Email or username:

Password:

Forgot your password?
All posts Andre's posts Post Back to profile
Andre Louis

Yes, #Mastodon supports #HCaptcha, but HCaptcha mines details of some of us with disabilities by asking us to sign up with an email address to, as they put it, 'get an accessibility cookie.' If you use that service, it is a bad time for many. HCaptcha is not my friend.
Edit: For reasons why I categorically state HCaptcha is evil, see this post I made in response to someone else. People have quite rightly asked me to clarify my stance, so here it is: universeodon.com/@FreakyFwoof/

18 February at 22:50 | Open on universeodon.com
54 comments
x0

@FreakyFwoof That cookie doesn't even fucking work, either, so it's basically a total barrier on top of the privacy implications for if it did ever actually work.

18 February at 22:51 | Open on dragonscave.space
Christopher Duffley
Tech Singer

@FreakyFwoof Leaving aside the privacy stuff, I wished the cookie worked! Used a real email, got the email, tried to get passed the CAPTCHA, failed. Tried again using a firefox without add-ons, failed. Tried again, "you've tried too often". Tried again later, failed. Tried with Chromium, failed. Tried with Edge, succeeded. Total time taken was about half an hour over two days. There is no better way of making clear you couldn't care less about being, rather than appearing, accessible than to use that service. Most of the time for blind people, it's "throw away your privacy to make this work". With them, it's "throw away your privacy so it will fail in a slightly different way".

@FreakyFwoof Leaving aside the privacy stuff, I wished the cookie worked! Used a real email, got the email, tried to get passed the CAPTCHA, failed. Tried again using a firefox without add-ons, failed. Tried again, "you've tried too often". Tried again later, failed. Tried with Chromium, failed. Tried with Edge, succeeded. Total time taken was about half an hour over two days. There is no better way of making clear you couldn't care less about being, rather than appearing, accessible than to use...

18 February at 23:23 | Open on tweesecake.social
Svenja
jay 🌺

boost with CW: accessibility, meta² (fedi spam→captchas→ableism&tracking)

19 February at 15:33 | Open on weirder.earth
Sqaaakoi :flagEnby:​

@FreakyFwoof hCaptcha is horribly difficult anyways, i would NOT recommend using it at all
Just have manual approval instead.

19 February at 0:14 | Open on wetdry.world
Monty Icenogle

@FreakyFwoof Why support H Captcha, and not something like ReCaptcha? They had to pick the worst of the Captcha options! Blah, just my thoughts for what little they may be worth

19 February at 2:07 | Open on dragonscave.space
Drew Mochak

@kd6cae @FreakyFwoof I honestly wonder if someone got a kickback. Really do not understand why certain people are so dead-set on integrating some closed-source for-profit nonsense just because "Google bad"

19 February at 15:54 | Open on freeradical.zone
Andre Louis

Spam is bad, HCaptcha is just as bad. Please do not advocate for this evil, evil captcha solution. Please.

19 February at 6:27 | Open on universeodon.com
Big Pawed Bear

@FreakyFwoof i've had to use it once or twice, and it's a mess.

19 February at 6:37 | Open on masto.nu
Jakob Rosin

@FreakyFwoof why would anyone advocate towards it, is beyond my imagination. voluntarely giving away your medical details for access to a service, while some people don't need to submit their personal details.

19 February at 6:41 | Open on universeodon.com
craftxbox

@FreakyFwoof The accessibility problem is definitely an issue on bigger corporate services that wouldn't give a shit but when 90% of the time you can email the instance admin and they'd sort you out in a few hours I don't see the purpose of demonizing hCaptcha. I'd personally rather deal with 100 email registrations before i'd deal with 1 spambot.

19 February at 6:50 | Open on transfur.social
John Ulrik

@FreakyFwoof Why is it evil specifically? Some of our clients keep advocating for hCaptcha because of their self-declared accessibility. A pointer to some kind of analysis would be much appreciated.

19 February at 7:11 | Open on mastodon.world
Andre Louis

@ujay68 @craftxbox It's evil, because *only* if you're blind or unable to complete the visual captcha, do they require your email address.
'Oh, let's be another corporation, but we're niche and specific. We only want email addresses of those who are blind/visually impaired, so we could, at our discretion, spam them with blindness-specific products or services that our visual users would never see, as they never had to provide an email address.'
When you go to the chemist (drug store or whatever it's called today) to buy, oh I dono, tampons, do you have to give them your email address because you're a woman?
Nope. Very, very definitely nope, but because I'm blind, I have to give some nameless, faceless company my address, to have a cookie that hardly ever works anyway at the best of times, and even when it does, is now tracking me across any site with *their* version of so-called captcha?
No. Absolutely not. Get the hell out with that.

