We turned it on temporarily because HN was under attack by an account-stealing botnet. Obviously we don't leave it on any longer than we have to. We also are happy to put anyone's username on a whitelist, as the people who emailed us found out.
If people are complaining about it on this thread, I would also like to register my complaint with it. I think Recaptcha has two major problems:
- It's Google. I would want it to be technically impossible for someone in Google to link my HN profile with my Google profile.
- The Recaptcha widget is plain abusive to Firefox users. If I log in with Chrome, I can get past the Recaptcha hurdle in just one attempt. But if I am Firefox user, I am forced to submit like 5 Recaptchas, then be greeted with a "Please try again" message, then submit like 5 more, and only then be allowed to log in. No I don't want to do this amount of work for Google for free. I urge everyone to please stop supporting Recaptcha.
- Apps do not work anymore. This cannot be solved. For recaptcha, one needs a working browser steered by humans. Apps necessarily act like robots.
This comes in line with increased usage of "2"-factor authentication. For example, amazon now requires a browser cookie to login. If you don't have such a cookie, you need to enter a code received via e-mail or SMS. If you delete your cookies (maybe automatically), you This comes under the pretense of security but really is used to fight user privacy.
One general point: Businesses uses machines to provide services. Why shouldn't we as consumers be allowed to rely on machines to consume said services? 15 years ago there was this "semantic web" fad with "intelligent agents". This mess is a huge step backwards.
The root-cause of this is two-fold: - advertising-based business model. If every "bot" needed to pay for the service as well as any other user, revenue will not be hurt by "bots". - other misuse - "Dumb users" as more computer-illiterate people are using these services, it gets easy for businesses to dismiss user choice.
If this should not end in a dystopian nightmare, we will need: - Privacy-preserving login protocols that are stronger than user/password - Privacy-preserving and low-friction micropayment (e.g. Taler) - Some privacy-preserving way to fight misuse. I have no idea here. Maybe some crypto-social-network with zero-knowledge-foo?