Comment by binary132
1 day ago
It’s crazy how much of the internet and our app stacks depend on proprietary hosted service integrations that will almost certainly disappear or break in time. Sure it’s convenient to get off the ground with but it doesn’t make sense to me to gate your functionality on a third party that can easily break or slip out from under you. It would be one thing if proprietary software was distributed in a form you could keep operating and using on your own, but even that is obviously inferior to being able to “repair your own equipment”.
Not only that, but it's also totally acceptable now to broadcast your user's data to a megaton of external services for no good reason. If people had some grasp of what is going on and it was visible to them, they would complain very loudly about it in your face.
In the startup world it is a huge economic advantage if you can prototype an idea in days that would have taken months or years. The tradeoffs are acquiring technical debt but we seem capable of resolving that after the concept has found product market fit.
Yes, but its not just startups and people do not seem to actually resolve it.
Lots of big businesses use recaptcha. Quite often unnecessarily. If I need to login with 2FA touse a service does it really need recaptcha?
Similarly, cloudflare sends you emails telling you how many bots and attacks it has stopped - but you do not know how many false positives there were.
Yes you still need recaptcha simply to avoid password stuffing attacks.
2 replies →
Citation, as they say, is needed.
As far as I can tell, most startups resolve their technical debt by failing, and the majority of the rest resolve their debt by being acquired by a company which replaces the original service entirely in 1-3 years because it's too hard to integrate as-is.
Yes, and I certainly was not saying startups should roll their own fraud prevention
> It’s crazy how much of the internet and our app stacks depend on proprietary hosted service integrations that will almost certainly disappear or break in time. Sure it’s convenient to get off the ground with but it doesn’t make sense to me to gate your functionality on a third party that can easily break or slip out from under you.
At least with captchas, it's somewhat understandable with the arms-race aspect. The third party does the work of engaging in the arms race, so you don't have to, but the tradeoff is what you describe.
reCaptcha is routinely broken for me. Almost every time I see it I have to solve it about a dozen times, then it decides I’m not human. After 2-3 page refreshes it does let up but it’s frustrating as hell.
Are you on Linux by any chance? For some reason this is now deemed 'suspicious' by recaptcha and cloudflare :( Especially if you use Firefox. It's driving me crazy getting bombarded by these.
Did you try faking user agent?
1 reply →