hCaptcha.com has a "privacy pass", where if you create a user at hCaptcha.com, you can get passes to bypass the captcha itself (because you've already verified through other methods). This is not often used, because guess what? Not many people were bothered by captchas enough to create a user, because no one wants to create another user and be tracked (via privacy pass, across captcha-protected sites) through their user. This was mostly used by disabled users who couldn't pass hCaptcha's offerings.
Personally, I'm not interested in "logging in" or passing my "realness" via API from my device(s), as that's just another token to track an individual and their behaviors. Which is also why I haven't created any user for privacy pass myself, and would generally recommend that you not do so in any Apple, Google, etc., related system (not even hCaptcha, unless you're disabled and can't do the captcha itself).
I don't know what hCaptcha is doing nowadays.
But unless you're disabled, I wouldn't sign up or agree to pass this information from Apple, Google, etc.
Hi! I work at hCaptcha (we handle the CF captchas), and to respond specifically: audio is inaccessible for those with visual and auditory processing issues, as well as being broken by ML techniques. Not to project, but we suspect this is why Google turns it off if your browser looks at all suspicious.
While Privacy Pass is not perfect, we are working towards getting better. I'm not in the product flow for accessibility, but if you have ideas outside of audio that you believe would be able to distinguish between yourself and a robot, I'd be happy to discuss via email to ensure that we can get a solution for you and anyone who can reasonably interact with a computer.
eta: you can email me directly at work via: josiah@intuitionmachines.com
Audio captchas are considered broken completely (search for various papers over the past decade, including one from CMU), so it has limited usefulness only in a very narrow context in practice. I suspect this is a harbinger of things to come - as we close the gap on passing the Turing test, captchas are likely to get less effective, and we will need to transition to a very different solution for bot detection.
often it's easier to just use a website as api instead of using some broken xml nightmare that requires knowledge of the database tables.
If the concern is rate limiting then just rate limit the website. And if you don't like people operating websites with bots then I don't know, maybe stop making websites.
Easy proxying means rate limiting doesn’t really help all that much to defeat bots. And then if you do something like blocking or severely restricting something like Tor (the world's largest open proxy and hence, primary abusive traffic source; something which it would make sense to throw extra bot walls in front of), privacy and accessibility advocates jump down your throat.
This is a no-win situation. I’m not convinced it’s possible to have ones cake and eat it too, here. Someone upthread said “security, privacy, accessibility, pick any two”, and I have yet to see any evidence of a third option.
I think you do not understand why website owners use captcha. Website owners use captcha services, because doing so saves money for them.
Captcha will stop saving money, if the captcha becomes so ineffective that the short-term and the long-term downside (annoying users who are subjected to captcha) exceeds the cost saving ("cost" here is potentially many different things - it could be quality of service for normal users, it could be opportunity cost, it could be the cost of serving the traffic like network bandwidth or cpu or database capacity).
Yes there are subset of people with visual problems who also have auditory problems, that does not mean you should not support the ones with vision only problems.
Are there not "ML techniques" for visual captchas too ?
With more and more powerful models like GPT-3 coming along every few months, Even if the accuracy levels are less for visual over audio today how long do you think that is going to last ?
I believe they meant that audio captchas have become inaccessible to humans in general. Bots have gotten so good at audio captchas that the difficulty level has to be high enough that humans are also unable to complete them.
Visual captchas too can be quite very hard these days for the same reasons, there are many other ways to verify bot or human, many of them may not allow you to remain anonymous while doing so, pretty much any 2FA method could work for example.
I would say given the choice for a number of people the accessibility is more important than loss of privacy. At least it is choice they should have instead of shutting them off the internet.
Hi HCaptcha-er here. You don't lose all your privacy with our accessibility option. Also we always abide by DNT style protections even for accessibility. That being said our privacy pass solution is totally private and safe.
> Are there not "ML techniques" for visual captchas too?
There are.
> how long do you think that is going to last?
I don't know. So far it hasn't been difficult to recognize the garbage traffic when we take the time to look. And attackers always make it easier by releasing github source and / or announcing their results on Twitter.
Ugh. That accessibility login solution sounds awful, but at least it's available. I can definitely understand why you don't want to have an audio option, given that by all accounts they're next to useless.
