Out of curiosity, what are the preferred anti-bot/spam systems that work for blind users? How do they work?
Proof of work is pretty good. Also, email and phone number verification can reduce the need for this type of verification at all. Similarly, punting the problem to someone else and allowing login via Apple/Facebook/other open ID provider can help. Apple also has a system for verifying that a request comes from a real apple device that services like cloudflare use. But if you have to do it yourself, the key is offering a visual captcha, an audio captcha, and a text-based captcha. Also, try to maintain a trust score for both accounts and IP addresses. Captchas have to made so difficult today to keep out the bots that you need to make sure your users only have to solve them once. As well, if I know the captcha will only happen once, while it’s not ideal, I could request help with it. But if the captcha is on every login, or once a day or whatever, I can’t. Between proof of work, rate limiting, and email verification, and trust scores, 99 percent of captchas aren’t needed and aren’t doing anything. So the first step is understanding the problem you’re trying to solve, and determining if a captcha is the best way to solve it at all. It probably isn’t.
Thanks for that info. Fortunately, I probably wont ever need to implement any form of anti-bot myself, but still good to know what works well.
Captchas are definitely getting very hard, even for non-blind users. Getting “Click on all the bicycles” and missing the 5 pixels tall bike and having to restart is very frustrating.
How would they even deem to determine that one is not blind over the internet?
It seems they decided that based on the author saying that they “looked at the browser console” so either based on using the word “looked” or they deemed using the browser console to be sketchy and enough to disqualify the author, either way pretty shitty.
I’m pretty sure blind people still use the word “looked” in that context when communicating online.
I didn’t think I implied otherwise, I did say it was shitty of them because it makes no sense to assume someone isn’t blind just because of their word choice. I’m just guessing at what their reasoning is.
It feels, to me, like they thought the author was trying to get an accessibility cookie for a bot.
Could be that too, but it would have to be still based on either the author using the word “looked” or mentioning using the browser console because that’s the only information they could be going off of, which is all I was saying.
I suspect they latched onto the 401 return code and made no determination on whether the author is or isn’t blind.
“It sounds like they want to use this for a bot - they can’t be blind!”
@Anticorp @BakedCatboy Hey I wonder what happens if I mention this thing? Nothing good, probably. The fediverse is weird.
Some people are legally blind as well. CAPCHAs are often either small sometimes blurry pictures or a deliberately blurry font. Someone with dyslexia may also struggle to read some CAPCHAs.
So banning someone over this is just reprehensible and ignorant unless there is truly evidence that they were trying to build a bot or otherwise maliciously use the site. :(