I simply wanted to submit a bug report. This is so fucked up. The process so far:
① solved a CAPTCHA just to reach a reg. form (I have image loading disabled but the graphical CAPTCHA puzzle displayed anyway (wtf Firefox?)
② disposable email address rejected (so Bitbucket can protect themselves from spam but other people cannot? #hypocrisy)
③ tried a forwarding acct instead of disposable (accepted)
③ another CAPTCHA, this time Google reCAPTCHA. I never solve these because it violates so many digital right principles and I boycott Google. But made an exception for this experiment. The puzzle was empty because I disable images (can’t afford the bandwidth). Exceptionally, I enable images and solve the piece of shit. Could not work out if a furry cylindrical blob sitting on a sofa was a “hat”, but managed to solve enough puzzles.
④ got the green checkmark ✓
⑤ clicked “sign up”
⑥ “We are having trouble verifying reCAPTCHA for this request. Please try again. If the problem persists, try another browser/device or reach out to Atlassian Support.”
Are you fucking kidding me?! Google probably profited from my CAPTCHA work before showing me the door. Should be illegal. Really folks, a backlash of some kind is needed. I have my vision and couldn’t get registered (from Tor). Imagine a blind Tor user.. or even a blind clearnet user going through this shit. I don’t think the first CAPTCHA to reach the form even had an audio option.
Shame on #Bitbucket!
⑦ attempted to e-mail the code author:
status=bounced (host $authors_own_mx_svr said: 550-host $my_ip is listed at combined.mail.abusix.zone (127.0.0.11); 550 see https://lookup.abusix.com/search?q=%24my_ip (in reply to RCPT TO command))
#A11y #enshitification
Security (and budget) vs. Convenience
You could use your clearnet browser and IP, and gotten through easily.
Or, now you have to find a static residential IP, create a VM with a recognized browser (like Chromium.. nothing that letterboxes so tor and mullvad browser are out of the question), disable a few things like WebGL but not too many things so you still have a trackable browser fingerprint, then once your reputation from that browser is built up, keep paying $30/mo or whatever for the static IP (or, other free ways..) and then you can load that VM any time you need to do something like this.
ezpz.
or you could just say fuck it, patch the bug on your setup and post the bug on pastebin with a recommendation that they make it easier to submit security bug reports in the future.
Multiple CAPTCHAs and broken CAPTCHAs do not benefit any one of those factors.
If the inherent disclosure were reasonable, that would be relevant. But it’s not reasonable to expect testers to identify themselves as a precondition to reporting a bug.
lol. Not what you described, which takes time and money and requires unnecessary disclosure.
It should be ezpz. Testers are contributors. Bug reports require effort from volunteers who make a charitable investment into the QA of software in the commons. Of course it should be effortless to submit bug reports. This community exists to make bug submission as trivially easy as it should be. When a project raises the bar of effort with CAPTCHAs and various hurdles, it discourage reports and cheats the public out of QA contributions.
I fully agree, I was just making light of the situation and also describing how insane and expensive it is if you want to do something behind their... paywall... workwall...? something that should be able to be sent over email.