←back to thread

I was banned from the hCaptcha accessibility account for not being blind (2023)

(michaels.world)
405 points blindgeek | 7 comments | 18 Nov 24 10:13 UTC | HN request time: 0.876s | source | bottom
Show context
jchw ◴[18 Nov 24 15:17 UTC] No.42173090[source]
I hope we can end the CAPTCHA experiment soon. It didn't work.

Phone verification isn't good either, but for as much as I hate phone verification at least it actually raises the cost of spamming somewhat. CAPTCHA does not. Almost all turnkey CAPTCHA services can be solved for pennies.

Solving the problems of SPAM and malicious traffic will be challenging... I am worried it will come down to three possible things:

- Anonymity of users: validating someone's real-life identity sufficiently would make it possible to permanently ban malicious individuals and filter out bots with good effectiveness, but it will destroy anonymity online. In my opinion, literally untenable.

- Closing the platform: approaches like Web Environment Integrity and Private Access Tokens pave the way for how the web platform could be closed down. The vast majority of web users use Google Chrome or Safari on a device with Secure Boot, so the entire boot chain can be attested. The number of users that can viably do this will only increase over time. In this future, the web ceases to meaningfully be open: alternatives to this approach will continue to become less and less useful (e.g. machine learning may not achieve AGI but it's going to kick the ass of every CAPTCHA in sight) so it will become increasingly unlikely you'll be able to get into websites without it.

- Accountability of network operators: Love it or hate it, the Internet benefits a lot from gray-area operators that operate with little oversight or transparency. However, another approach to getting rid of malicious traffic is to push more accountability to network operators, severing non-compliant providers off of the Internet. This would probably also suck, and would incentivize abusing this power.

It's tricky, though. What else can you do? You can try to reduce the incentives to have malicious traffic, but it's hard to do this without decreasing the value that things offer. You can make malicious traffic harder by obfuscation, but it's hard to stop motivated parties.

Either way, it feels like the era of the open web is basically over. The open web may continue to exist, but it will probably be overshadowed by a new and much more closed off web.

replies(15): >>42173427 #>>42173571 #>>42173573 #>>42173636 #>>42173652 #>>42173854 #>>42174051 #>>42174079 #>>42174452 #>>42174502 #>>42174730 #>>42174882 #>>42175601 #>>42175632 #>>42175764 #
mapt ◴[18 Nov 24 16:02 UTC] No.42173652[source]
There is another option.

CAPTCHA is useful only when it is costly to solve. It is a costly signal that this is a real person, or at least is more than 1/10^9th of a real person (you're not running a fully automated spam system).

The postal service also has costs - everybody that wants to move something through the postal service needs to buy a stamp. Transport fees are a 'natural' way to moderate traffic and deter spam.

Various combinations of network architecture and cryptocoinage permit you to invoke transport fees per attempted transmission/login. Sensible ones, if every spam email or login guess costs even 1 penny it becomes prohibitive for most fully automated spam applications. The cryptocoin aspect is specifically about preserving anonymity of private wallet access while permitting the cash-like transactions that stamps enable.

replies(6): >>42173730 #>>42173910 #>>42173934 #>>42174028 #>>42174563 #>>42188474 #
1. throwaway2037 ◴[18 Nov 24 16:09 UTC] No.42173730[source]
This sounds like the same argument that was made for about 10 years (2000 to 2010) that micropayments would save traditional (print) media in a digital world. It didn't work due to market fragmentation and friction to make a payment.

And, the reality of your fancy idea is that normie users would turn away if they made a mistake on the CAPTCHA and were suddenly presented with a screen "charging" them one pence.

replies(3): >>42173756 #>>42174020 #>>42174518 #
2. mapt ◴[18 Nov 24 16:11 UTC] No.42173756[source]
This isn't about "making a mistake on the captcha", this is about charging them one pence for every attempt and just not having a captcha.

It's an entirely different sort of system, and it would require a cordoned off section of the Internet to implement it top-down, but it's technically viable.

The defining insight here is how many orders of magnitude difference there is between the "That price is negligible" threshold for a human being, and the "That price is negligible" threshold for an automated system. Sure there are adoption issues, but for all applications where there are several orders of magnitude difference, such a system makes some degree of sense.

replies(1): >>42173978 #
3. theamk ◴[18 Nov 24 16:28 UTC] No.42173978[source]
Don't think it's going to work, except in the smallest forums?

According to a random page on internet [0], companies pay in $2-$6 range per 1000 ad impressions. If one pays $0.01 to bypass captcha and just 10 people see the resulting spam post, that's already $1 per 1000 views - much less than facebook charges. This becomes even more lucrative if the ads are expensive or there will be more than 10 people looking at the ad.

It looks you'll want much higher costs than that, which will make it "too much" for other users.

[0] https://spideraf.com/learning-hub/what-is-the-average-cost-p...

4. njarboe ◴[18 Nov 24 16:33 UTC] No.42174020[source]
Would be great if the US government somehow facilitated micropayment. Either by creating their own system or removing the capital gains reporting requirements on crypto (maybe up to $10k/year).
replies(1): >>42183980 #
5. Thoreandan ◴[18 Nov 24 17:15 UTC] No.42174518[source]
Relevant Penny Arcade comic responding to the proposal that micropayments will save comic artists - https://pennyarcade.fandom.com/wiki/June_22,_2001
6. throwaway2037 ◴[19 Nov 24 14:47 UTC] No.42183980[source]
If micropayment is such an amazing solution to these problems, why haven't we seen a working solution after more than 20 years of talking about it? Why doesn't HN have multiple competing micropayment startups? To me, the results speak for themselves.

Another outcome that I could never understand: The original conversation was micropayments for traditional print media that was moving into the digital age. Why didn't they all band together to create an industry standard that defined (and possibly administered) a micropayment system? In the end, paywalls were the solution, and winner-mostly-takes-all when print moved to digital. Look at the decline in medium to small newspapers in the last 20 years in the US. It is devastating, but a few national, major newspapers are doing OK.

replies(1): >>42194377 #
7. mapt ◴[20 Nov 24 14:51 UTC] No.42194377{3}[source]
You are talking about appreciable micropayments for appreciable amounts of entertainment from small creators.

And I would argue we did get those in the form of subscriptions in Patreon, Onlyfans, Buy Me A Coffee, et al, or in the co-op world of Nebula. We didn't get them down to very low fee structures because we've designed our payment infrastructure with the intent of supporting a profitable company called Visa, Inc, to which we've offloaded a number of different functions of that a government mint / treasury / post office would normally perform. And because lots of revenue on these sites comes from whales, people with outsized income in a country with a great deal of wealth inequality.

What I am talking about is TINY micropayments just for human authentication purposes. Because what we've had so far in the realm of, for example, spam email, involves sending off messages at a CPM of less than a tenth of a penny. Imposing infrastructure which pegs human authentication tasks, normally performed less than ten times a day, at a CPM of ten dollars, can eliminate most applications of automated systems and eliminate the annoyance of captcha, while costing the human less than ten cents. There are no whales in the login space.