• Samuel Proulx@rblind.comOPM
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 month ago

      Proof of work is pretty good. Also, email and phone number verification can reduce the need for this type of verification at all. Similarly, punting the problem to someone else and allowing login via Apple/Facebook/other open ID provider can help. Apple also has a system for verifying that a request comes from a real apple device that services like cloudflare use. But if you have to do it yourself, the key is offering a visual captcha, an audio captcha, and a text-based captcha. Also, try to maintain a trust score for both accounts and IP addresses. Captchas have to made so difficult today to keep out the bots that you need to make sure your users only have to solve them once. As well, if I know the captcha will only happen once, while it’s not ideal, I could request help with it. But if the captcha is on every login, or once a day or whatever, I can’t. Between proof of work, rate limiting, and email verification, and trust scores, 99 percent of captchas aren’t needed and aren’t doing anything. So the first step is understanding the problem you’re trying to solve, and determining if a captcha is the best way to solve it at all. It probably isn’t.

      • CameronDev@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        Thanks for that info. Fortunately, I probably wont ever need to implement any form of anti-bot myself, but still good to know what works well.

        Captchas are definitely getting very hard, even for non-blind users. Getting “Click on all the bicycles” and missing the 5 pixels tall bike and having to restart is very frustrating.

    • BakedCatboy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 month ago

      It seems they decided that based on the author saying that they “looked at the browser console” so either based on using the word “looked” or they deemed using the browser console to be sketchy and enough to disqualify the author, either way pretty shitty.

        • BakedCatboy@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 month ago

          I didn’t think I implied otherwise, I did say it was shitty of them because it makes no sense to assume someone isn’t blind just because of their word choice. I’m just guessing at what their reasoning is.

            • BakedCatboy@lemmy.ml
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              28 days ago

              Could be that too, but it would have to be still based on either the author using the word “looked” or mentioning using the browser console because that’s the only information they could be going off of, which is all I was saying.

              • MostlyBlindGamer@rblind.comM
                link
                fedilink
                English
                arrow-up
                1
                ·
                28 days ago

                I suspect they latched onto the 401 return code and made no determination on whether the author is or isn’t blind.

                “It sounds like they want to use this for a bot - they can’t be blind!”

      • sleepyplacebo@rblind.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        15 days ago

        Some people are legally blind as well. CAPCHAs are often either small sometimes blurry pictures or a deliberately blurry font. Someone with dyslexia may also struggle to read some CAPCHAs.

        So banning someone over this is just reprehensible and ignorant unless there is truly evidence that they were trying to build a bot or otherwise maliciously use the site. :(