Comment by preinheimer
2 days ago
I think the “prove you’re human by hitting the button” attack is pretty clever.
With the range of different ways captchas are presented today I can see it getting a good % of folks.
2 days ago
I think the “prove you’re human by hitting the button” attack is pretty clever.
With the range of different ways captchas are presented today I can see it getting a good % of folks.
It's our own fault for making the internet such a confusing Kafkaesque maze. Click this button, click that button, sign in to confirm you're not a bot, select the traffic signs, select the items that a rat would not eat, solve this maze to prove you're a human, type out the numbers hidden in these demonic noises, provide your phone number to prove you're real, compute proof-of-work, download this browser if you're having issues... The line between fraudster and modern tech company is honestly not clear anymore and especially not for people who don't care much about tech and just want to access something
Evolution is messy and guided by random occurrences.
Early in the internet days I had ran an open SMTP server for a few years before it was used as a spam relay. The web browser didn't have a security model. Online shopping was going up to a site, writing what you wanted on paper, then mailing off a money order.
Then both fraud and useful things like actual online shopping started happening while the size of the web exploded. Masses of people with no technical capability were getting online. And that's before we got to the age of social media and massive data collection.
Simply put we didn't make the 'web' part of the internet, some people tossed it out as a child and it's been a tooth and nail fight for survival ever since, patching itself up one vuln at a time.
never mind the fact that half these captchas are just excuses for orgs to sneakily extract some reinforcement learning data from you. last time I tried to sign into my microsoft account it made me do 6 captchas. SIX. not six like I failed 1 captcha six times, six like each captcha was iteratively marked i/6
2 replies →
It's not just the captchas either, the "this GPS app needs access to your location" or "this photo taking app wants access to your camera" style pop-ups don't help either.
If you learn once that clicking "deny" in a notification pop-up means your phone doesn't ring when your grandson calls you on Whats App, you won't be clicking "Deny" in those pop ups any more.
I genuinely don't know how to solve that problem, and I definitely see non-technical family members struggle with it.
The silly thing is, it was known before all these permission pop-ups were created that users will simply press "Yes", "OK", "Allow", "Agree", etc., on every dialogue they see simply in order to get rid of it. Many people -maybe even most people? - just see them as needlessly getting in the way of where they actually want to be.
So, given that we knew that, why the hell did we create more?
1 reply →
…but don’t click this button.
[flagged]
Yes, you can. You would be wrong, though.
1 reply →
Malicious compliance is usually intentional, yk?
Nope. We can blame companies for deliberately implementing the requirements in the most inconvenient (and usually actually non-compliant) way possible, to make it an unpleasant process to disagree, and all too easy to accidentally agree, to being stalked by hundreds of "partners".
You can blame anyone, really, but try to think about it this way: when a 5-years old child drives a car into a wall, you don't blame him, you blame the responsible adult in the passenger sit that says: "it's fine, go ahead, drive this car".
Or we can blame the literal scammers and other degenerates that lead businesses and have forced jurisdictions like the EU to implement these?
We've JUST unearthed yet another scandal from Meta, where they've been, surprise surprise, spying on people on Android. Cambridge Analytica, Yemen and countless other examples, all from this 1 company. And we're blaming the EU for trying to do anything against them, and not scumbags like Zuckerberg?