This is going to be one of the best parts of the new AI-ridden world: humans gradually getting locked out of and giving up on online services because the bots are more patient and more skilled at proving their humanness than humans are.
Twitter’s new captchas are also pretty insane, though not quite this bad last I ran into them.
Uh? The outcome is not “captchas are gone and all our services remain good.”
If we don’t have some way to prevent it, services will be increasingly populated by sophisticated bots either selling stuff, attempting security breaches, or pushing political agendas.
The current internet culture seems quite happy to slap captchas all over the place. When they first rolled out, captchas were predominantly a barrier for "write access" (e.g. make an account, complete a sale, write a comment). But companies like Cloudflare have been putting captchas everywhere for mere read access.
Because Captchas are designed to be easy for ("normal") people but hard for machines, they often disallow disabled users. I'm a ("mostly normal") 35 year old, but I _really_ struggle with captchas. I despise when Cloudflare tosses a captcha challenge before loading a page, as I'll need to spend 3-5 minutes of effort to figure out which tiny pictures have a stoplight, motorcycle, or crosswalk.
Will someone come up with a less restrictive anti-bot solution? I hope so. But even if not, I'm not sure it matters. According to comments in this thread (and elsewhere on the internet about the HBO Max captcha), many of these captchas are _already_ terrible at excluding robots. We're using captchas to exclude low-sophistication robots and disabled users. Seems wrong.
Because current captchas fail to stop 100% of bots and 0% of humans… it’s “not a bad thing” to move closer to captchas stopping 0% of bots and 100% of humans…?
Are you imagining this would spur people to create a different, bot-free (how?) and disabled-human friendly Internet?
No idea. I'm not offering solutions, merely complaints that the current approach of "answer a question that is hard for computers and easy for humans" removes disabled people from many places on the internet.
Inverse captchas or honeypots are a great idea. Just make a HTML input box with id=captcha, and hide it in some unconventional way in CSS so real users do not see it. If a bot was not deterred by seeing a captcha (a possibility), they would probably fill it. Whereas a real user won't.
Maybe not visually hidden, but practically invisible to human: imagine a text box with color #fffffe on a white background. Visually impossible to discern for most humans on most screens, but for a machine #fffffe is totally distinct from #ffffff, and fully visible if display != none.
As AI becomes more intelligent, you can prove humanity by exploiting our weaknesses.
(Another idea. Have a random image on a page actually be a text box with an image background. You cannot activate it if you focus on it, with your mouse or touch, but a bot doesn't need focus to change input.value.)
One pitfall: Screen readers will happily get caught on that. Of course, a11y concerns and bots tend to look similar in general, which is a perennial sticking point.
That solution just shows how bad the US tax system is, and most in Europe won't pass this (because it's already prefilled by their tax agencies or automatically witheld from their salaries).
Serious question: who has a decent plan to create proof-of-human systems that are not only CAPTCHA based?
We will soon need this, and I feel government will gladly present a solution: provide your ID when you connect to the Internet, and we will guarantee you are a human.
Who's actually working on this and has released papers I can study? Because all this AI nonsense will only accelerate us towards this total control of the Internet because the spam and AI bots have made it worse for everyone.
I'm not really sure why anyone cares about bots. They've been part of the internet at least since search engines were invented.
I guess spam is an issue currently, but if bots become advanced enough to avoid heuristics, by making insightful and useful comments, they are probably better than most human users.
Proof of work captchas like mcaptcha can stop, or at least make very expensive, (d)dos attacks.
Bots aren’t random, someone is running them for a reason. The problem isn’t the “insightful and useful comments”, it’ll be the ones which sound like that to any non-expert but are designed to sell products or push political outcomes. Historically the tell for things like that were things like copy-and-paste messages, poor grammar or spelling, etc. which LLMs are great at avoiding.
I have explicitly asked if there is something that is not CAPTCHA.
Because in the age of ever smarter AI do you really want to solve CAPTCHA more and more frequently, and not to show you're not a bot, but to prove you are human with a physical body borne from an ovum.
It is not crazy to think we will eventually need to prove this fact somehow.
> Serious question: who has a decent plan to create proof-of-human systems that are not only CAPTCHA based?
> We will soon need this, and I feel government will gladly present a solution: provide your ID when you connect to the Internet, and we will guarantee you are a human.'
I'm extremely hesitant to give any State the ability to track an individual user's online activity that intensely. It's been extensively documented that any State will fully utilize its size to violate an individual's personal privacy, with this often being done on a grand scale.
> Who's actually working on this and has released papers I can study? Because all this AI nonsense will only accelerate us towards this total control of the Internet because the spam and AI bots have made it worse for everyone.
The alternative is relatively straightforward: Utilize compute-intensive & memory-intensive tasks in CAPTCHAs.
What would only take a few seconds for a single user would take hours for anyone seeking to establish a bot network spanning thousands of pseudo-users. With such tasks, it adds additional friction to the bots at minimal frustration to the user. these can be placed as periodic silent challenges when trying to watch an episode, taking up only a few seconds at the user's end where they wouldn't notice.
this is the second plug i've seen today for mCaptcha. and i can see the utility, i've actually got a spot where it would be perfect and plan to implement it.
but it's absolutely not a captcha: it is not a test to tell humans and computers apart. it's a test that can only be completed by a computer. its only utility is to be expensive. it's not a test to determine if there's a human behind the computer, it's only a test to determine if the computer has more resources than it currently needs, and can tolerate wasting some of them for a while.
> What would only take a few seconds for a single user would take hours for anyone seeking to establish a bot network spanning thousands of pseudo-users.
The claims on the mCaptcha site contradict this.
They say it takes about 2 seconds worst case for a computer to do the work, which is hashing sha 256. Looking around, an unaccelerated celron is about 1/20th the speed of a single ryzen core, and gpus are much faster.
Assuming the attacker has an 8 core ryzen with no gpu, they can hash 160 times faster than the person with an older machine.
Assuming the 2 sec upper bound is correct, this means a sub $1000 desktop can create 80 accounts per second, or 4800 accounts per minute.
If they are operating a botnet, then they presumably have access to more than one machine.
mCaptcha doesn't prove you're a human, it only proves you're not a spamming bot.
What I am asking for is a reverse Turing test. Because there will come a time that any single site will need you to prove you are a human to do any action, i.e. post a reply or create an account.
We need a better plan than CAPTCHA that takes minutes to solve every time someone needs that type of proof.
I know government ID schemes are awful for privacy, but that is the only decent solution I can think of. If we, the computer people, do not have a better solution, the government will solve it for us, big tech will adopt it, and we have opened the doors to total surveillance.
> I'm extremely hesitant to give any State the ability to track an individual user's online activity that intensely.
The U.K. government developed something called GOV.UK Verify for exactly this.
It’s sort of like OAuth via a stateless gateway I think. The promise is that the entity doing the auth doesn’t know what you’re using it for, and the entity receiving the auth doesn’t know how you proved auth and only gets the level of detail about you they asked for (and you agreed to).
For example, if a govt website wants to know whether I’m eligible for something based on my local council, I could authenticate with my bank, who would say where I live with only that granularity, not my full address, and my bank wouldn’t know what service I’m trying to use.
I’m not sure how much of this got put into practice but all the ideas were pretty smart and showed there are good approaches to this sort of stuff.
I once suggested to a PM from the GOV.UK Verify team that if the UK wants to do age verification for porn, which it has threatened many times over the last decade, that Verify would be the perfect tech for it as content sites would only find out you're over 18, and auth providers would only know they're proving basic details about you.
