It even has some shitty terms and conditions that require you're 18 to solve the CAPTCHA and allows them to look up your identity to verify it's real if you sign up (such if you're disabled)
I'm fuming because somehow CloudFlare now has a WORSE CAPTCHA than Google's. reCAPTCHA was barely accessible but this is just inaccessible by design. Absolutely disgusting.
What absolute ghouls CloudFlare are for switching to a brand new CAPTCHA service (did they fund it? create it?) that treats even more disabled people as second-class citizens, literally dehumanizing them by classifying them as bots instead of humans.
I say it treats even more disabled people as second-class because CAPTCHAs by design are anti-accessibility. There's simply no way to make a CAPTCHA accessible to computer-based assistive technologies but not computer-based malicious technologies. reCAPTCHA for example provided visuals and audio, but excluded deafblind people who would need something like braille AKA plain text.
By using CAPTCHAs you are making your website less accessible on purpose which is terrible on its own, but you justify it by saying it stops bots or only allows humans. You are dehumanizing people by placing criteria on what it means to be human that excludes disabled people. You classify disabled people as non-human. Even more importantly: You are making these human variations not just variations but disabilities. You are the problem.
@jookia please tell me it at least has an audio alternative.
@pitermach To my knowledge it does not, exactly why I'm very angery.
@pitermach To be absolutely clear: This is all only if it flags you as a bot. So if you aren't using a VPN or Tor with privacy extensions that stop trackers you can still just click the checkbox and it will be fine.
@pitermach So for instance, my blind friend can just click the box since they doesn't use those and I assume their browser isn't flagged. But there's been cases on other websites that require them to solve a CAPTCHA, and if they used this CAPTCHA then it would be unsolvable.
@pitermach Ultimately it's up to the web developer whether to be strict or lenient about CAPTCHAs, and there's now financial incentive to give people CAPTCHAs.
Looks like either an oversight, or the impact of not mitigating attacks is greater than blocking a small portion of users. I would believe that the cross-section of disabled people AND Tor/tracker blockers users AND sites that have the Cloudflare interstitial is not that big.
Do you know of an effective (at Cloudflare's scale) captcha that is easily usable by 100% of web users ?
@wowaname @pitermach @jookia
Again, the website owner choose the level of security, by making compromises (see picture). Not CF. I don't think any 100% anonymous and perfectly usable by every person captcha can exist, but please disprove me :)
(image taken from https://blog.cloudflare.com/cloudflare-supports-privacy-pass/)
@wowaname Yeah. Make sure you don't forget to follow @Mikoto@fedi.absturztau.be
@jookia @pitermach So if you care a lot about privacy, and for that reason use a VPN or Tor, you are screwed. Even if you don't use those, but blocked Google stuff for good reasons, you are screwed if the website decided to use ReCaptcha. You cannot get in without compromising your privacy.
On most sites, when that ReCaptcha pops up, I simply close the tab. If you don't want us, we go. If you want to fight bots, use "honeypots" (hidden form fields) instead.
@jookia One web development and marketing company uses a form, with an internal label of "email" but showing a label something like "If you are human, keep this blank. This is to prevent spam." Not sure how well it works, but with captchas, one has to keep updating and refining because there are going to be tools to solve them which could be used for spam as well. You have to also find new, creative ways of distorting and messing with the audio. Really, simple is best in these cases, and creating moving targets isn't it.
@devinprater Yeah so my favorite type of CAPTCHAs are simple text-based question/answer ones to do with the website topic itself. Like on a kosagi novena forums it asks something like 'how many bits are in a byte' and you write '8' and it's all fine.
@jookia That's actually a really good idea. I've not thought of that one before.
@jookia Ah, classic Cloudflare and many people still trust it.
Even though they should not, but there isn't much that you can against it.
Let's hope that GNUnet becomes a thing.
@jookia It's all pretty sad and unfair. As it often happens, people just say they care while actually then don't. Especially disgusting is that Cloudflare earns money from solved hCaptchas.
Anyways, there is something you can do though: https://2captcha.com/2captcha-api#solving_hcaptcha
They treat you like a bot, then you treat them like just another annoying obstacle on your way.
For now you'll need some skills to use that solution, but we're working on making this as easy as https://2captcha.com/software/recaptcha-solver-firefox-add-on
Good day to you.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!