Fake CAPTCHA websites hijack your clipboard to install information stealers | via Malwarebytes

Fake CAPTCHA websites hijack your clipboard to install information stealers | via Malwarebytes
Oscar for Dutch short:
'I'm Not a Robot'.
A woman who gets caught in a captcha. You can watch the full film here.
Well, it's been claimed it's because knowing whether you're human or bot isn't the purpose of #captcha.
They're are actually also good tools at #harvesting more #data about you.
This related note was shortly after you're on my feed:
Silly anti-#spam idea:
issue tracker invitation link inside the operating system.
Want to file a bug about the OS? Prove you're running the OS.
No need for open registration, no need for #privacy -hostile #captcha .
Also works for other projects #hosting their own #Infrastructure .
Well I decided to get a #Bluesky account, not because all the cool kids are doing it but because there are certain posts I can’t see without having one. But #Captcha stopped me cold. According to the popup I saw, there’s such a thing as an accessibility cookie, but I’ll be darned if I can figure out how to get one. Entering on the prompts didn’t seem to do anything. I just figured out we’ve been dealing with the #Captcha bugaboo for over 20 years. There are options now, but not everyone takes advantage of them, and it still needs to be better where #A11Y is concerned.
Kyllästyttääkö liikennevalojen etsiminen kuvista, jotta voisit todistaa verkkosivulle olevasi ihminen?
Nyt tilalle olisi tarjolla vaihtoehto: DOOM -CAPTCHAssa todistat olevasi oikea ihminen, lahtaamalla kolme örkkiä klassisen räiskintäpelin maisemissa.
#Doom #VideoGames #CAPTCHA #stunting
'We all know that “Can it run DOOM?” is the first question of a hardware hacker. The 1993 first person shooter from id Software defined an entire genre of games, and has since been made open source, appearing on almost everything. Everything, that is, except a Captcha, those annoying “Are you a human” tests where we’re all expected to do a search giant’s image classification for them. '
https://hackaday.com/2025/01/01/protect-your-site-with-a-doom-captcha/
"‘Yes, I am a human’: bot detection is no longer working – and just wait until AI agents come along"
I would LOVE to use the web, but sadly I can't pass the human verification test which bots pass with flying colours.
I decided to get rid of #captcha for good. I'm not talking about Google recaptcha of course, this never was an option to me. But hcaptcha, which I used on nearly every web project for years, as a more GDPR compliant and accessible solution.
I was wrong, as I discovered last week. Hcaptcha, and captcha in general aren't accessible.
So I decided to go back to good old honeypots and mathematical questions to trap bots in my forms. And I'm also experimenting with email obfuscation using a very simple CSS trick.
I hope bots won't sneak through.
But it's worth it. #accessibility comes first.