@ujay68 @craftxbox It's evil, because *only* if you're blind or unable to complete the visual captcha, do they require your email address.
'Oh, let's be another corporation, but we're niche and specific. We only want email addresses of those who are blind/visually impaired, so we could, at our discretion, spam them with blindness-specific products or services that our visual users would never see, as they never had to provide an email address.'
When you go to the chemist (drug store or whatever it's...

19 February at 7:18 | Open on universeodon.com
craftxbox

@FreakyFwoof @ujay68 Yeah okay, that's a fair point. That sucks a lot.

19 February at 7:19 | Open on transfur.social
Charlotte Joanne

@FreakyFwoof @ujay68 @craftxbox I’ve never gotten it to work I tried to sign up to Firefish at least three times and each time just gave up!👩‍🦯

19 February at 7:24 | Open on tooters.org
craftxbox

@Lottie @FreakyFwoof @ujay68 As an instance admin, personally we don't mind an email if you're having troubles. I can't speak for every admin but I wouldn't expect anyone to be any different.

EDIT: Though yeah this is, Objectively terrible for anything that *isnt* as easy to contact someone for help

19 February at 7:25 | Open on transfur.social
Andre Louis

@craftxbox @Lottie @ujay68 Well, you're one of the good ones. Many won't or can't respond to signup emails likely, or don't see them because they get junked, I mean there's any number of reasons. Respect your stance though.

19 February at 7:26 | Open on universeodon.com
Andre Louis

@Lottie @ujay68 @craftxbox You may not have gotten it to work, but guess what? They got *you* to work didn't they? They now have your email address on file for... How long do they keep it? How long are they hoarding our data for? Does anyone actually know?

19 February at 7:25 | Open on universeodon.com
the esoteric programmer

@FreakyFwoof cupoftea.social is now using hcaptcha as well, or planning it or something of that nature. I told the admin why they shouldn't enable it, that the cookie barely works anyway, that the text captcha is most of the times nonsense, that they require an email address only for us, and I believe they still use it, just so you know

19 February at 12:30 | Open on social.stealthy.club
Mikołaj Hołysz

@FreakyFwoof I get your point, I really do, but what alternative do you suggest?

Sure, ReCaptcha works with no email requirement, but that's only because they're Google and have it already. Audio captchas are a terrible idea, I've helped out non-english speakers over the phone with ReCaptcha enough times to know this first hand. Everything else (including audio) is trivial to solve in the age of LLMs and provides basically 0 protection. You can use weaker solutions and rely on IP reputation, but then blind people on "shadier" networks are completely out of luck, Google has this problem too.

HCaptcha is the worst system of all, except for all the others.

@FreakyFwoof I get your point, I really do, but what alternative do you suggest?

Sure, ReCaptcha works with no email requirement, but that's only because they're Google and have it already. Audio captchas are a terrible idea, I've helped out non-english speakers over the phone with ReCaptcha enough times to know this first hand. Everything else (including audio) is trivial to solve in the age of LLMs and provides basically 0 protection. You can use weaker solutions and rely on IP reputation, but...

19 February at 11:48 | Open on dragonscave.space
Andre Louis

@miki Anything that isn't HCaptcha. A numeric problem, what is the number before four, plus two numbers after six? Add these together and type your answer. should be 11.

19 February at 11:50 | Open on universeodon.com
Mikołaj Hołysz

@FreakyFwoof These are trivial to defeat by LLMs and heavily discriminatory, this time against those who don't speak English, aka the vast majority of the global population.

19 February at 11:53 | Open on dragonscave.space
modulux

@miki @FreakyFwoof Just tried that one and chatgpt can't solve it. And there's no reason why it can't be internationalised.

19 February at 11:54 | Open on node.isonomia.net
Jayson Smith

@FreakyFwoof @miki The problem with that is that LLM's are just too good, and are only getting better. I have a contact form on one of the websites I run. It asks for the normal things, then asks a logic question. Some examples: If you get your hair cut, is it longer or shorter than it was before? If today is Friday, what is tomorrow? Piano, toothbrush, garbage truck…which do you put in your mouth? This worked for many years, but I routinely get spam from that form now, and I suspect the spammers are just enlisting the aid of their friendly neighborhood LLM to solve it for them.

