dang 24 days ago [-]
I didn't see this question until earlier. That's why the site guidelines ask you to email hn@ycombinator.com if you want to ask us something: https://news.ycombinator.com/newsguidelines.html

We turned it on temporarily because HN was under attack by an account-stealing botnet. Obviously we don't leave it on any longer than we have to. We also are happy to put anyone's username on a whitelist, as the people who emailed us found out.

alt_f4 23 days ago [-]
Thank you for clarifying. I wasn't aware you run a whitelist, this sounds like a good approach.
travislane 25 days ago [-]
I was also made to log in via a recaptcha today. The recaptcha widget appears just below the HN login form so pretty sure this is added by HN, not Cloudflare.

If people are complaining about it on this thread, I would also like to register my complaint with it. I think Recaptcha has two major problems:

- It's Google. I would want it to be technically impossible for someone in Google to link my HN profile with my Google profile.

- The Recaptcha widget is plain abusive to Firefox users. If I log in with Chrome, I can get past the Recaptcha hurdle in just one attempt. But if I am Firefox user, I am forced to submit like 5 Recaptchas, then be greeted with a "Please try again" message, then submit like 5 more, and only then be allowed to log in. No I don't want to do this amount of work for Google for free. I urge everyone to please stop supporting Recaptcha.

summm 25 days ago [-]
- Privacy and security enhancing techniques make the captcha harder or impossible. For example, the tracking protection built into firefox blocks the recaptcha.js (in a certain view even rightfully so, because google will use that for tracking)

- Apps do not work anymore. This cannot be solved. For recaptcha, one needs a working browser steered by humans. Apps necessarily act like robots.

This comes in line with increased usage of "2"-factor authentication. For example, amazon now requires a browser cookie to login. If you don't have such a cookie, you need to enter a code received via e-mail or SMS. If you delete your cookies (maybe automatically), you This comes under the pretense of security but really is used to fight user privacy.

One general point: Businesses uses machines to provide services. Why shouldn't we as consumers be allowed to rely on machines to consume said services? 15 years ago there was this "semantic web" fad with "intelligent agents". This mess is a huge step backwards.

The root-cause of this is two-fold: - advertising-based business model. If every "bot" needed to pay for the service as well as any other user, revenue will not be hurt by "bots". - other misuse - "Dumb users" as more computer-illiterate people are using these services, it gets easy for businesses to dismiss user choice.

If this should not end in a dystopian nightmare, we will need: - Privacy-preserving login protocols that are stronger than user/password - Privacy-preserving and low-friction micropayment (e.g. Taler) - Some privacy-preserving way to fight misuse. I have no idea here. Maybe some crypto-social-network with zero-knowledge-foo?

sonnk 25 days ago [-]
Same happens on Safari, I feel I have to do the recaptcha a lot more frequently on Safari than on Chrome. I cannot find any serious study to back this though ...
25 days ago [-]
jvagner 25 days ago [-]
The recaptcha has broken HACK, the iOS app, for me.
bhhaskin 25 days ago [-]
Might be cloudflare. They use Recaptcha.
summm 25 days ago [-]
No. It's a 2nd screen to complete login. It also breaks mobile clients such as materialistic and is plain evil anyway
jazoom 25 days ago [-]
I was wondering why I couldn't upvote anything through the app and then also wondering why the app kept thinking I wasn't signed in. This is poor indeed. I like using Materialistic. I guess I just won't vote, submit or comment until this madness is over.
gitgud 25 days ago [-]
Pretty sure Hacker News doesn't use cloud flare.
bhhaskin 25 days ago [-]
They very much do!
gitgud 25 days ago [-]
Really, what service are they using? A few months ago Cloud Flare went down along with almost all the sites using them, but HN was unaffected. It's also not shown on any scanning tools. I guess I assumed wrong...

https://www.whoishostingthis.com/?track=AdwordsBrand&gclid=C...

dang 24 days ago [-]
Not for quite a while now.
bhhaskin 22 days ago [-]
I stand corrected!
alt_f4 25 days ago [-]
apparently very recently. fking disgraceful.
dang 24 days ago [-]
When HN is under attack, we have to do things we wouldn't otherwise do. Please see https://news.ycombinator.com/item?id=20794659.