Cloudflare wants to replace annoying captcha puzzles

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 18, 2021.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    41,089
    Likes Received:
    9,349
    GPU:
    AMD | NVIDIA
  2. rl66

    rl66 Ancient Guru

    Messages:
    2,909
    Likes Received:
    373
    GPU:
    Sapphire RX 580X SE
    Well... This was the reason they have chosen the picture in the past...
    Another step back in privacy, and everyone will accept it just to have less click to do.
    A massive population of lamb.
     
  3. Kaarme

    Kaarme Ancient Guru

    Messages:
    2,409
    Likes Received:
    1,034
    GPU:
    Sapphire 390
    Maybe it's not a privacy problem when it's Cloudflare who knows? In Cloudflare's opinion. If a competitor knows, then it's a major privacy problem.
     
  4. scoter man1

    scoter man1 Ancient Guru

    Messages:
    4,811
    Likes Received:
    92
    GPU:
    MSI GTX 1070ti
    Nothing that is on a public facing server is safe though
     

  5. Kaarme

    Kaarme Ancient Guru

    Messages:
    2,409
    Likes Received:
    1,034
    GPU:
    Sapphire 390
    I'm sure Cloudflare considers itself perfectly safe. You can trust your personal info to them! However, never trust it to any of Cloudflare's competitors!
     
  6. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    5,900
    Likes Received:
    2,292
    GPU:
    HIS R9 290
    This is such a stupid idea. First of all, I don't think most people see these every 10 days. You typically only see them when submitting inquiries or creating new accounts, which most people do but not regularly. So, aside from maybe secretaries, nobody is going to want a trinket like this.
    Second, hardware keys have proven over and over again to be effortlessly spoofed. All you have to do is create an emulated device that provides the key. Then, share that key with bots (the very thing captchas are supposed to prevent) and then you defeat the security. Or... just give the server containing the bot the key. Anything you could do to mitigate this it would still effectively make a physical key moot.

    At this rate, they might as well just have users create an account that uses 2FA. It's more secure, it doesn't require a dongle that you're just going to lose, and it could even be used to automatically fill in information, thereby speeding up the process even more. But even 2FA is a bad idea for this, because in the context that Captchas are used, it can still be abused.
     

Share This Page