Blog

I was banned from the hCaptcha accessibility account for not being blind

Need a blazing fast and reliable server? Get one here!

Get an awesome price on domains!

Also known as: why you shouldn’t trust a company who makes their product intensionally inaccessible with allowing you an accessibility workaround

Update: I’ve been informed that hCaptcha now has a text captcha option. The bulk of this blog post still stands. Thanks to D Hamlin for the correction. Also thanks to T Spivey for pointing out my capitalization error causing eloquence users to just hear captcha. This has also been fixed. It’s been a while, hasn’t it? Well I’m back again with a long overdue blog post. Once again, it’s a warning of something crazy. Seems I’m good at coming up with blog posts for those lol. Anyway, let’s get on with it

I’m sure you’ve seen the hCaptcha captcha service, where you check a box and then need to select all images of a house or whatever. If you’re not aware, they intensionally do not provide an audio captcha version for the blind since they say this would make it easier for bots to get through. Instead, they provide a special account for blind people that allows them to get a cookie which lets them get past the captcha without a challenge…

This should be warning sign umber one. If they’re intensionally making their captcha inaccessible, then why should you trust them with an accessibility workaround. What happens when they decide that the accessibility workaround is causing too much of a headache? What happens when bots start using it to get past the captcha for free? We’ll be partially discussing that today, though in a slightly different context.

Anyway, I mainly use brave browser for my browsing needs, and for about a year, my accessibility account just wouldn’t set the cookie on brave. I followed all the steps, third party cookies were allowed, etc, but the cookie just would not set. It worked great on firefox, chromium, and everything else I tried. The message just said that if this keeps occurring that I should email support. So finally I did email support.

They walked me through basic troubleshooting steps, most of which I had already tried, and in an attempt to isolate the problem and help out their technical staff, I mentioned that the call to their set cookie endpoint seemed to be returning a 401 unauthorized code in brave, looking at the javascript console. This, I think, made them a little suspicious, even though I was only trying to help them out.

So imagine my surprise, when out of nowhere in the middle of my conversation with a support rep named Gemma, another rep named Mel sends a reply and says

Hello,
                                                                                                                                
This is not a supported use, and you are not being credited for accessibility passes.
                                                                                                                                
All accounts being used in this way will be deleted from hCaptcha, and the users banned if they attempt to sign up again for
accessibility.
                                                                                                                                
Thanks,
hCaptcha Support

I was obviously very confused, as I wasn’t doing anything they didn’t allow, I was just trying to get it working under brave. So I emailed back, and they clarified that since I wasn’t blind, I shouldn’t be using the accessibility account.

Excuse me? I’m not blind? Are you serious?

I have no idea what got that idea through their heads, but I verified that my account had indeed been banned. I emailed back a day or so later, requesting an unban because, y’know, I *actually* am blind, but they gave a pretty canned response of no, your account is remaining banned.

So the end result is that, irony of all ironies, if I want to get past hCaptcha, I have to break their terms of service and use an automated solving program to solve the captcha, all because they decided, randomly, that I wasn’t blind, so can’t use their accessibility account.

Consider this a warning that, if you rely on a workaround to an intensionally inaccessible system to make it useable, you’re just waiting for something to go wrong.

I can’t stress this enough. Don’t trust a company that makes their product intensionally inaccessible to provide an accessibility work around. That’s like a zebra trusting a lion who eats zebras to not eat them out of the kindness of their heart. It’s a ticking timebomb.

Please share this post with your friends, and if you know any webmasters who use hCaptcha, consider forwarding this to them. It’s not ok what they’re doing, and it’s affecting real people. I was going to reach out to Cloudflare to share my experience in an attempt to get them to drop hCaptcha, but apparently they’re using an in house system now anyway. Good riddance, I say.

Anyway, consider this a warning, and maybe I won’t wait 5 years before my next blog post! Lol.

Michael.

There are no comments

Join the conversation

Your email address will not be published. Required fields are marked *