@FreakyFwoof @miki The problem with that is that LLM's are just too good, and are only getting better. I have a contact form on one of the websites I run. It asks for the normal things, then asks a logic question. Some examples: If you get your hair cut, is it longer or shorter than it was before? If today is Friday, what is tomorrow? Piano, toothbrush, garbage truck…which do you put in your mouth? This worked for many years, but I routinely get spam from that form now, and I suspect the spammers...

19 February at 11:55 | Open on dragonscave.space
Jayson Smith

@FreakyFwoof @miki And before anyone says it, the thought that a toddler might put a toy garbage truck in his/her mouth is beyond the point.

19 February at 11:56 | Open on dragonscave.space
Andre Louis

@jaybird110127 @miki For what it's worth, I still rather use RECaptcha over HCaptcha any day of the week.

19 February at 12:01 | Open on universeodon.com
Jayson Smith

@FreakyFwoof @miki Oh me too! Unless, that is, I'm not signed into a Google account at the time, and it asks me to click the images that have Pan-Galactic Gargle Blasters, with no audio alternative.

19 February at 12:02 | Open on dragonscave.space
Kevin Karhan

@FreakyFwoof @miki that makes sense...

Or something like:

"If you take the word "hello" and shift every letter by one position in the alphabet forward, how many F's are there?
Type it out as word, followed by the number of the position in like "six 9" ..."

In this example the correct result would he "one 2"...

In the current age where LLMs can't even count till 2 this is something most people can do...

Or the aforementioned calculation sample...

19 February at 15:07 | Open on infosec.space
James Scholes
just a rock

@FreakyFwoof @ujay68 @craftxbox Oh yeah that's yucky. Thank you for saying something about this!

19 February at 17:31 | Open on wetdry.world
mirabilos

@ujay68 @FreakyFwoof the accessibility is merely that: self-declared.

It excludes lynx users categorically, of which there are quite some, and adoption of hcaptcha by fanfiction and other sites has made quite an amount of users, most visually impaired, very unhappy.

I tried to contact hcaptcha support and they fail to even see the problem.

fuck hCaptcha/Cloudflare
19 February at 15:03 | Open on toot.mirbsd.org
Drew Mochak

@ujay68 @FreakyFwoof Their solution was developed entirely on their own without outreach to the blind community. It forces us to disclose our disability, which allows us to be tracked by Intuition Machines, and across the internet by whoever has a business relationship with them, and/or knows to look for the cookie. It also allows them to deny us access to any service that uses them, for any reason or none.

19 February at 15:46 | Open on freeradical.zone
Ignasi Cambra

@objectinspace @FreakyFwoof @ujay68 I have come across the stupid Captcha accessibility cookie once, trying to log into Discord. Discord is not important enough for me to do that email crap they were asking for, and apparently even if you install the so called cookie the Discord app still doesn't see it. I don't mind the Recaptcha audio challenges though. I actually quite like them. The best ones, though, are the Amazon ones. The random words / numbers you're supposed to hear are interspersed with random fragments of the 1st movement of Beethoven's 4th piano concerto, I have used them a few times and it's always like that!

@objectinspace @FreakyFwoof @ujay68 I have come across the stupid Captcha accessibility cookie once, trying to log into Discord. Discord is not important enough for me to do that email crap they were asking for, and apparently even if you install the so called cookie the Discord app still doesn't see it. I don't mind the Recaptcha audio challenges though. I actually quite like them. The best ones, though, are the Amazon ones. The random words / numbers you're supposed to hear are interspersed with...

19 February at 15:56 | Open on universeodon.com
Drew Mochak

@ujay68 @FreakyFwoof Also, as others mentioned, like all technology--sometimes it just doesn't work.

19 February at 15:48 | Open on freeradical.zone
Kevin Karhan
modulux

@FreakyFwoof Moreover, 1) hCaptcha doesn't even work for (many of) us, or requires lowering the safety settings on browsers, and 2) captchas are not an especially useful way to stop bots. Find another way.

19 February at 7:33 | Open on node.isonomia.net
Josh Cheshire :padres:

@FreakyFwoof @ellesaurus Is there a better captcha service? (I’ve never looked beyond the recommendations and want to try doing better than the default.)

19 February at 14:44 | Open on barelysocial.org
Andre Louis

@josh @ellesaurus The sad thing is, they all suck for various reasons but I don't know if any others take your email address. Rock and a hard-place I know.

19 February at 14:45 | Open on universeodon.com
Elle 💗

@josh
@FreakyFwoof This is a bit of security by obscurity because it doesn't stop targeted attacks, but this is what I do to prevent automated form submissions without a captcha.

Add a honeypot field, as well as a timer for how long it took to fill out the form. If the honeypot field is filled in, or if the form is submitted too quickly, disregard.

19 February at 14:49 | Open on toot.lgbt
Josh Cheshire :padres:

@ellesaurus @FreakyFwoof In the end, they’re all just speed bumps. But I like that idea.

19 February at 15:12 | Open on barelysocial.org
Jared Rimer

@ellesaurus @FreakyFwoof How do I add these to my forms? The honeypot field I've never heard of, and a timer sounds interesting. But in theory, someone could take less time to fill out a form than others.

19 February at 20:53 | Open on tweesecake.social
Elle 💗

@jrimer2023
@FreakyFwoof The honeypot field would just be a hidden text input in the form so no human would enter anything in, but a bot would.

The time to fill out the form can be done in multiple ways, but the simplest is another hidden field that is populated with the timestamp of initial page load that submits with the form. Subtract that from the current time to get how long it took.

The timer is meant to be very short, like a few seconds.

19 February at 21:22 | Open on toot.lgbt
Jared Rimer

@ellesaurus @FreakyFwoof That's very interesting. Anywhere in particular in which we hould do that?

19 February at 21:25 | Open on tweesecake.social
Jared Rimer

@ellesaurus @FreakyFwoof I'm not sure how I would implement this. I know HTML, and I tried my hand at CSS even after I was given a prototype but i could never master the concept. This sounds intriguing.

20 February at 1:56 | Open on tweesecake.social
Kevin Karhan

@FreakyFwoof +9001%
Captchas are ableist shite and should not be allowed to exist.

They are value-removing just like forced JavaScript and banning people for using Tor.

My basic accessibility benchmark is: If I can't use that site with Lynx Browser (running in an 80x25 characters terminal) over Tor, it's unaccessible to disabled users that need screenreaders, braille screens or other tools.

Stuff like HCaptcha forcing people to register and/or beibg able to track users should be illegal because there is no "legitimate interest" nor reason for it to exist besides being ableist:

We've got sufficient techniques to block bots and DDoS attacks already...

#Captchas #hCaptcha #accessibility #a11y #WebDesign #Enshittification #JavaScript #Captcha #Tor #lynx #anonymity #screenreader #privacy #tracking

@FreakyFwoof +9001%
Captchas are ableist shite and should not be allowed to exist.

They are value-removing just like forced JavaScript and banning people for using Tor.

My basic accessibility benchmark is: If I can't use that site with Lynx Browser (running in an 80x25 characters terminal) over Tor, it's unaccessible to disabled users that need screenreaders, braille screens or other tools.

19 February at 14:59 | Open on infosec.space
Océane

@kkarhan @FreakyFwoof Yeah, clearly Eugen Rochko doesn't give a shit. I'm not a resentful person, but he's among the few people I consider to have hurt too many people through computers, me included.

19 February at 15:37 | Open on peculiar.florist
mirabilos

@kkarhan @FreakyFwoof wasn’t it 60, not 80, in width for most Braille lines? (Though adding -nomargins gives six columns back.)

But, full ACK. I use lynx a lot as well.

19 February at 16:43 | Open on toot.mirbsd.org
Kevin Karhan

@mirabilos @FreakyFwoof

IDK, but I'd say that Lynx as Browser can at least be customized to just work and display contents even if one has a single line Braille Screen...

It's a good way to test accessibility and readability and also the only way to actually use the Internet on like EDGEland-level speeds [16kit/s] or even Iridium [2400bit/s] when combined with @ActionRetro 's #FrogFind ...

frogfind.com

github.com/greyhat-academy/lis

#Accessibility #enshittification #Webdesign #Testing #Narrowband #Iridium #directInternet #dialup #EDGEland #GSM #2G #lynx #Browser

@mirabilos @FreakyFwoof

IDK, but I'd say that Lynx as Browser can at least be customized to just work and display contents even if one has a single line Braille Screen...

It's a good way to test accessibility and readability and also the only way to actually use the Internet on like EDGEland-level speeds [16kit/s] or even Iridium [2400bit/s] when combined with @ActionRetro 's #FrogFind ...

19 February at 16:51 | Open on infosec.space
mirabilos

@kkarhan @FreakyFwoof @ActionRetro while I just use xterm (or the text console), I still prefer lynx over other browsers as I can set the fonts, sizes, colours, etc. myself, and I live in EDGEland, so… (though at home I at least have DSL). And I learnt to love #lynx when I was stuck behind 19k2bps dialup.

19 February at 17:14 | Open on toot.mirbsd.org
Go Up