Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You're still getting free bot-prevention. If you don't like it, use something like Damien Katz's Negative CAPTCHA (hide a field with CSS, call it email, and wait for a bot to fill it out, and check that that field is empty server-side).


That's clever!


And completely unsustainable. It only takes a parser that checks if the field is visible. It's just a simple matter of adapting. reCAPTCHA is much harder to work around for a spammer.


Distinguishing humans from computers is an inherently unsustainable problem.


Yes. But it would be nice to have something that at least requires somewhat of a break-through instead of another afternoon of coding.


Checking to see if the field is visible is an extremely difficult task. It should be hidden by CSS, so you would need to download all external style sheets and parse all inline and embedded styles. Same goes if the field is hidden by JavaScript, only it becomes much harder then. The only problem with this technique are dumb auto form-fillers.


Not that difficult. If you make your spambot a Firefox extension (for example) you get all that for free.


Absolutely. It only stops people who are half-heartedly malicious: bots stop and attackers get past either way. You now get the malicious uncoordinated person, but you also get a simpler code base and the peace of mind from knowing that your login system can't fail just because of a free third-party api.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: