raises some eyebrows.

replies(3): >>42173445 #>>42173597 #>>42175621 #
1. toast0 ◴[] No.42173445[source]
How do you authenticate a verify email button?
replies(1): >>42173553 #
2. klez ◴[] No.42173553[source]
It took me a while to understand what GP was trying to say, but I suppose they're thinking of one of those sites where they let you create an account, will let you in and then nag you for a while about "verifying your email address" by clicking a link that will actually send you an email. An unsophisticated spambot won't probably care enough to click through that.