Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah, this is the trouble with client-side solutions. If it's worth their time (for example, if there's a credit card field or something), the bad actor will first take a look at the request as it's sent to the server and then they will make requests that look similar. You can do some aggressive stuff with fingerprinting like this example but honestly at a certain point captchas are just going to save you a ton of hassle and the alternatives start to become increasingly invasive too. And I say this as a person who strongly dislikes captchas from both a privacy perspective and an end-user perspective.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: