[janice1999]

Question for web devs - are captchas effective any more? If Reddit required a captcha on every comment, would it actually decrease bot comments?

[mr_toad]

> Question for web devs - are captchas effective any more?

They’re effective at annoying humans. Driving traffic away from your site. Reducing conversation rates.

[krapp]

And training LLMs.

[tardedmeme]

There's a reason Google is switching to "scan this QR code on your phone with a Google-authorized TPM" kind of CAPTCHAs

[janice1999]

I've never seen a CAPTCHA like that. What's it used for? Google Cloud services?

[Havoc]

It's a reference to this I think

https://www.androidauthority.com/google-recaptcha-play-servi...

[janice1999]

Wow, that's bad. Looks like the warnings about TPM and remote attestation being a backdoor to total digital lockdown from the Stallman contingent were right.

[seanw444]

The tin foil hatters are always told they're making slippery slope fallacies until they're proven right a few years later. Over and over again.

[pocksuppet]

Sometimes. Other times they're just wrong.

[hurfdurf]

https://news.ycombinator.com/item?id=48039362

https://cloud.google.com/blog/products/identity-security/int...

[layer8]

It’s only just been announced: https://news.ycombinator.com/item?id=48039362

[tardedmeme]

Aaand it's proven, only two days later. You cannot pass recaptcha if your device is degoogled. https://news.ycombinator.com/item?id=48067119

[sunaookami]

Speaking from experience hosting a MediaWiki with a ReCaptcha: Those were never effective, they didn't stop any bots. Switching to a personalized captcha with questions that have to be answered (that can mostly be answered from the Wiki itself) was more effective and stopped 100% of bots (of course it can be trivially bypassed when a site-specific bot is coded but no one does it and same is true for ReCaptcha).