The PM did not like the idea of the government being the porn passport for the whole country.
> I once suggested to a PM from the GOV.UK Verify team that if the UK wants to do age verification for porn, which it has threatened many times over the last decade, that Verify would be the perfect tech for it as content sites would only find out you're over 18, and auth providers would only know they're proving basic details about you.
To me, that's still *way too much*.
Just from that, the government now immediately knows what site you've been to (via the token that you've given to the service), and what said site has access to, as well as when you've accessed it. On a long enough timescale, the government can build a daily profile of your life, that when coupled with geo-location data, can be used to see what & where an activity's happening in real time.
> Just from that, the government now immediately knows what site you've been to
If I understand the idea correctly, this isn't how it works. Your user agent sends a signed request (with proof of identity) to the GOV.UK verification server, saying "please give me a signed certificate that provides no information other than my age". Because GOV.UK knows who you are, they can provide such a certificate. Your user agent hands this to the porn site, saying "you requested proof I was over 18, here's proof". Because the certificate was signed by an authority the porn site recognizes, they approve the certificate and let you in the site.
So the government doesn't know what site you visit, and the porn site doesn't know any of your personal information.
Heh, until the UK logging requirements ensure some component of the token that can be decoded later gets left in the server logs, then Oops, we know exactly who was on the porn server.
I'm not sure on the specifics, but the entire point of Verify as a technology was to ensure there was no government database about people. The UK has very distributed technology for government services, there is no one big database, and people have pushed back hard on this many times over the years so the government is pretty paranoid about doing it.
Each agency holds only the data they need for the time they need it. There are no national ID cards. And in the case of Verify, the verification was purposefully outsourced to private companies that already had this data due to their business (e.g. your bank, PayPal, Amazon who have a trustworthy address history, Experian, and so on).
There is no way to argue against this kind of speculation.
Commenter 1: System X is evil!
Commenter 2: Actually, here is how system X works: (Demonstrates it does not work how Commenter 1 thinks it works)
Commenter 3: Well that's fine, until they change X to be evil!
I mean, sure, when X becomes evil, then we can say X is evil. But not until then. If your argument is that all systems eventually become evil, that may be true, but it's a different discussion.
Me (1995): says something really stupid on the internet
Me (2020): shit hope on one finds that 1995 post and cancels my ass
With internet traffic and logging the default assumption should be: "All this data is logged and monitored for marketing purposes, and there is nearly a 100% chance it will be leaked by some hacker group", with the 2023 corollary of "And then used to train a LLM"
> I'm extremely hesitant to give any State the ability to track an individual user's online activity that intensely. It's been extensively documented that any State will fully utilize its size to violate an individual's personal privacy, with this often being done on a grand scale.
I think our (Germany) national IDs would theoretically have that option using certificates. I didn’t look too much into their online features as I never encountered anything supporting them, but my understanding is that I can prove some fact about myself (age, name, or simply being a citizen/resident), without either the government knowing I did it, nor the company knowing more than what I asked to show.
> The alternative is relatively straightforward: Utilize compute-intensive & memory-intensive tasks in CAPTCHAs.
Visitor A is a legitimate human being from a poor country using a bargain brand Chinese phone with hardware that could be charitably described as "slow as molasses".
Visitor B is a troll for hire with a rack of used crypto mining machines in his basement, running hundreds of Chrome processes proxied through hundreds of hacked residential IP addresses.
Your approach would make the website unusable for human visitor A, while being the tiniest bit inconvenient for visitor B's hundreds of alts.
> We will soon need this, and I feel government will gladly present a solution: provide your ID when you connect to the Internet, and we will guarantee you are a human.
I'm pretty sure this was (is?) the idea behind Sam Altman's creepy "World Coin" which IIRC basically involves stamping your retina on a federated blockchain with Microsoft controlling the supernodes.
I'm not saying PGP or cryptocurrency because both of those have issues and the moment money is involved everything is foobar'd
But essentially allowing people to make "identities" via cryptography and then use a reputation system. Preferably by allowing people to follow/whitelist/favorite people across websites.
I like hacker new's method of making new people green. And I wish I could make it highlight the big names I recognize.
The problem with this is that nobody has figured out the distribution system for how we communicate the keys - IMO blockchains are the closest but it's so difficult to mention them because 98% of them are money-grabs. PGP/GPG has struggled so hard pypi literally removed support for it.
The second problem is that what will likely happen is sites like twitter will only allow very trusted accounts and never allow new ones - effectively locking you into one account.
Sorry I should clarify, I don't mean append-only graphs,
I mean what people call "blockchain" in the cryptocurrency sense as actual projects - there's so much stigma largely because the motivation of most of the projects appears to be "making money/investing" and not actually solving a technical problem appropriately.
If github was like this there would be a "fee" for making making commits, this fee would be paid in some proprietary coin, initially created with an ICO/airdrop. Suddenly the motivation is holding these coins because developers will need to make commits right? And the more developers that make commits the more the coin is worth, so surely you should buy and hold them right? This will be a feedback loop of endless money! Oh and it'll be a DAO so the more coins the more voting power you get too!
^ This is what I mean, where the focus is on collecting some "coin/token" - this leads to both a lack of focus on the actual problem being solved, and the problem of people associating it with a ponzi scheme.
I'm not picking a fight with distributed graphs themselves, I don't like it when they're tightly coupled with "value" that can be traded as a fiat.
Fair enough, hope I didn't come off to nitpicky or pedantic! I've always viewed blockchain cryptocurrency projects as git if you had to pay for changes, guess that crept back in here and I looked right past your point.
The IRS is already doing this. They used to have a password-based login system, but they're switching over to ID.me, which requires a scan of your ID and a matching selfie.
I believe the ID.me system went down in flames. Got snagged by this myself for 2021 but opted to call a number and speak to a person instead. Shortly afterwards I discovered an article suggesting my reaction wasn't unique.
I wish it had, but unfortunately it seems like the IRS just waited out the storm and is now back at it. Their website implores you to "create an account with ID.me as soon as possible":
> who has a decent plan to create proof-of-human systems that are not only CAPTCHA based?
Why do sites need human verification anyway? If the problem is load, then you just need proper rate-limiting in place. Captcha always seems to be mis-identifying the real issue.
Ok, so how do you rate trigger on a particular bot such that it doesn't impact real users negatively? Further, bots that submit enough pseudo-random data have a decent chance of bypassing various security mechanisms, including for authorizing payments. Even at .0001% success rate given enough attempts they have a decent likelihood of eventually subverting existing security measures, and boosting those may be just as painful or inconvenient to users as CAPTCHA and similar mechanisms. The reality is bots don't have their own money to spend, humans do, and on its own that's enough reason to care. And what's next, bots being issued passports or mortgages etc.?
A digital wallet tied to a real, authenticated identity should be a solution. You can sign any login and confirm that it is indeed you, a real person, logging in.
Unfortunately crypto folks are too busy selling shitcoins and scams to build this product.
this scenario sounds somewhat similar to what is described in The Matrix movie.
in trying to prevent bots from dominating, we end up making life very difficult for ourselves.
In the movie it is said that humans have scorched the skies in a bid to deny solar energy to the machines. But now humans have to live under dark skies.
The end result of this is going to be human identity verification provided by a centralized party. Either the government or a big private corp, not sure which is worse.
> humans gradually getting locked out of and giving up on online services because the bots are more patient and more skilled at proving their humanness than humans are.
I think the fact that users are willing to give the site the finger and leave is a pretty good sign that you're human.
This actually seems like a major issue right? Much more than it's being given credit for.
Not sure what a world without capture is going to look like but it's probably not going to be very good, I guess we'll all be forced to identify with a our "world coin(tm)" ID?
That will be the time when I log off most of the internet.
I've started getting blocked on amazon in the evening, and being constantly redirected to captchas and puzzles and invariably whoops ... "the dogs of amazon" pages. (I block amazon ads)
ESPN is horrible. I build auth systems for a living, and I have given up logging into ESPN on numerous occasions because I can't get through all the steps.
As recently as a few weeks ago I was watching a game downstairs, and it went into multiple overtimes so it was getting late. I decided to go upstairs to bed and tried to watch it on the AppleTV in the bedroom. I was logged out. So I spent over 10 mins trying to log in before eventually giving up and watching it on the iPad, since I happened to still be logged in on that device.
It is for the best, because even after you manage to log in, trying to navigate the menu with the AppleTV remote is an exercise in frustration anyway.
I experienced the HBO Max captchas just a few days ago. Everyone did since they launched a new app and made everyone switch to that and re-login.
Some of the solutions are clearly just wrong. I have a PhD in Computer Science and if I am failing multiple basic addition problems, I assure you that it isn't me, the answers are wrong.
I had to do the same audio puzzles and got the first audio puzzle wrong too, and I even had my partner helping me. It is clearly just a bad test bank. Which begs the question, if the answers are wrong and there are only 3 choices, then what's the point? Regardless of whether you are human or not you are going to guess it eventually in about 5 tries, which is what it gives you before locking you out.
mine too. im pretty sure my browser redirected from hbo to the new url and auo-logined. I make exceptionsfor sites I pay. I came to thread expecting an explanation of a background captcha.
I am baffled as to why they had to launch an entirely new app rather than just rename the existing one. Could Apple have made them change the bundle ID? It's like they're putting in deliberate obstacles for existing subscribers.
Elon Musk originally said this in an interview somewhere but it stuck with me: "The organizational inefficiencies and structure will manifest themselves in the end product."
We can probably gleam many insights about the people who made the app (how it works, how big the bundle is, how fast/slow etc.). I haven't used the app so I can't make any judgements about the organization behind it.
I guess my wording was poor. I didn't really intend to say that Elon Musk came up with it only that I personally first heard of this concept from him saying it.
Some it was probably "this gives us an excuse to rewrite the system, but better this time!" Rebranding often gives a certain amount of cover to do things you want to do even if you don't have to do it.
Often new management wants to put their stamp on things. I've been in situations where we've had to do major redesigns because a new leader wanted to leave their mark. I've been in situations where each new leader wanted a new logo to mark that they made a difference - 3 logos in a decade.
Companies often squander resources in this kind of way. That's not to say that some redesigns and changes aren't warranted, but these things happen often. Why has Google launched a dozen chat apps? Why do some apps get a huge push followed by being abandoned followed by a huge rebranding/recoding push followed by being abandoned again? Many people on here have speculated it's because people get promoted for launching big new things and not for things that seem "easy" like maintenance.
You're rightly baffled from a logical standpoint. When you start thinking about the humans involved in the situation, their egos, their priorities for themselves which might not align with the company's, etc., then it potentially starts to make more sense.
More like it was previously determined by someone who doesn't work there anymore that there would be a new app, and and no one is allowed to Deviate from the System Architecture Specification Trace Matrix.
The new CEO from the Discovery side of the merger cancelled a bunch of HBO Max programming that was doing well, because their background is in cheaper to produce reality content. It seems fated to join the very long list of bad media mergers.
What I do not understand about business is basically everything, but I still don't really understand why they felt the need to remove existing programs.
I can understand canceling Close Enough and Infinity Train because they're too expensive, but I don't really understand what it's hurting for them to just say on the servers and continue to be streamable. Hard drive space is pretty cheap, especially at HBO's scale.
I've heard it's possibly a tax writeoff, but then I've seen conflicting reports claiming that that's not the case, so I have no idea. How much ongoing costs were involved with keeping the animated shows I like online?
Yeah i think it allows them to write the ‘loss’ of the content on their balance sheet at some estimated value it would have cost them if they hadn’t made it themselves.
That sort of management-by-spreadsheet without any of the humanity or long-term vision almost every corporation used to have seems to be an ongoing trend, especially in media, and it’s showing. Discovery, who have McDonnel-Douglassed HBO and are behind this mess, are a particularly good example of the kind of garbage heap that leadership style gets you.
I don’t have any direct insight into this but I’ve read elsewhere that removal of first party content from streaming services could also be because contracts with actors/writers/other crew give them a cut each time it’s shown. By removing the content from streaming it’s no longer getting shown and generating income for those involved.
There's also the possibility that royalties were negotiated poorly. Some back catalog shows could cost more to show than they make due to things like music royalties or other production royalties.
You can transfer apps between developer accounts on both Apple and Google's platforms. It's not the easiest process in the world but far easier than inconveniencing users.
> Often new management wants to put their stamp on things. I've been in situations where we've had to do major redesigns because a new leader wanted to leave their mark.
I call this "New Vice President Urination Syndrome." The stank gets on everything until they learn to use the bathroom.
I can tell you that the old app (on AppleTV) was a bug farm. It was constantly crashing and hanging. I often had to force-quit it. I haven't had enough time with the new app, to see if it's better.
To be fair, many of the other apps also suck. I think it may be because Apple allows TV apps to be written in JavaScript, and some of them are almost certainly poor ports of Web apps.
Neither the old app nor the new app feels like it was written by someone who uses Apple TV.
My pet peeve on the last version was having a carousel movie expand when you pause on it so that it moves things around and hides what you were looking at.
My pet peeve on the new one is a normal swipe on the remote blows through 80% of the carousel items instead of just one.
Neither annoy me as much as Amazon’s hijacking of the touch pad during video so that I can no longer tap the pad to see how far through the movie I am.
I get it, everyone wants their spin on things. But all I want is a usable, consistent experience. It drives me bonkers.
Same on my (admittedly older) Samsung smart tv, but I wonder how much of that was due to resources devoted to writing the new app as opposed to fixing the old one. The new one is 100x better in terms of a usability and generally just working.
My oldish LG TV had an HBO Max app but it wasn't available in my area due to exclusivity agreements. In order to grab it, I had to change the region of my TV before going to the app store. This workaround is not required for the new app, I can just straight-up grab it. I wonder if rebranding with a new app allowed HBO to worm out of agreements like this?
I still have the HBO Max app installed on my phone. It only displays a page that says "HBO Max is now Max" some other text and then a download button that redirects you to the app store page for the new app.
Hell, HBO Max became available in my country just last year, replacing HBO Go. And I know there used to be HBO Now in some places, so I guess we skipped that one. And no HBO is available in some of the places where you really expect it to be, like German speaking countries.
It's the most bafflingly stupid streaming service I ever had the displeasure of using.
It was probably because they're not doing the merger in all their markets (at least any time soon), and they need to maintain the old platform and functionality outside the US as a result.
Subsequently having two separate codebase was probably considered preferable to development on one slowing to a crawl while it chased after two diverging requirements lists.
The reason is probably way simpler than people think: the current HBO Max app is rated at 2.8 stars in half a million reviews in the android app store. I imagine a similar rating on apple's store.
A new app gives you a blank slate, which is easier than reverting old ratings.
I’ve been wondering about that too. Then again, some years ago, Spotify forced all users on (I believe) Android to download an entirely new app that was visually completely identical. Login state and downloaded tracks were lost. I still wonder what happened there.
Surely that‘s among the worst things you can do from an SEO and customer retention perspectives?
I would not be surprised if in both cases the developer posting the app to the store was using their own account. The company of course did not realize this and proceeded to do something (probably stupid) to make that developer quit and give them the finger on the way out the door. When their managers realized their mistake(s), a new app seems like the inevitable outcome.
The new leadership at HBO came from Discover. They have a stable of brand names they could have used (Max came from the Cinemax collection, known in the US for it's "After Dark" soft porn movies, aka "Skinemax").
From news reports and interviews with the leaders involved, it appears that new guard wanted to have something new they could own and take credit for, and HBO was owned by the previous regime.
None of Discovery's marques were strong enough, and the $$ to get Discover as a brand into the right place was high.
So, least of all evils, given their problem: scrub HBO off the name, make it one of many brands in the app, and hope "Max" on its own, with some marketing, can expand to fill the gap.
If it works, Discover team takes credit. If not, Discover team blames holdovers from HBO days and says that this was just an intermediate step on the way to a brand new experience that will launch "real soon now".
Lots of problems with this approach, but business isn't always rational.
Well, HBO Max app still need to exists because foreigner accounts can't use Max yet. So it would be a PITA for those who travel to the U.S and want to watch stuff.
I just assumed we were training self-driving cars that get postponed over and over again. I haven't seen recurring images but maybe I'm just seeing captcha so rarely that I haven't noticed.
I doubt this is the case but theoretically you can make stupid or incorrect captcha and it will still deter bots if you actually check the pattern of use (I.e how many clicks in what intervals etc...) instead of checking if the answer is correct.
This is more or less what cloudflare and such do now as I understand it (as well as checking browser features and such)
One of the requirements to getting a PhD is the knowledge that a PhD is not the proof of intelligence you thought it would be when you started. It is better a proof of resilience, patience, and being dead inside.
Agreed. In my experience, arithmetic skills are not transferable to higher-level math skills and vice versa. Of course, someone can be skilled at both but I don't think you automatically become good at one because of the other.
If getting math problems somewhat wrong gets you past the captcha, it seems like this is something things like ChatGPT would be able to pass, ironically.
Did a bit at online fashion retailer Net a porter a while back, and they rolled their own ‘domain specific’ captcha that had you do things like "select the cuff links". I think it was pretty dynamically powered by their live catalogue.
Once during development I got a captcha that said "select the glasses" where my options was a photo of sunglasses, or a pair of glass drinking cups.
I was cracking up when it started playing the bagpipes.
I don't think its too much of an exaggeration to say this is what happens when security teams don't receive enough pushback from the higher ups or from other teams. I see this all the time in large big tech companies.
They don’t want aggregator apps to log in without paying. Appletv will show me new shows on multiple platforms all on one screen. HBO doesn’t want people doing this without paying.
>HBO doesn’t want people doing this without paying.
But why (from their perspective)?
They don't make their money from metadata, they make it from content. Every piece of real monkey-making content is going to get a torrent regardless of if it's protected behind a captcha.
The Netflix interface is so bad that I've been wondering if they made it bad on purpose. Over a decade ago when DVDs in red envelopes were the standard they had a table view of all their content and you could sort and filter it to your heart's desire. When they got rid of this, I used their API to build a CLI tool that just listed shows ordered by how much Netflix thought I'd like it. All of this was vastly superior to the current Netflix interface. However, I sometimes would decide that I had watched everything on Netflix and turn it off or even unsubscribe for a few months. Now it's really hard to find out if you have exhausted Netflix. It's easy to spend a lot of time just scrolling though the GUI hoping you'll find something and sometimes you do. Sometimes you find something where it's surprising that it didn't suggest it in the first place. I wonder if this is all by design because they try to increase quantity of engagement and not quality and value gained from the engagement.
Edit: I have some sympathy for this. Engagement is much harder to measure than customer satisfaction. They are looking for the keys under the light because they cannot see anywhere else.
Is there a source that Apple pays Warner Bros Discovery (WBD) to get access to their catalog so WBD’s media shows up in searches in Apple’s TV app?
It makes very little sense to me. Surely WBD wants people to easily find WBD content to watch, and easily be able to pay them to watch it.
I know Netflix has been a holdout (the only one), and it is quite a stupid long term decision in my opinion, but I would not have thought Apple pays WBD, Paramount, Comcast, Disney, Starz, etc to be able to list their purchase-able media in Apple’s TV app.
The aggregator uses lots of users existing accounts with their real logins. Using appletv again for an example, it wants to check prepend’s specific Hulu, Netflix, hbo, Disney, etc to see new episodes and whatnot related to my specific account.
So it has a real login and, presumably, access to some api from the streamer. But a smaller company that didn’t pay for access could also just login as my accounts and scrape info.
So the audio captcha was just two one-of-three challenges? How does this slow an automated bot down, it could just guess repeatedly and get it right 1/9th of the time.
The entire site is an exercise in delusion and marketing bullshit. I am absolutely convinced that the people selling this abomination of a product have either never used it themselves or are abjectly and wilfully misleading people.
Some other choice quotes from the page:
> Users have a bad association with difficult photo CAPTCHAs.
> Instead of type what you hear (or alphanumerics) puzzles, we ask users simple questions using delightful and amusing scenarios
> All are incredibly easy for legitimate users
> Every Arkose MatchKey challenge is tested on humans. We release challenges only when they meet very strict usability benchmarks. Our strongest puzzles, designed for bad actors, have no impact on good user completion-rates.
> In fact, Arkose MatchKey is the strongest CAPTCHA ever made.
The ChatGPT app uses this. The puzzle I got involved moving a train, it was super confusing and ridiculous. I was imagining a non-technical user doing these, and my god. No chance.
My mum regularly asks for help when all she's done is ignore the captcha thinking it's an advert because it stands out like a Google ad (different UI, different font, extra branding etc).
At least she's learnt to automatically ignore ads, but it comes with consequence of ignoring captchas as well...
The Internet as a whole has become very elderly unfriendly. Even the iPhone becomes an unnavigable mess once you’re trying to help someone 70+ work with it.
And continually changing UIs definitely don’t help.
My parents are in their late sixties and travel internationally quite often and the lack of a physical SIM slot in new iPhones makes them not want to upgrade devices ever, because it would mean that they'd have to learn a whole new paradigm for installing and using eSIM when they're not very tech literate.
Unfortunately, Arkose is one of the only viable products for stopping credential stuffing and other similar attacks. It has been implemented at several companies I've worked at because there are just not enough alternatives.
The main value-add for companies like Arkose is that they have teams monitoring and changing the aggressiveness of the challenges as new attackers try to get around them. With a product like Recaptcha, you are inevitably completely screwed when attackers get around it.
If attackers get around reCAPTCHA, you are screwed, but so is half the Internet, including Google themselves. Do you think Google would not care about an increase in spam and would not try to fix reCAPTCHA?
You will not get the same level of support from Google as you will from a vendor dedicated to this. Ironically, HBO Max is the main case study on reCAPTCHA Enterprise's landing page, which I guess did not work out for exactly this reason: https://cloud.google.com/blog/products/identity-security/how...
An interesting thing is that for Arkose to be effective against bad actors, they can't just make CAPTCHAs that are hard for bots. They also have to be not-easy or at least expensive for a subset of humans who aren't legitimate users, namely 'CAPTCHA Farms' like https://anti-captcha.com/.
Most CAPTCHAs, including ones made by Arkose, have site keys that are unique to that CAPTCHA and public/visible in the browser -- so companies like Anti Captcha can then automate sending challenging CAPTCHAs directly to a human solver in a 'CAPTCHA farm' who can solve it (in a different browser) and have the CAPTCHA return that it was successfully passed, usually all within ~a minute.
So to get around this and -- as Arkose's site says -- make fraud expensive for hackers, Arkose Labs has to make their CAPTCHAs hard/slow to solve. If they do that, then it becomes expensive for bad actors to rely on labor to solve them (anti-captcha.com cites 58 seconds/$3 per CAPTCHA).
As long as the site key is publicly exposed, this basically isn't going to change; you either need to also couple it with other anti-fraud tactics like device fingerprinting, or use a CAPTCHA that doesn't expose the site key at all.
Disclaimer - I work for a company (Stytch) that has a competing CAPTCHA product.
The claims may be silly, but the captchas seem reasonable to me compared to the increasingly impossible to read "what characters do you see?" captchas and the increasingly hard to decipher images of crosswalks and trucks.
Captchas seem to work best when they reflect the simplest task that AI cannot do rather than a task AI can easily do but with the difficulty ramped up.
>I am absolutely convinced that the people selling this abomination of a product have either never used it themselves or are abjectly and wilfully misleading people.
Same goes for the people who decided to put it on their websites.
I just tried some of these and their normal thread level challenges are actually quite nice on their page. The hard ones chosen by HBO are just crazy though.
Some people miss the old user interfaces. Windows 95, XP, 2000 etc. What is the reason? We had some programs with a horrible interface (Real Player, for example), but never with this level of stupidity.
Continued "enshittification" of all aspects of life. Your OS gets worse but everything else has gotten worse as well: your food gets smaller/worse quality due to the dollar continuing to lose its value, getting harder and harder to live the lifestyle your parents had (house prices, costs of college etc.)
Now you can argue that anything that has hitched a ride on moore's law has improved exponentially. In fact this is what several groups point to: Elon Musk stans love to argue how the world has gotten better not worse thanks to exponential growth and the government loves to point to the declining costs of things like TVs as an indication that inflation is not so bad. Its a red herring though. That new computer is so much better but now has layers of privacy invading/security compromising fat that ye old Windows 95 PC didn't have. That TV might cost a nickel but is more locked down and made out of more of the cheapest throw away components than your old Tube ever had. In a way its an insult to how decent your old TV was.
And then you have people like me, making a living by inviting anyone who listens to events that preach the following: software quality has gone off a cliff [0] and we must do something pronto.
Never imagined this would be a career worth pursuing; it's grim when you think about it.
I remember seeing this a while back. I wanted to say thank you for the effort!
I am concerned though that this is just another form of inflation. If you think about it, you need to have the skillset to develop this software to your liking. That itself is a time sink but lets put that aside and assume you already have the skillset because you made the investment for other reasons. You could then argue that the investment made in learning how to make these apps is spread across this as well as anything else you use the skill for: GREAT Right?
Well, you are forgetting that you are sacrificing time to build and then maintain these applications. So in a way you are still paying for these applications.
Also one concern I have about your listing there is the same concern I have every time I force myself to use Linux as my primary system and then give up and go back to Mac: Curation.
Have you considered drawing up a list of typical workflows for a bunch of different kinds of users and then ensuring at least the common use cases are taken care of? As it stands, it seem like you have a lot of interesting apps but they are are just a hodgepodge of random things. There is no cohesive curation or (potential)quality control behind them.
This grinds my gears about Linux. You handmade apps get a pass but your typical distro? no way: They package together whatever desktop environment they like which itself consists of terrible everyday tools that have varying quality. Just open up the Calculator on a Gnome based distro. It is crummy compared to the Mac or Windows(classic) calculator. Then try out each and every other app on the menu. Seems like there was no real cohesion put into it.
Furthermore, lets just accept that you have to tailor these handmade apps to your liking and that eventually there will be a handmade app for everything a user could want. Ok fine, but I still hate the fact that in todays day and age, this idea has to be extend to EVERYTHING in your life. You gotta understand how to maintain your car because good luck finding a mechanic that wont do the bare minimum. How about the slop they serve at many food establishments? You have to "handmade" all your food/liquid intake. Ditto for everything else (maintenance or removing other ways corporations screw you).
How do you even preserve the value of the currency you try so hard to earn? You can't it is slowly going to 0.
> At some point some software engineer had to sit down, look at it, and say, "looks good to ship to production"
Only true if you replace "software engineer" with "person". Just because someone was paid to build it doesn't mean they thought it was a good idea or ready.
At some point someone on the management side said "we want this and we're writing the check", the developer complained, and the project manager said "I know, I agree with you, but it's out of our hands"
The HBO MAX (aka just MAX now) in PS4 is just a disaster. Can't play videos anymore, as it gets stuck on a infinite loop in the intro of every movie.
It the remaining time is displayed as a negative integer, and for some reason the system just thinks the move is done and resets it to the beginning.
Seems like a bug that some very basic QA testing should have caught it.
The new rollout seems like a total clown show, and unfortunately it ruined the service and made it impossible for me to view movies, unless it is from a laptop.
Nor was I able to log in with Firefox w/linux. I suppose I could have used Chrome but the failure gave me an excuse just to end my subscription. I honestly didn't view HBO that much so I guess I'm up a few bucks. But it does occur to me that a failed first impression can result in lost business - like me. So if users are sitting on the fence, don't push them off! I suppose is the moral.
Both HBO and the Apple TV interfaces on Roku are shockingly poor. All sorts of glitches and annoyances with happy-path usage. It really feels like the designers are not using the product.
Time's a flat circle. We've reinvented cable and have it delivered via the internet. The quality of the content has fallen off now that folks have been roped into the platforms and everything's getting bundled back up so you have to subsidize garbage just to watch a show or two you like per platform.
I have been thinking about this too. The mind boggling speed increase of torrents over the last 15 years is mostly thanks to seedboxes. I'd wager a single peer fully saturating my 1Gbps fiber is not a residental connection.
I remember one day in class we were doing a group project and using GitHub to share our work, and a friend of mine had trouble to log into his GitHub account and got this captcha.
A team of 4 people in the class went to help him pass the (if I remember correctly) 10 tries you needed to have correct in order to log in.
329 comments
[ 3.3 ms ] story [ 306 ms ] threadTwitter’s new captchas are also pretty insane, though not quite this bad last I ran into them.
If we don’t have some way to prevent it, services will be increasingly populated by sophisticated bots either selling stuff, attempting security breaches, or pushing political agendas.
That’s a bad thing!
The current internet culture seems quite happy to slap captchas all over the place. When they first rolled out, captchas were predominantly a barrier for "write access" (e.g. make an account, complete a sale, write a comment). But companies like Cloudflare have been putting captchas everywhere for mere read access.
Because Captchas are designed to be easy for ("normal") people but hard for machines, they often disallow disabled users. I'm a ("mostly normal") 35 year old, but I _really_ struggle with captchas. I despise when Cloudflare tosses a captcha challenge before loading a page, as I'll need to spend 3-5 minutes of effort to figure out which tiny pictures have a stoplight, motorcycle, or crosswalk.
Will someone come up with a less restrictive anti-bot solution? I hope so. But even if not, I'm not sure it matters. According to comments in this thread (and elsewhere on the internet about the HBO Max captcha), many of these captchas are _already_ terrible at excluding robots. We're using captchas to exclude low-sophistication robots and disabled users. Seems wrong.
Are you imagining this would spur people to create a different, bot-free (how?) and disabled-human friendly Internet?
As AI becomes more intelligent, you can prove humanity by exploiting our weaknesses.
(Another idea. Have a random image on a page actually be a text box with an image background. You cannot activate it if you focus on it, with your mouse or touch, but a bot doesn't need focus to change input.value.)
CAPTCHA: Say something bad about Biden
ANSWER: I'm sorry, but as a large language model ...
We will soon need this, and I feel government will gladly present a solution: provide your ID when you connect to the Internet, and we will guarantee you are a human.
Who's actually working on this and has released papers I can study? Because all this AI nonsense will only accelerate us towards this total control of the Internet because the spam and AI bots have made it worse for everyone.
I guess spam is an issue currently, but if bots become advanced enough to avoid heuristics, by making insightful and useful comments, they are probably better than most human users.
Proof of work captchas like mcaptcha can stop, or at least make very expensive, (d)dos attacks.
It's all fun and games until foreign agencies are controlling who wins in your elections through misinformation and propaganda.
Or an AI using a human's ID?
https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=capt...
Because in the age of ever smarter AI do you really want to solve CAPTCHA more and more frequently, and not to show you're not a bot, but to prove you are human with a physical body borne from an ovum.
It is not crazy to think we will eventually need to prove this fact somehow.
> We will soon need this, and I feel government will gladly present a solution: provide your ID when you connect to the Internet, and we will guarantee you are a human.'
I'm extremely hesitant to give any State the ability to track an individual user's online activity that intensely. It's been extensively documented that any State will fully utilize its size to violate an individual's personal privacy, with this often being done on a grand scale.
> Who's actually working on this and has released papers I can study? Because all this AI nonsense will only accelerate us towards this total control of the Internet because the spam and AI bots have made it worse for everyone.
The alternative is relatively straightforward: Utilize compute-intensive & memory-intensive tasks in CAPTCHAs.
https://github.com/mCaptcha/mCaptcha
What would only take a few seconds for a single user would take hours for anyone seeking to establish a bot network spanning thousands of pseudo-users. With such tasks, it adds additional friction to the bots at minimal frustration to the user. these can be placed as periodic silent challenges when trying to watch an episode, taking up only a few seconds at the user's end where they wouldn't notice.
https://news.ycombinator.com/item?id=32339902
but it's absolutely not a captcha: it is not a test to tell humans and computers apart. it's a test that can only be completed by a computer. its only utility is to be expensive. it's not a test to determine if there's a human behind the computer, it's only a test to determine if the computer has more resources than it currently needs, and can tolerate wasting some of them for a while.
The claims on the mCaptcha site contradict this. They say it takes about 2 seconds worst case for a computer to do the work, which is hashing sha 256. Looking around, an unaccelerated celron is about 1/20th the speed of a single ryzen core, and gpus are much faster.
Assuming the attacker has an 8 core ryzen with no gpu, they can hash 160 times faster than the person with an older machine.
Assuming the 2 sec upper bound is correct, this means a sub $1000 desktop can create 80 accounts per second, or 4800 accounts per minute.
If they are operating a botnet, then they presumably have access to more than one machine.
One look at what happened with cryptocurrencies tells me that isn't going to work.
What I am asking for is a reverse Turing test. Because there will come a time that any single site will need you to prove you are a human to do any action, i.e. post a reply or create an account.
We need a better plan than CAPTCHA that takes minutes to solve every time someone needs that type of proof.
I know government ID schemes are awful for privacy, but that is the only decent solution I can think of. If we, the computer people, do not have a better solution, the government will solve it for us, big tech will adopt it, and we have opened the doors to total surveillance.
The U.K. government developed something called GOV.UK Verify for exactly this.
It’s sort of like OAuth via a stateless gateway I think. The promise is that the entity doing the auth doesn’t know what you’re using it for, and the entity receiving the auth doesn’t know how you proved auth and only gets the level of detail about you they asked for (and you agreed to).
For example, if a govt website wants to know whether I’m eligible for something based on my local council, I could authenticate with my bank, who would say where I live with only that granularity, not my full address, and my bank wouldn’t know what service I’m trying to use.
I’m not sure how much of this got put into practice but all the ideas were pretty smart and showed there are good approaches to this sort of stuff.
The PM did not like the idea of the government being the porn passport for the whole country.
To me, that's still *way too much*.
Just from that, the government now immediately knows what site you've been to (via the token that you've given to the service), and what said site has access to, as well as when you've accessed it. On a long enough timescale, the government can build a daily profile of your life, that when coupled with geo-location data, can be used to see what & where an activity's happening in real time.
If I understand the idea correctly, this isn't how it works. Your user agent sends a signed request (with proof of identity) to the GOV.UK verification server, saying "please give me a signed certificate that provides no information other than my age". Because GOV.UK knows who you are, they can provide such a certificate. Your user agent hands this to the porn site, saying "you requested proof I was over 18, here's proof". Because the certificate was signed by an authority the porn site recognizes, they approve the certificate and let you in the site.
So the government doesn't know what site you visit, and the porn site doesn't know any of your personal information.
Each agency holds only the data they need for the time they need it. There are no national ID cards. And in the case of Verify, the verification was purposefully outsourced to private companies that already had this data due to their business (e.g. your bank, PayPal, Amazon who have a trustworthy address history, Experian, and so on).
Commenter 1: System X is evil!
Commenter 2: Actually, here is how system X works: (Demonstrates it does not work how Commenter 1 thinks it works)
Commenter 3: Well that's fine, until they change X to be evil!
I mean, sure, when X becomes evil, then we can say X is evil. But not until then. If your argument is that all systems eventually become evil, that may be true, but it's a different discussion.
This is a pretty dumb argument on the internet.
Me (1995): says something really stupid on the internet
Me (2020): shit hope on one finds that 1995 post and cancels my ass
With internet traffic and logging the default assumption should be: "All this data is logged and monitored for marketing purposes, and there is nearly a 100% chance it will be leaked by some hacker group", with the 2023 corollary of "And then used to train a LLM"
I think our (Germany) national IDs would theoretically have that option using certificates. I didn’t look too much into their online features as I never encountered anything supporting them, but my understanding is that I can prove some fact about myself (age, name, or simply being a citizen/resident), without either the government knowing I did it, nor the company knowing more than what I asked to show.
https://news.ycombinator.com/item?id=36110952
Visitor A is a legitimate human being from a poor country using a bargain brand Chinese phone with hardware that could be charitably described as "slow as molasses".
Visitor B is a troll for hire with a rack of used crypto mining machines in his basement, running hundreds of Chrome processes proxied through hundreds of hacked residential IP addresses.
Your approach would make the website unusable for human visitor A, while being the tiniest bit inconvenient for visitor B's hundreds of alts.
Relevant: https://www.youtube.com/watch?v=-gGLvg0n-uY
https://techcrunch.com/2022/06/21/apple-is-introducing-new-t...
But essentially allowing people to make "identities" via cryptography and then use a reputation system. Preferably by allowing people to follow/whitelist/favorite people across websites.
I like hacker new's method of making new people green. And I wish I could make it highlight the big names I recognize.
The problem with this is that nobody has figured out the distribution system for how we communicate the keys - IMO blockchains are the closest but it's so difficult to mention them because 98% of them are money-grabs. PGP/GPG has struggled so hard pypi literally removed support for it.
The second problem is that what will likely happen is sites like twitter will only allow very trusted accounts and never allow new ones - effectively locking you into one account.
git is a really popular blockchain, though I guess GitHub seeking to Microsoft may further the money-grab argument
I mean what people call "blockchain" in the cryptocurrency sense as actual projects - there's so much stigma largely because the motivation of most of the projects appears to be "making money/investing" and not actually solving a technical problem appropriately.
If github was like this there would be a "fee" for making making commits, this fee would be paid in some proprietary coin, initially created with an ICO/airdrop. Suddenly the motivation is holding these coins because developers will need to make commits right? And the more developers that make commits the more the coin is worth, so surely you should buy and hold them right? This will be a feedback loop of endless money! Oh and it'll be a DAO so the more coins the more voting power you get too!
^ This is what I mean, where the focus is on collecting some "coin/token" - this leads to both a lack of focus on the actual problem being solved, and the problem of people associating it with a ponzi scheme.
I'm not picking a fight with distributed graphs themselves, I don't like it when they're tightly coupled with "value" that can be traded as a fiat.
https://sa.www4.irs.gov/secureaccess/ui/
Why do sites need human verification anyway? If the problem is load, then you just need proper rate-limiting in place. Captcha always seems to be mis-identifying the real issue.
Unfortunately crypto folks are too busy selling shitcoins and scams to build this product.
in trying to prevent bots from dominating, we end up making life very difficult for ourselves.
In the movie it is said that humans have scorched the skies in a bid to deny solar energy to the machines. But now humans have to live under dark skies.
I think the fact that users are willing to give the site the finger and leave is a pretty good sign that you're human.
Not sure what a world without capture is going to look like but it's probably not going to be very good, I guess we'll all be forced to identify with a our "world coin(tm)" ID?
That will be the time when I log off most of the internet.
As recently as a few weeks ago I was watching a game downstairs, and it went into multiple overtimes so it was getting late. I decided to go upstairs to bed and tried to watch it on the AppleTV in the bedroom. I was logged out. So I spent over 10 mins trying to log in before eventually giving up and watching it on the iPad, since I happened to still be logged in on that device.
It is for the best, because even after you manage to log in, trying to navigate the menu with the AppleTV remote is an exercise in frustration anyway.
Some of the solutions are clearly just wrong. I have a PhD in Computer Science and if I am failing multiple basic addition problems, I assure you that it isn't me, the answers are wrong.
I had to do the same audio puzzles and got the first audio puzzle wrong too, and I even had my partner helping me. It is clearly just a bad test bank. Which begs the question, if the answers are wrong and there are only 3 choices, then what's the point? Regardless of whether you are human or not you are going to guess it eventually in about 5 tries, which is what it gives you before locking you out.
We can probably gleam many insights about the people who made the app (how it works, how big the bundle is, how fast/slow etc.). I haven't used the app so I can't make any judgements about the organization behind it.
It's also an idea older than Conway, presumably, although I don't know for sure.
Often new management wants to put their stamp on things. I've been in situations where we've had to do major redesigns because a new leader wanted to leave their mark. I've been in situations where each new leader wanted a new logo to mark that they made a difference - 3 logos in a decade.
Companies often squander resources in this kind of way. That's not to say that some redesigns and changes aren't warranted, but these things happen often. Why has Google launched a dozen chat apps? Why do some apps get a huge push followed by being abandoned followed by a huge rebranding/recoding push followed by being abandoned again? Many people on here have speculated it's because people get promoted for launching big new things and not for things that seem "easy" like maintenance.
You're rightly baffled from a logical standpoint. When you start thinking about the humans involved in the situation, their egos, their priorities for themselves which might not align with the company's, etc., then it potentially starts to make more sense.
I'm guessing there was some contractual thing (perhaps cable related) around the HBO name or else someone made a very poor choice.
The new CEO from the Discovery side of the merger cancelled a bunch of HBO Max programming that was doing well, because their background is in cheaper to produce reality content. It seems fated to join the very long list of bad media mergers.
I can understand canceling Close Enough and Infinity Train because they're too expensive, but I don't really understand what it's hurting for them to just say on the servers and continue to be streamable. Hard drive space is pretty cheap, especially at HBO's scale.
I've heard it's possibly a tax writeoff, but then I've seen conflicting reports claiming that that's not the case, so I have no idea. How much ongoing costs were involved with keeping the animated shows I like online?
That sort of management-by-spreadsheet without any of the humanity or long-term vision almost every corporation used to have seems to be an ongoing trend, especially in media, and it’s showing. Discovery, who have McDonnel-Douglassed HBO and are behind this mess, are a particularly good example of the kind of garbage heap that leadership style gets you.
https://developer.apple.com/help/app-store-connect/transfer-...
https://support.google.com/googleplay/android-developer/answ...
I call this "New Vice President Urination Syndrome." The stank gets on everything until they learn to use the bathroom.
To be fair, many of the other apps also suck. I think it may be because Apple allows TV apps to be written in JavaScript, and some of them are almost certainly poor ports of Web apps.
My pet peeve on the last version was having a carousel movie expand when you pause on it so that it moves things around and hides what you were looking at.
My pet peeve on the new one is a normal swipe on the remote blows through 80% of the carousel items instead of just one.
Neither annoy me as much as Amazon’s hijacking of the touch pad during video so that I can no longer tap the pad to see how far through the movie I am.
I get it, everyone wants their spin on things. But all I want is a usable, consistent experience. It drives me bonkers.
Hell, HBO Max became available in my country just last year, replacing HBO Go. And I know there used to be HBO Now in some places, so I guess we skipped that one. And no HBO is available in some of the places where you really expect it to be, like German speaking countries.
It's the most bafflingly stupid streaming service I ever had the displeasure of using.
Subsequently having two separate codebase was probably considered preferable to development on one slowing to a crawl while it chased after two diverging requirements lists.
I can see there's no improvement.
A new app gives you a blank slate, which is easier than reverting old ratings.
I remember being nudged for repeated reviews by many apps, some explicitly listing that reason, before that was prohibited by Apple.
Surely that‘s among the worst things you can do from an SEO and customer retention perspectives?
From news reports and interviews with the leaders involved, it appears that new guard wanted to have something new they could own and take credit for, and HBO was owned by the previous regime.
None of Discovery's marques were strong enough, and the $$ to get Discover as a brand into the right place was high.
So, least of all evils, given their problem: scrub HBO off the name, make it one of many brands in the app, and hope "Max" on its own, with some marketing, can expand to fill the gap.
If it works, Discover team takes credit. If not, Discover team blames holdovers from HBO days and says that this was just an intermediate step on the way to a brand new experience that will launch "real soon now".
Lots of problems with this approach, but business isn't always rational.
Having a computer tell me I had to call a mailbox a parking meter is right out of some sort of Forbin Project 1984 mashup.
https://imgur.com/a/lcYR8n0
The hiding the dice under the arrow though is ridiculous.
As for your second question, yes.
This is more or less what cloudflare and such do now as I understand it (as well as checking browser features and such)
I also have a PhD in Computer Science and I assure you that the degree does not give me as much blind faith in my math ability
One of the requirements to getting a PhD is the knowledge that a PhD is not the proof of intelligence you thought it would be when you started. It is better a proof of resilience, patience, and being dead inside.
Once during development I got a captcha that said "select the glasses" where my options was a photo of sunglasses, or a pair of glass drinking cups.
I don't think its too much of an exaggeration to say this is what happens when security teams don't receive enough pushback from the higher ups or from other teams. I see this all the time in large big tech companies.
It’s stupid and anti-user.
But why (from their perspective)?
They don't make their money from metadata, they make it from content. Every piece of real monkey-making content is going to get a torrent regardless of if it's protected behind a captcha.
Edit: I have some sympathy for this. Engagement is much harder to measure than customer satisfaction. They are looking for the keys under the light because they cannot see anywhere else.
Why be reasonable when you can be unreasonable and make more money.
It makes very little sense to me. Surely WBD wants people to easily find WBD content to watch, and easily be able to pay them to watch it.
I know Netflix has been a holdout (the only one), and it is quite a stupid long term decision in my opinion, but I would not have thought Apple pays WBD, Paramount, Comcast, Disney, Starz, etc to be able to list their purchase-able media in Apple’s TV app.
So it has a real login and, presumably, access to some api from the streamer. But a smaller company that didn’t pay for access could also just login as my accounts and scrape info.
its not strictly required, as in most cases you could just save cookies or similar locally, but weaker login systems are preferred.
https://www.arkoselabs.com/arkose-matchkey/
> Arkose MatchKey challenges have revolutionized CAPTCHAs
Some other choice quotes from the page:
> Users have a bad association with difficult photo CAPTCHAs.
> Instead of type what you hear (or alphanumerics) puzzles, we ask users simple questions using delightful and amusing scenarios
> All are incredibly easy for legitimate users
> Every Arkose MatchKey challenge is tested on humans. We release challenges only when they meet very strict usability benchmarks. Our strongest puzzles, designed for bad actors, have no impact on good user completion-rates.
> In fact, Arkose MatchKey is the strongest CAPTCHA ever made.
My mum regularly asks for help when all she's done is ignore the captcha thinking it's an advert because it stands out like a Google ad (different UI, different font, extra branding etc).
At least she's learnt to automatically ignore ads, but it comes with consequence of ignoring captchas as well...
And continually changing UIs definitely don’t help.
https://www.apple.com/newsroom/2023/05/apple-previews-live-s...
In the HN thread , a lot of people were calling it the grandparent mode.
The main value-add for companies like Arkose is that they have teams monitoring and changing the aggressiveness of the challenges as new attackers try to get around them. With a product like Recaptcha, you are inevitably completely screwed when attackers get around it.
Either these guys are full of crap or they are absolute Schönberg aficionados
Most CAPTCHAs, including ones made by Arkose, have site keys that are unique to that CAPTCHA and public/visible in the browser -- so companies like Anti Captcha can then automate sending challenging CAPTCHAs directly to a human solver in a 'CAPTCHA farm' who can solve it (in a different browser) and have the CAPTCHA return that it was successfully passed, usually all within ~a minute.
So to get around this and -- as Arkose's site says -- make fraud expensive for hackers, Arkose Labs has to make their CAPTCHAs hard/slow to solve. If they do that, then it becomes expensive for bad actors to rely on labor to solve them (anti-captcha.com cites 58 seconds/$3 per CAPTCHA).
As long as the site key is publicly exposed, this basically isn't going to change; you either need to also couple it with other anti-fraud tactics like device fingerprinting, or use a CAPTCHA that doesn't expose the site key at all.
Disclaimer - I work for a company (Stytch) that has a competing CAPTCHA product.
Captchas seem to work best when they reflect the simplest task that AI cannot do rather than a task AI can easily do but with the difficulty ramped up.
Same goes for the people who decided to put it on their websites.
A customer who can't get in isn't costing you precious CPU cycles.
It's more of a joke than an interface, like reddit's competition for the worst volume control: https://uxdesign.cc/the-worst-volume-control-ui-in-the-world...
Now you can argue that anything that has hitched a ride on moore's law has improved exponentially. In fact this is what several groups point to: Elon Musk stans love to argue how the world has gotten better not worse thanks to exponential growth and the government loves to point to the declining costs of things like TVs as an indication that inflation is not so bad. Its a red herring though. That new computer is so much better but now has layers of privacy invading/security compromising fat that ye old Windows 95 PC didn't have. That TV might cost a nickel but is more locked down and made out of more of the cheapest throw away components than your old Tube ever had. In a way its an insult to how decent your old TV was.
Never imagined this would be a career worth pursuing; it's grim when you think about it.
[0] https://handmadecities.com/about
I am concerned though that this is just another form of inflation. If you think about it, you need to have the skillset to develop this software to your liking. That itself is a time sink but lets put that aside and assume you already have the skillset because you made the investment for other reasons. You could then argue that the investment made in learning how to make these apps is spread across this as well as anything else you use the skill for: GREAT Right?
Well, you are forgetting that you are sacrificing time to build and then maintain these applications. So in a way you are still paying for these applications.
Also one concern I have about your listing there is the same concern I have every time I force myself to use Linux as my primary system and then give up and go back to Mac: Curation.
Have you considered drawing up a list of typical workflows for a bunch of different kinds of users and then ensuring at least the common use cases are taken care of? As it stands, it seem like you have a lot of interesting apps but they are are just a hodgepodge of random things. There is no cohesive curation or (potential)quality control behind them.
This grinds my gears about Linux. You handmade apps get a pass but your typical distro? no way: They package together whatever desktop environment they like which itself consists of terrible everyday tools that have varying quality. Just open up the Calculator on a Gnome based distro. It is crummy compared to the Mac or Windows(classic) calculator. Then try out each and every other app on the menu. Seems like there was no real cohesion put into it.
Furthermore, lets just accept that you have to tailor these handmade apps to your liking and that eventually there will be a handmade app for everything a user could want. Ok fine, but I still hate the fact that in todays day and age, this idea has to be extend to EVERYTHING in your life. You gotta understand how to maintain your car because good luck finding a mechanic that wont do the bare minimum. How about the slop they serve at many food establishments? You have to "handmade" all your food/liquid intake. Ditto for everything else (maintenance or removing other ways corporations screw you).
How do you even preserve the value of the currency you try so hard to earn? You can't it is slowly going to 0.
Both that that computers are very good at, and have been good at for decades now?
At some point some software engineer had to sit down, look at it, and say, "looks good to ship to production"
Only true if you replace "software engineer" with "person". Just because someone was paid to build it doesn't mean they thought it was a good idea or ready.
It the remaining time is displayed as a negative integer, and for some reason the system just thinks the move is done and resets it to the beginning.
Seems like a bug that some very basic QA testing should have caught it.
The new rollout seems like a total clown show, and unfortunately it ruined the service and made it impossible for me to view movies, unless it is from a laptop.
https://daringfireball.net/linked/2023/05/23/max-tvos
loLz666.txt:
For the unlock password visit (somesite.ru/blah) and fill in 3 surveys.
I've given up on websites just by seeing the first captcha made by them.
I remember one day in class we were doing a group project and using GitHub to share our work, and a friend of mine had trouble to log into his GitHub account and got this captcha.
A team of 4 people in the class went to help him pass the (if I remember correctly) 10 tries you needed to have correct in order to log in.
And they still took about 10 minutes!
https://www.tiktok.com/@gavinj1998/video/7237700278647016746