Yes, HN generally seems against reCaptcha, mainly because of (understandable) Google paranoia and the fact that reCaptcha is significantly worse UX if you have privacy-centric extensions or browsers (overrepresented in HN compared to the average).
During my quick research, I remember stumbling upon comparisons. The only thing hcaptcha wins over reCaptcha is the fact that it's not owned by google.
it's also better UX for firefox. I have to go through multiple questions in reCaptcha every time I get the "not a robot" button. hCaptcha, from what I've seen, hasn't needed multiple sets of image solves to allow me through.
Well there's been a lot of heat/hate for hCaptcha too since Cloudflare adopted it once Google decided to start charging it's biggest users of reCaptcha.
People where ggetting hit mostly on Firefox, and mainly when non being identifiable as using a google account/service so captcha wouldn't even show.
So the answer is maybe I guess, if you think you will need the scale at which point google might wanna charge you for using it's service.
Regulators simply need to either forbid paying out the tolls or forbid collecting fraudulent tolls from users. These are scams.
The carriers try to hide behind old agreements that state all calls, fraudulent or not must be paid. If they want to keep these agreements they can just pay for them themselves. If not, they should change them. The end users aren’t in a position to enforce this so regulatory pressure is clearly required.
We got scammed out of 200$ on www.mailgun.com
Someone managed to get access to our mailgun account and/or mailgun access key and send 200$ worth of emails in Ukrainian about a crypto IPO (likely a scam).
I discovered on the demo day at this founders community I am part of - https://www.superfounderhub.com. We are part of the same community. Not cross-marketing :)
The attack happened and since I had spoken with their team once I decided to integrate quickly.
I'm curious, why did you have a phone verification feature to begin with; what would've been the impact of unused accounts being created? To me it seems like the verification feature did more harm than good in this case.
Phone verification is NOT mandatory. However, Spike.sh is a simpler alternative to PagerDuty which means we make calls when there are important incidents. Not calling might have serious consequences.
Knowing that Phone call is important, we needed to verify it. However, making phone call to verify is NOT a good idea.
We should have sent an SMS but getting an Alphanumeric sender ID took some time and we wanted to ship quickly.
18 comments
[ 2.6 ms ] story [ 39.6 ms ] threadWhy not use hcaptcha?
Having used Google reCaptcha before I immediately set it up.
Would you recommend hcaptcha over reCaptcha?
People where ggetting hit mostly on Firefox, and mainly when non being identifiable as using a google account/service so captcha wouldn't even show.
So the answer is maybe I guess, if you think you will need the scale at which point google might wanna charge you for using it's service.
So, I don't think we will fall under the segment where Google might have to charge us.
PS: Didn't know Google had started charging now.
Scammers make money from receiving phone calls. Apparently, it is super difficult to tackle this problem - right from twilio to phone network carriers
The carriers try to hide behind old agreements that state all calls, fraudulent or not must be paid. If they want to keep these agreements they can just pay for them themselves. If not, they should change them. The end users aren’t in a position to enforce this so regulatory pressure is clearly required.
In our case, we were making phone calls to verify phone numbers. That was a crucial mistake.
Did they get access via tokens or email/password?
The attack happened and since I had spoken with their team once I decided to integrate quickly.
Knowing that Phone call is important, we needed to verify it. However, making phone call to verify is NOT a good idea.
We should have sent an SMS but getting an Alphanumeric sender ID took some time and we wanted to ship quickly.
Tech debt bit us bad