Hacker News new | past | comments | ask | show | jobs | submit login

can we remove captcha while we're at it? its the same sort of lazy bs flash is -- yes, it does serve a purpose, but at the expense of your users



> yes, it does serve a purpose, but at the expense of your users

That has always been the tradeoff of captcha.

The other side of the equation is how relevant/useful is the data submitted? So long as the captcha isn't unreasonably difficult for a human, I would rather my government not spend resources to follow through with every single spammy form submission.


ideally you'd implement something that inconveniences machines (ie spam bots, aka the sole reason captcha needs to exist) but doesnt inconvenience humans

in particular, the v2.0 of captcha implements this time delay.. where you click a picture that matches a description but the images do not appear instantly. its like, wait a random amount of time before you can continue.. you cant even login to our service until you wait a random amount of time.. its insane, piss off, you know, these captchas can actually be broken easily, its just not common yet...


That's a very different issue.

When malicious users were abusing our trial accounts at work, I tried to find alternative solutions that would slow them down, but the implementing team had already exhausted all the usual tricks and in the end I didn't really have anything to offer. And they went with ReCAPTCHA, since unfortunately that seems to be one of the better options at the moment.

I think the best option might be something as CPU-hungry as a coin miner, maybe just burn through a bunch of hashes as a proof of work, but smartphones have such limited CPU that it's not clear to me you could reach a threshold that would be acceptable to phone users but not to the bots.


Proof of work is an interesting angle… I think users might like it if it was an opt-in to avoid captchas. You could have a relatively viable product where users can either do tasks hard for computers a la ReCAPTCHA (and 3rd parties can put in tasks, like MTurk), or users can opt in to a mining script for a couple of minutes. Both can be monetized.


My original thought was that the account creation page (or whatever needed to be gated) would do the mining and send the server a small amount of e.g. Monero. And alternatively, if you didn't want your device to actually mine the Monero, perhaps because you don't allow scripts, you could instead have your browser send that small amount directly from your own wallet. :-P

...but people have browser extensions to sniff out miners now, so a more generic proof of work is probably safer.


Given Google's AI military work, I'm refusing Captcha challenges on principle, and advising sites using them to find alternatives.

https://joeyh.name/blog/entry/prove_you_are_not_an_Evil_corp...


They've already announced they're not going to renew their military contracts. What would Google have to do for you to be ok with Captcha challenges again?


At this point, given track record and impossibility of future-proofing morality almost certainly nothing. See Sourceforge as one case history.

The real problem is that captcha has reached EOL. Alternatives should be found.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: