
Ask HN: When did HN start using recaptcha? - hedora
I just got a recaptcha prompt while logging in.<p>Has Google been linking my HN profile to my ad profile this whole time?
======
dang
I didn't see this question until earlier. That's why the site guidelines ask
you to email hn@ycombinator.com if you want to ask us something:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

We turned it on temporarily because HN was under attack by an account-stealing
botnet. Obviously we don't leave it on any longer than we have to. We also are
happy to put anyone's username on a whitelist, as the people who emailed us
found out.

~~~
alt_f4
Thank you for clarifying. I wasn't aware you run a whitelist, this sounds like
a good approach.

------
travislane
I was also made to log in via a recaptcha today. The recaptcha widget appears
just below the HN login form so pretty sure this is added by HN, not
Cloudflare.

If people are complaining about it on this thread, I would also like to
register my complaint with it. I think Recaptcha has two major problems:

\- It's Google. I would want it to be technically impossible for someone in
Google to link my HN profile with my Google profile.

\- The Recaptcha widget is plain abusive to Firefox users. If I log in with
Chrome, I can get past the Recaptcha hurdle in just one attempt. But if I am
Firefox user, I am forced to submit like 5 Recaptchas, then be greeted with a
"Please try again" message, then submit like 5 more, and only then be allowed
to log in. No I don't want to do this amount of work for Google for free. I
urge everyone to please stop supporting Recaptcha.

~~~
summm
\- Privacy and security enhancing techniques make the captcha harder or
impossible. For example, the tracking protection built into firefox blocks the
recaptcha.js (in a certain view even rightfully so, because google will use
that for tracking)

\- Apps do not work anymore. This cannot be solved. For recaptcha, one needs a
working browser steered by humans. Apps necessarily act like robots.

This comes in line with increased usage of "2"-factor authentication. For
example, amazon now requires a browser cookie to login. If you don't have such
a cookie, you need to enter a code received via e-mail or SMS. If you delete
your cookies (maybe automatically), you This comes under the pretense of
security but really is used to fight user privacy.

One general point: Businesses uses machines to provide services. Why shouldn't
we as consumers be allowed to rely on machines to consume said services? 15
years ago there was this "semantic web" fad with "intelligent agents". This
mess is a huge step backwards.

The root-cause of this is two-fold: \- advertising-based business model. If
every "bot" needed to pay for the service as well as any other user, revenue
will not be hurt by "bots". \- other misuse \- "Dumb users" as more computer-
illiterate people are using these services, it gets easy for businesses to
dismiss user choice.

If this should not end in a dystopian nightmare, we will need: \- Privacy-
preserving login protocols that are stronger than user/password \- Privacy-
preserving and low-friction micropayment (e.g. Taler) \- Some privacy-
preserving way to fight misuse. I have no idea here. Maybe some crypto-social-
network with zero-knowledge-foo?

------
jvagner
The recaptcha has broken HACK, the iOS app, for me.

------
bhhaskin
Might be cloudflare. They use Recaptcha.

~~~
summm
No. It's a 2nd screen to complete login. It also breaks mobile clients such as
materialistic and is plain evil anyway

~~~
jazoom
I was wondering why I couldn't upvote anything through the app and then also
wondering why the app kept thinking I wasn't signed in. This is poor indeed. I
like using Materialistic. I guess I just won't vote, submit or comment until
this madness is over.

------
alt_f4
apparently very recently. f __king disgraceful.

~~~
dang
When HN is under attack, we have to do things we wouldn't otherwise do. Please
see
[https://news.ycombinator.com/item?id=20794659](https://news.ycombinator.com/item?id=20794659).

