For some reason I have it in the back of my mind that they were at one point accused of being a honeypot for US intelligence because of their association with MIT. Probably complete BS, but maybe not. Are they as open source as they claim to be? Looks like they’re on github. F-Droid seems to think they have some Google...
API shenanigans and/or CAPTCHA breaks hydroxide (the foss bridge)
protonvpn: you can no longer fetch all the configs in one download. You have to click “download” >120 times now to get all the configs
account locks if you do not login frequently enough (i think every 6 months)
if you supply your login creds but get a CAPTCHA and say fuck this, and walk, it does not count as a full login needed to reset the expiration clock
the CAPTCHAs are graphical which forces you to enable images in your browser; but when you do that you get images that junk up your screen and waste bandwidth
no public keyring. Hushmail was better in this regard. An advanced user could upload their PGP public key to Hushtools and then encryption just worked for hushmail users contacting that person. After Hushmail started charging, I would tell the normies who need comms w/me to get a gratis Protonmail account. But then I have to send them my public key and they have to figure out how to attach it to my profile in their phonebook. It’s a show-stopper in many situations.
> Please verify you are a human without any Ad Blockers turned on.
#Captcha dialogs that don't work unless you turn off your #adblocker .. of course you might allow the specific #tracker that makes the captcha functional, but not always clear which one to pick.
Ich habe vor einer Weile mal eine kleine Übersicht darüber gebaut, wie barrierefrei verschiedene #Captcha-Arten für Menschen in den unterschiedlichen Behinderungs-Kategorien sind.
Es sollte niemanden überraschen, aber es ist immer mindestens schwierig.
Beachtet auch, dass viele Menschen mehrfachbehindert sind und hier mehrere Kategorien gleichzeitig zutreffen könnten. Das macht die Nutzung zusätzlich schwer.
Benutzt keine Captchas. Egal wo. Es gibt immer bessere Lösungen. #Inklusion#a11y
The Mastodon development team currently suggest enabling #hCaptcha in order to combat the current spam wave in the fediverse.
However, hCaptcha discriminates genuine users with disabilities from accessing your instance. So if people and inclusion are important to you, please just don't. Consider closing your public registrations instead, for the time being.
So, again, #MastoAdmin, please refrain from requiring #hCaptcha on your instance and only use it as a very last resort, when all other measures fail. If you absolutely have to, please provide an alternative sign-up method that safely works without it.
Thank you very much, on behalf of all of us disabled users - and also on behalf of most of the not-quite superhumans here.
P.S. there are also huge privacy concerns with commercial #Captcha services.
Les CAPTCHA sont maintenant placés avant l'ouverture des pages de certains sites web… On doit être "humain" pour pouvoir consulter une simple page d'information sur Ameli, le site de la sécu (via Cloudflare…) !
Mais vraiment, allez vous faire cuire le cul sur les braises !
It comes to something when even my fully-sighted wife couldn't get the #CAPTCHA to work. Poorly implemented, too obscure, we must have tried about 10 times and nothing.
I've lost all hope of HCaptcha being a company that cares about accessibility.
I had major trouble getting the accessibility cookie to work in Firefox yesterday, though I eventually solved it by disabling both Privacy Badger and the enhanced tracking protection built into Firefox.
So I e-mailed the company with an accessibility inquiry. I suggested that when requesting an accessibility cookie by e-mail, the user should also be given a code they can enter into the HCaptcha challenge. This would save users from having to deal with cookie problems, and would also allow them to solve a captcha in something like Discord, where the captcha is embedded in the app and there's no way to use the cookie at all.
Support responded and said that it was up to each app developer to implement a way to use the accessibility cookie in their app.
I responded with the following:
> Now it sounds like we're shifting the burden of accommodating HCaptcha onto developers instead of users. Developers want to implement a solution that is accessible already. If they have to design their own UI for accommodating the accessibility cookie, the solution is not accessible. Why is HCaptcha so opposed to solving this problem once so that developers do not have to solve it over and over again?
And they responded:
> The reason is because cookies are supposed to be used in a web browser. If you open Discord or Signal in a web browser, it will work. However since the apps aren't web browsers they won't be able to consume it. We have other clients that have implemented ways to consume the accessibility cookie in their apps, so it's up to the developer.
Am I crazy or does this go 0% of the way to addressing anything I said in the previous e-mail?
Bonjour la #mastodonie le #fediverse
Suis à la recherche d'un #CMS pour un bout de site
Actuellement, j’utilise #wordpress et suis un peu déçu par sa lourdeur.
Mes besoins :
Pouvoir générer une carte avec des point/balises identifiés
Disposer d’un formulaire de contact avec un #Captcha par reCaptacha 😉
Mise à jour facile (je suis une feignasse)
Pouvoir écrire du texte et insérer des images 😛
merci !
@mwadmin Can you enable some kind of #CAPTCHA in Mastodon? Maybe something weak like "Do you pass math?" is already enough. The spam is coming due to the nature that the form fields are all the same way named. So spammers just have to add your domain name to their list of Mastodon instances and start sending requests there, including fetching token against CSRF (=cross-site request forgery).
Is there anything unsavory about ProtonMail?
For some reason I have it in the back of my mind that they were at one point accused of being a honeypot for US intelligence because of their association with MIT. Probably complete BS, but maybe not. Are they as open source as they claim to be? Looks like they’re on github. F-Droid seems to think they have some Google...