Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hobby sites may be in a more difficult position, but businesses may decide between developer convenience and low cost, or excluding some of their users and tormenting them.

There are also ways to reduce the damage reCAPTCHA causes, such as keeping it out of the default UX path. Discord for example will show a reCAPTCHA challenge on the login page only if you are signing in from a new location.

reCAPTCHA cannot effectively defend sites against targeted attacks either.



OK, Discord specifically is terrible. I login in incognito mode from the same location/browser every time, and have to deal with Captcha most of the time.


I use Discord from an incognito Chrome window. I avoid it most of the time, by doing: 1. Email is manually typed, password is copy pasted 2. I move the mouse around in the window in a fairly non-mechanical manner. I don't know if you use Chrome proper for it, so that could still be a point of difference.


I mean do you want Discord to fingerprint your browser so you don't have to deal with captchas? Kind of defeats the purpose of incognito doesn't it?


> Kind of defeats the purpose of incognito doesn't it?

They're going to track my IP whether I want them to or not. So they should go ahead and use it to reduce hassle.


> …only if you are signing in from a new location.

Or you clean your cookies out, thank you "Cookie Autodelete".


I don't understand this. You're logging in from a fresh browser. Do you want sites to fingerprint you in other ways so you can clear your cookies and not have to deal with captchas?


If there haven't been any failed logins on the account since last success, there's no need to throw up a captcha.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: