←back to thread

I was banned from the hCaptcha accessibility account for not being blind (2023)

(michaels.world)
405 points blindgeek | 6 comments | 18 Nov 24 10:13 UTC | HN request time: 0.653s | source | bottom
Show context
jchw ◴[18 Nov 24 15:17 UTC] No.42173090[source]
I hope we can end the CAPTCHA experiment soon. It didn't work.

Phone verification isn't good either, but for as much as I hate phone verification at least it actually raises the cost of spamming somewhat. CAPTCHA does not. Almost all turnkey CAPTCHA services can be solved for pennies.

Solving the problems of SPAM and malicious traffic will be challenging... I am worried it will come down to three possible things:

- Anonymity of users: validating someone's real-life identity sufficiently would make it possible to permanently ban malicious individuals and filter out bots with good effectiveness, but it will destroy anonymity online. In my opinion, literally untenable.

- Closing the platform: approaches like Web Environment Integrity and Private Access Tokens pave the way for how the web platform could be closed down. The vast majority of web users use Google Chrome or Safari on a device with Secure Boot, so the entire boot chain can be attested. The number of users that can viably do this will only increase over time. In this future, the web ceases to meaningfully be open: alternatives to this approach will continue to become less and less useful (e.g. machine learning may not achieve AGI but it's going to kick the ass of every CAPTCHA in sight) so it will become increasingly unlikely you'll be able to get into websites without it.

- Accountability of network operators: Love it or hate it, the Internet benefits a lot from gray-area operators that operate with little oversight or transparency. However, another approach to getting rid of malicious traffic is to push more accountability to network operators, severing non-compliant providers off of the Internet. This would probably also suck, and would incentivize abusing this power.

It's tricky, though. What else can you do? You can try to reduce the incentives to have malicious traffic, but it's hard to do this without decreasing the value that things offer. You can make malicious traffic harder by obfuscation, but it's hard to stop motivated parties.

Either way, it feels like the era of the open web is basically over. The open web may continue to exist, but it will probably be overshadowed by a new and much more closed off web.

replies(15): >>42173427 #>>42173571 #>>42173573 #>>42173636 #>>42173652 #>>42173854 #>>42174051 #>>42174079 #>>42174452 #>>42174502 #>>42174730 #>>42174882 #>>42175601 #>>42175632 #>>42175764 #
1. throwaway2037 ◴[18 Nov 24 16:18 UTC] No.42173854[source]

    > Anonymity of users: validating someone's real-life identity sufficiently would make it possible to permanently ban malicious individuals and filter out bots with good effectiveness, but it will destroy anonymity online. In my opinion, literally untenable.
I see this point constantly made on the echo chamber that is known as HackerNews. The average normie user does not care about anonymity, nor privacy, on the Internet. They want a smooth, fun experience. The solution is secure boot plus attestation via some browser JavaScript API. If you want even less friction, users are required to register their devices with a gov't agency, then their attestation will carry more value.

Really, why don't we see HN crying about the need to show a national ID (and register) when buying a mobile phone? I never once saw anyone complaining about it here. Are there any highly developed nations that allow complete strangers with any nationality to buy and use a mobile phone without showing a national ID? I don't know any, or they will all soon be gone. It only takes a few more terrorist assholes to close that door permanently.

replies(5): >>42173932 #>>42174559 #>>42175257 #>>42176181 #>>42183286 #
2. graypegg ◴[18 Nov 24 16:24 UTC] No.42173932[source]
> Are there any highly developed nations that allow complete strangers with any nationality to buy and use a mobile phone without showing a national ID?

Canada maybe? [I'm 80% sure that] Public Mobile will sell you a prepaid sim card at the counter. You could pay cash, and set your caller ID to a fake name.

If we're talking about mobility plans, the identity requirement is more about the credit check they might want to do than anything else.

3. tredre3 ◴[18 Nov 24 17:19 UTC] No.42174559[source]
> Are there any highly developed nations that allow complete strangers with any nationality to buy and use a mobile phone without showing a national ID? I don't know any, or they will all soon be gone.

I regularly (1-2x per year) buy prepaid SIMs in Canada, USA, and Japan. None of them require an ID and I often even pay cash.

I'm sure you are right that they'll eventually be requiring ID, but you are wrong to imply that these countries aren't highly developed.

4. faeranne ◴[18 Nov 24 18:20 UTC] No.42175257[source]
> why don't we see HN crying about the need to show a national ID ... when buying a mobile phone?

Mmm, very possibly because there are at least a few ways to get a phone without using any ID. I picked up a used phone about a year ago, and use Tello. Tello had 0 info on me for years, only an old UPS box that I got the card delivered to. I eventually gave them my first name so Caller ID was correct, but short of that or putting in a correct address if you want 911 support, there's no reason to need any valid info with them. They don't do credit checks, just prepay.

> The solution is secure boot plus attestation That's the second option they presented "Closing the platform". The issue with all these options is that it consolidates power, and thanks to already partially consolidated power, any option selected will, by necessity, obligate everyone to partake, whether or not they are ok with it.

> The average normie user does not care about anonymity, nor privacy, on the Internet.

It's true that often "normies" don't care (or at least think they don't care, but that's a completely different point I don't feel like trying to make), and it's also true that often "normies" don't want the status quo changed. But often "normies" also ignore when people are kidnapped due to their heritage being revealed. Is it acceptable to actively create a hostile environment for people already disadvantaged? Do we gain something worth their safety? Who gains from this higher level of scrutiny?

If we look at the smaller web, most sites never get enough traffic to be under active threat, and passive threat is easy enough to quell using honeypot forms and questions. Maybe the "normie" internet is the problem. Passive people passively consuming. "Normies" love watching stolen content, and praise thieves for harassing anyone who points out that what their doing is wrong. "Normies" enjoy watching someone livestream themselves flying down a highway at 100 mph over the speed limit.

I think maybe we should acknowledge that what we're defending with things like hCaptcha is not actually worth defending. Maybe the "normal" internet does need to be deprecated over "small" internet? We did pretty good before with things like Wikipedia. The "small" internet from before had a lot of chaff, but good things have grown from it, and a lot of it still exists as a "small" internet. Maybe it's ok that we have a lot of "crap content", so long as the internet can keep changing?

5. jchw ◴[18 Nov 24 19:49 UTC] No.42176181[source]
It's not the average person's job to make sure that the world isn't fucking them raw. People have limited attention and limited time, not everyone can care about everything.

Nobody else is going to step in and hold the line when it comes to digital privacy rights. It's on people like us who care. This is why organizations like EFF need to exist.

6. juped ◴[19 Nov 24 13:39 UTC] No.42183286[source]
No, you're describing what the California tech echo chamber wishes an "average normie" was, i.e., stupid and compliant, and what they're always aggrieved never really exists in practice, having managed to inculcate only some moderate learned helplessness over time, and with "stupid normies" constantly attempting to fight back via law and politics.