ETA: two different people have tested on Chrome and Safari on iPhone 6S locally, and can't reproduce. Please take a screenshot and provide more information to: https://www.hcaptcha.com/reporting-bugs if you want to get this fixed.
I work at hCaptcha, we run CF's captcha. If you're having problems in the future, popping open a debugger and capturing the results can help us figure out what's going on. But also: browser, OS, site, ...?
Right now: there is an issue with Safari users on the most recent iOS and OS X, where 3rd party cookies have now been disabled by default. We're working on a solution.
If that's your issue, you can fix on your side in the short-term by not using Safari, or by enabling 3rd party cookies.
I cannot believe apple decided to roll that out in the middle of COVID. I got hit pretty hard with it and am finally rolling out a fix for my own stuff.
I don't know how you can conclude that. To stop it they would need to challenge it in court and they're up against a potential profit here that can afford any number of big-gun law firms. I don't know the law here, but that's what will determine if this scheme succeeds, and hard proof that this sale violates such applicable laws.
I mean, you're in the territory of a non-profit entity being used to generate profit for a few individuals through corruption. The AG has a lot of pull here.
Vagrants are breaking the law, by definition, because vagrancy is a crime. When someone commits a crime, we call him a criminal and remove him from society for a while. I see no reason to abandon this tradition now.
> When someone commits a crime, we call him a criminal and remove him from society for a while.
Wow. I've received 3 speeding tickets, and 2 right on red tickets in my life. I committed a crime. I paid fines. I was not removed from society.
That is the case with a huge number of crimes, today, otherwise we would have an even worse prison problem.
> I see no reason to abandon this tradition now.
We've already abandoned it, and we are reducing the sizes of prisons as you prattle on about the problems of vagrancy.
Let's get mental health care facilities, rehab, and more, to the levels that existed before Republicans gutted them starting in the 50's. I don't know, like institute new-deal type things so people aren't wanting for basic needs, and maybe vagrancy will go away.
Well, it did the last time we did that.
Why wouldn't we do the exact same thing that worked last time?
What happens when people refuse to use these new rehab facilities, preferring a life of drugs on the street? I'm all for improved mental health care, but at some point, we need to involuntarily remove vagrants from the street and put them in places where they can get help overcoming their problems.
So give them that chance to say no. Right now, you're advocating for paying $81k/year (average for CA prisons) to keep people in prison, instead of trying to fix the underlying causes. Estimates put the number of homeless people in California at roughly 120k+, including families, children, etc.
So if we solve the problem as you are proposing, by putting them in prison right now, that's $9.7 billion / year. It would more than double the current California prison population, from current 115k people, to 235k+, and we'd need new child prisons, because a lot of those homeless folks are families with children.
Putting "vagrants" and other "homeless" people in prison is stupidly expensive, pointlessly punitive, and doesn't solve the underlying economic or social problems. It doesn't stop people from being poor, it just makes being poor suck worse than it already does. All you've done is put a bunch of vulnerable people in prison.
There is no economic problem. We're in the best job market in half a century, perhaps the best ever. If a able bodies person isn't working, it's because he doesn't want to work. I'm under no obligation to support street drug addicts merely because you cast them as victims. They are not victims. They are criminals.
Is prison expensive? Sure. I bet it doesn't have to cost that much to lock people up. But even if it does, locking people up is a much better use of public funds than endless and equally expensive homeless "services" that enable bad behavior.
Awesome design, makes me want to put one together just to see it work. :)
One concern: I saw some designs with the rotor outside the stator, physically mounted to a wheel. I'm not a mechanical engineer, but as a guy who considers himself not quite dumb enough to fail at everything...
I hope they build those motors tough. Typical electric motor mounts create a situation where the only real stresses on the motor are rotational, along the axis of rotation, or in the case of a pulley / gear-mount setup, you are usually limited to 1-2 additional push/pull axis. But on a wheel? That wheel is going to want to rotate and move on all axis, which now needs to be supported by a motor, which also includes permanent electric magnets.
Awesome lighter motor, awesome that we can sandwich the rotor between stators (more layers more torque!).
