Hacker News new | past | comments | ask | show | jobs | submit login

Well anonymity isn't the purpose of captchas. Captchas are intended to provide human-confirmation with the least friction possible, mainly for rate-limiting of services. Having to establish you are a specific individual takes effort, but just typing in a random word is simple. Anonymity is just a by-product of the frictionless [simple] part.

You can still come up with new ways to verify someone is a human for specific uses where you want anonymity, but they will always be part of the tech arms race if you want them frictionless. To avoid them getting more annoying you need a way to authenticate an individual identity, as that allows you to rate-limit access.

You could, of course, do TOTP and totally preserve anonymity. Unless the TOTP service provider is compromised, in which case all bets are off (but perfect-forward secrecy might solve that?)




Anonymity is not just a byproduct of frictionless experience. It used to be a fundamental part of most interaction on the web (on the internet no one knows you're a dog, etc.).

I agree that anonymity is orthogonal to the purpose of captchas, but usually a captcha is only required when you don't have identity. This can be because you haven't established identity, or because the identity is in question, but also because the site does not want to require identity. In fact, outside of first time user sign ups, most captchas are used specifically to allow people to engage without needing an account. So in most cases you use a captcha because you want to allow anonymity.

There already exists several systems like you describe: login with your Google account, Facebook, Twitter. There are already several comment systems (Disqus for example) which make using these as simple as using a captcha for sites who don't care about anonymity. We don't need to integrate identity into captchas.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: