Broken CAPTCHAs and Fractured Equity - Privacy and Security in hCaptcha's Accessibility Workflow
USENIX Enigma Conference via YouTube
Overview
Explore a critical analysis of hCaptcha's accessibility workflow in this USENIX Enigma Conference talk. Delve into the background of CAPTCHAs, assistive technologies, and their interactions. Examine the privacy and security implications of hCaptcha's visual puzzle system and its alternative accessibility workflow. Discover how the accessibility option could potentially de-anonymize users and be vulnerable to automation. Learn about the responsible disclosure process for the identified security flaw and discuss future plans for more inclusive and privacy-friendly CAPTCHA solutions. Reflect on broader questions regarding the future of CAPTCHAs, potential replacements, and the challenge of balancing inclusive access with robust security measures.
Syllabus
Introduction
Assistive Technology
Background
What is hCaptcha
How does hCaptcha work
Low friction
Privacy problem
Privacy update
Security update
Accessibility workflow
Disclosures
The Bigger Picture
Audio Captures
Accessibility
Textbased challenge
Privacy pass
Business model
Taught by
USENIX Enigma Conference