[_jal]

Captchas are fundamentally anti-human. I'm not saying there isn't a problem to be solved, I'm saying Captchas are a behavior enforcement mechanism overseen by robots and are anti-human.

I write the site owner short note when they go bad explaining why they just lost a customer and go somewhere else. Life is too short to put up with shitty tech.

[Kalium]

What, in your opinion, is the pro-human way to address the problem to be solved?

I'm always curious to hear what other approaches might be worth considering. CAPTCHAs tend to tick the boxes of performing well enough for website-controllers and being low-effort for them to deploy.

[jjoonathan]

Less gaslighting.

There's a lot of ground between "error messages precise enough to effectively give botters a to-do list" and "faking failures 100 times in a row." What was the marginal utility of the 99th fakeout? Are there really enough otherwise effective bots that get persistently tripped up by this particular fakeout to justify sending the poor kid crying to his room?

Almost certainly not. What really happened is that someone removed (or never added) user communication in order to maximize their score against botters and gave little thought to mitigating their false positives. Minimizing them, yes, mitigating them, no. "Humans are smart, they'll figure it out," they rationalized to themselves, and called it a day. They never bothered to calculate (or even guess) when the marginal utility of the fakeout dropped far enough to allow them to have mercy on the poor humans still caught in their web.

[_jal]

I have no suggestions for the general case, and suspect it is one of those problems that doesn't have general-purpose solution. That doesn't mean captchas don't suck.

As for specific things one can do, like anything, more effort means better results. I'm not going to talk about this much, but we do look at a lot of different behavioral and other signals for fraud detection, as that's an important aspect of our business.

If others are fine with annoying their customers to offload risk, they can make that call. I don't have much sympathy about lost sales, though - it is literally choosing to waste customers' time and increase frustration for one's own benefit.

[jfengel]

Blockchain, perhaps?

A lot of CAPTCHAs protect things that are very cheap, but where they don't want it to be free. One solution would be to charge money, but people concerned about privacy won't want to give away conventional payment information.

So, perhaps a nominal payment in some reasonably anonymous cryptocurrency? Or even just participating in some proof-of-work problem that would cost a few cents worth of electricity?

That wouldn't stop really serious botnets or people with stolen credit cards, but those are also both illegal and should be shut down for other reasons.

[quotemstr]

You've made an assertion, not an argument. What does "anti-human" even mean? You're angry, sure, but you haven't expressed what exactly it is that you're angry about. Nor have you proposed a realistic alternative way to distinguish bots from humans. This kind of histrionic, sweeping hot take is not productive.

[karatestomp]

Considering captchas operate by pushing the work of avoiding bots on your site (your problem) onto all the human users of your site, I think on the basis of that alone "anti-human" is warranted. Or "anti-social", if you prefer, which might better capture the fundamental problem with that aspect of it. That they proceed to perform textbook gaslighting on some of those people makes it even worse ("no, you didn't select all the buses in those images" but, of course, you did). Whether these things are necessary for it to operate is beside the point.

[icebraining]

Are movie theaters anti-human because they push the work of avoiding freeloaders (their problem) onto all human users of the theater by making them carry and show tickets?