undefined | Better HN

0 pointsmysteria1y ago0 comments

I don't want them to require a email/phone for privacy's sake, but they should definitely have a captcha of sorts to limit bot accounts.

0 comments

KomoD1y ago

> but they should definitely have a captcha of sorts to limit bot accounts

Captchas don't do much, they're super cheap to solve with services like 2captcha, capmonster, etc.

You can get recaptcha solved for $0.6/1k, hcaptcha for $0.8/1k or cheaper. (email is pretty cheap too, but still more expensive than captcha solving)

Requiring phone verification would be the most effective out of those because it's pretty expensive for the attacker, something like $0.02-$0.11 per verification is usually what I see

msm_1y ago

I feel strongly about privacy and I always loved the fact that I can post pretty much anonymously on HN (I don't mean this account - it's pseudonymous at best). It's sad bad actors get to ruin this.

EasyMark1y ago

that seems reasonable to me

krapp1y ago

I don't know... Hacker News keeps complaining that they want the old 90's web experience back, now it feels like some shitty PHP messageboard from back in the day getting pwned by script kiddies. Enjoy the nostalgia while it lasts I guess.

mysteriaOP1y ago

I clicked on the Discord link in the spam message for fun, entered a random username, and immediately got asked to verify with my phone number before I could even read the messages in the chatroom. HN doesn't need to do that and I don't want them to do that, but a simple captcha or a proof of work algo like what Cloudflare uses would at least slow down the flood of bot accounts.

Nuzzerino1y ago

That’s the Orwellian way that discord cracks down on users that it deems, for whatever reason, “suspicious”. It is tied to the IP address and anything else associated with it, but if you had an existing account before the flag then that account won't be flagged, only new accounts. There is no appeal process and they won’t even tell you what your offense was.

Unfortunately I’ve had to pay for an extra cell phone line just to use the app for work. VOIP numbers are rejected and must be unique per account. In my case it was likely because I had the audacity to back up my chat messages with a script. After a few years I can make new accounts again but I feel like I’m playing Russian roulette every time I do.

If you don’t use separate accounts for privacy someone can dump a list of potentially any known server you’ve ever been in. I knew it would be only a matter of time until something like this would happen: https://www.reddit.com/r/privacy/s/A5nvuZBLab

4 more replies

busymom01y ago

Pretty sure I remember hacker news having cloudflare captchas some time ago. Maybe they enabled the "attack mode" back then? Not sure why it wasn't enabled today. @dang could answer maybe.

huytersd1y ago

Relying on security through obscurity goes away pretty quickly once you’re popular.

j / k navigate · click thread line to collapse