←back to thread

405 points blindgeek | 1 comments | | HN request time: 0s | source
Show context
soraminazuki ◴[] No.42171953[source]
The title kind of makes it appear far less of a problem than it actually is, because according to the article, hCaptcha made multiple rude and evidence-free accusations of lying despite the author actually being blind.
replies(1): >>42172658 #
jerf ◴[] No.42172658[source]
Remember that from hCaptcha's point of view, by this point they've probably dealt with hundreds of other people claiming that they are blind when they really aren't, so their bots will work.

This isn't a defense, just an explanation... but it is also an explanation of why the entire idea of "we'll not give blind people a way past the CAPTCHA but just give a pass to 'real' blind people so we can pass ADA", which is that it should have been transparently obvious that this approach is completely infeasible and unscalable. As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

This shouldn't have gotten deployed and then become a problem; it should have been a 5 minute diversion in the meeting where it was proposed to analyze it's completely infeasible and never made it to so much as the design phase, let alone the deployment phase.

If you had a system for completely accurately identifying characteristics like "who is blind" in the presence of extremely hostile attacks on the system, you'd have something far more valuable than the CAPTCHA system itself! The whole idea intrinsically depends on having a stronger solution to the problems CAPTCHAs are meant to solve than the CAPTCHA system itself provides... it's fundamentally a logically unsound idea.

replies(6): >>42172809 #>>42172827 #>>42172892 #>>42172894 #>>42173711 #>>42175433 #
michaelt ◴[] No.42172894[source]
> As big as Google, Facebook, or Amazon are, they would struggle under the load of trying to create a system for determining who is "truly" blind... and that's still true if we ignore questions like exactly what "blind" is anyhow.

In several countries, the government issues certificates of blindness [1] which grant access to certain extra types of support. We don't want severely vision-impaired people being forced to drive, after all!

So there are legal standards for what exactly blind is, and certificates.

The question is whether tech companies are inclined to hire enough people to wrangle the paperwork involved in checking such certificates, worldwide.

[1] https://www.mass.gov/info-details/benefits-for-people-who-ar...

replies(3): >>42172973 #>>42172985 #>>42173608 #
jerf ◴[] No.42172985[source]
If "having a government identity" was a solution to the identity problem, it would be solved.

It is not solved.

That is at most the beginning of a solution to the problem.

And in practice, it is little more than the beginning of the problem, as the government's definition of blindness is very unlikely to be a precise match to "has problems completing our visual CAPTCHA", and if multiple governments have standards there is no chance they will match.

Do not underestimate the resilience and resourcefulness of scammers. They aren't just some individuals here and there who decide one day that they could make a couple extra bucks spamming people, and just sort of start sending out whatever scam strikes their fancy. They're international businesses with engineering teams, and a constant feed of low-level operatives who can scam governments about how blind they are if the governments leave any hole in their system. They're thousands of people dedicating their full human-level intelligence to the task of defeating your system and extracting the value from it. They are not as easy to defeat as "let's just put the obvious certification in place", for the same reason that the CAPTCHA problem isn't solved with "Let's just issue everyone official identities".

replies(1): >>42173369 #
michaelt ◴[] No.42173369[source]
> They're international businesses with engineering teams, and a constant feed of low-level operatives who can scam governments about how blind they are if the governments leave any hole in their system.

I don't know about your country, but in my country the government is pretty keen on avoiding abuses of the benefits system. After all, a blind person gets tax breaks and cash benefits totalling about $5000/year.

So the existing system is used to dealing with financially motivated adversaries. I doubt the additional financial motivation of being able to bypass hCaptcha would mean much, in comparison.

replies(1): >>42178844 #
1. jokethrowaway ◴[] No.42178844[source]
I'm sure some rural country somewhere would start selling certificates en masse the moment this is implemented.