Show HN: Replace CAPTCHAs with WebAuthn passkeys for bot prevention (opens in new tab)

I'm still confused... Why can't headless Chrome with Bitwarden easily by-pass this? What private key?

What I'm scared of is some sort of cryptography becoming the death of the open web. Baking keys into your hardware and doing remote attestation. It doesn't tie you to a real-world identity except that you're locked into using an unrooted (DRM'd) device for using online services like a normal person

If I had to choose between two evils, I'd rather upload my passport to cloudflare and be able to get anonymous tokens from their API (RSA blind signatures or whatever) to prove I'm a real person and browse the web with Firefox and no closed source components, than be forced into hardware attestation and a locked-down device. But uploading government IDs to a (few) central point(s) of trust will create outcry about privacy whereas hidden cryptography baked into normal people's devices with Google Play Services and Apple Something and just working in the background goes unnoticed until everyone (the 99% who aren't on a custom ROM) already experienced the benefits

For webauthn I know it can be all software, I've used virtual devices for testing a server implementation's security, but I vaguely remember there also being a mode that requires having keys signed by a hardware vendor. Just not sure anymore if that was webauthn or something else related to authentication

What about for software implementations like 1Password and Bitwarden?

I don’t see that in the code. But you’re right that there is something heuristic you can do.

Saruman's vacation pics?

All shown in https://en.wikipedia.org/wiki/Nosedive_(Black_Mirror)

> 1. Social credit score system. We should all be able to point our phone at antisocial behavior and damage their score. Until then there's pretty much zero recourse against people who have hostile social behaviors that don't commit a crime (like arguing with the McDonalds employee or causing a scene when someone asks them to turn down their music on the bus). People hate on "Karens" but they're actually our last remaining line of defense against these people.

I don't think you'll actually want to live in a society that works like this. It's called a panopticon. Like some experimental prisons or the DDR which was basically a nation-prison. Everyone will be living a fake life trying to look good while hiding their real wants and needs. This is not natural for people.

And those things are not crimes for a reason. We can't possibly criminalise every little thing that might annoy someone. Some people are jerks or have a bad day, yes. That's no reason to obliterate the concept of privacy.

Also, something that annoys some people will be loved by others. Opinions are like assholes. Everyone's got one.

> As soon as you get on a public road, the government should have dystopian-level control over your car. You can't speed. You can't run a red light (or it will be video recorded and you'll be insta-billed). When there's a wreck, the camera feed in all nearby vehicles is auto-uploaded to the net so all parties can see what happened, no fuss. Break the rules a few times? That's fine, you get your government issued tiny zip car for a year and we'll see if you can respect the shared roads after that. And, of course, alcohol breath analysis to drive

Just get the self driving cars already. Then there is no more need for traffic policing. And we can just spend our time in the car as we wish. No need to go all Draconian and from a tech difficulty point of view it's similarly heavy.

>... point our phone at antisocial behavior and damage their score.

wow! That's going to work well. Groups never gang up to bully people they disagree with.

Why would a social credit score system powered by technology help? Will there be punishments if your score drops too low?