hCaptcha: Profits over People and Fscking Useless

Presented at A New HOPE (2022), July 22, 2022, 3 p.m. (50 minutes)

Or "why I broke CAPTCHAs for 15 percent of the Internet." Technology is supposed to be the great equalizer. But what happens when corporate interests build technological barriers that prey on a minority? Why, hackers, of course! hCaptcha is a commercial CAPTCHA provider, used for about 15 percent of the Internet. In order make their CAPTCHA usable for people with disabilities, they implemented a specific "accessible workflow." This workflow stripped people with disabilities of their privacy or prevented them from using websites entirely. It could also be automated. This talk is about how hCaptcha built their product, the automation attack against their accessible workflow, how they've failed to fix it, and where we go from here.

Presenters:

• Steven Presser
  **Steven Presser (@spresser)** is a tinkerer of many things software and has been writing code since his early teens. He was first drawn to hacking by watching a peer perform an SQL injection on one of his first large projects at age 14. Later, Steve received his Bachelors in computer science from Johns Hopkins University and has since worked for Microsoft, Cray, and HPE. He is currently a researcher at HLRS in Stuttgart, Germany. He has also served as an expert witness and written proof-of-concept code for a brief to the U.S. Supreme Court. Twitter handle:

Links:

• https://scheduler.hope.net/new-hope/talk/U9EZLT/
• https://infocon.org/cons/2600/A New HOPE (2022)/A New HOPE (2022) hCaptcha Profits over People and Fscking Useless.mp4
• https://infocon.org/cons/2600/A New HOPE (2022)/A New HOPE (2022) hCaptcha Profits over People and Fscking Useless.srt (subtitles)

Similar Presentations:

• The Eleventh HOPE (2016) / CAPTCHAs - Building and Breaking