[travislane]

I was also made to log in via a recaptcha today. The recaptcha widget appears just below the HN login form so pretty sure this is added by HN, not Cloudflare.

If people are complaining about it on this thread, I would also like to register my complaint with it. I think Recaptcha has two major problems:

- It's Google. I would want it to be technically impossible for someone in Google to link my HN profile with my Google profile.

- The Recaptcha widget is plain abusive to Firefox users. If I log in with Chrome, I can get past the Recaptcha hurdle in just one attempt. But if I am Firefox user, I am forced to submit like 5 Recaptchas, then be greeted with a "Please try again" message, then submit like 5 more, and only then be allowed to log in. No I don't want to do this amount of work for Google for free. I urge everyone to please stop supporting Recaptcha.

[summm]

- Privacy and security enhancing techniques make the captcha harder or impossible. For example, the tracking protection built into firefox blocks the recaptcha.js (in a certain view even rightfully so, because google will use that for tracking)

- Apps do not work anymore. This cannot be solved. For recaptcha, one needs a working browser steered by humans. Apps necessarily act like robots.

This comes in line with increased usage of "2"-factor authentication. For example, amazon now requires a browser cookie to login. If you don't have such a cookie, you need to enter a code received via e-mail or SMS. If you delete your cookies (maybe automatically), you This comes under the pretense of security but really is used to fight user privacy.

One general point: Businesses uses machines to provide services. Why shouldn't we as consumers be allowed to rely on machines to consume said services? 15 years ago there was this "semantic web" fad with "intelligent agents". This mess is a huge step backwards.

The root-cause of this is two-fold: - advertising-based business model. If every "bot" needed to pay for the service as well as any other user, revenue will not be hurt by "bots". - other misuse - "Dumb users" as more computer-illiterate people are using these services, it gets easy for businesses to dismiss user choice.

If this should not end in a dystopian nightmare, we will need: - Privacy-preserving login protocols that are stronger than user/password - Privacy-preserving and low-friction micropayment (e.g. Taler) - Some privacy-preserving way to fight misuse. I have no idea here. Maybe some crypto-social-network with zero-knowledge-foo?

[sonnk]

Same happens on Safari, I feel I have to do the recaptcha a lot more frequently on Safari than on Chrome. I cannot find any serious study to back this though ...