A New HOPE (2022): "hCaptcha: Profits over People and Fscking Useless" (Download)
Friday, July 22, 2022: 3:00 pm (DAC 206): Or "why I broke CAPTCHAs for 15 percent of the Internet." Technology is supposed to be the great equalizer. But what happens when corporate interests build technological barriers that prey on a minority? Why, hackers, of course! hCaptcha is a commercial CAPTCHA provider, used for about 15 percent of the Internet. In order make their CAPTCHA usable for people with disabilities, they implemented a specific "accessible workflow." This workflow stripped people with disabilities of their privacy or prevented them from using websites entirely. It could also be automated. This talk is about how hCaptcha built their product, the automation attack against their accessible workflow, how they've failed to fix it, and where we go from here.