Ask HN: Developer abused “sign in with GitHub” and users are being punished

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Appwrite - The Open Source Firebase alternative introduces iOS support
  • Sonar - Write Clean JavaScript Code. Always.
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • oauth

    For context, in order to star projects on user's behalf you'd need to request public_repos scope[1], so the UI will look like this: https://github.com/login/oauth/authorize?client_id=33a703d01... (I used a random client_id from google search). As you can notice, the UI does not mention stars at all.

    [1] public_repo: Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories. (https://docs.github.com/en/developers/apps/building-oauth-ap...)

  • NopeCHA

    Automatically solve reCAPTCHA, hCaptcha, FunCAPTCHA, AWS CAPTCHA, and text-based CAPTCHA with a browser extension.

    It seems like GitHub gave them the boot as well: https://github.com/NopeCHA/NopeCHA

    It's possible you got caught by some automated system that tries to prevent sockpuppet accounts from inflating stars?

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • buster

    Captcha solver extension for humans

    https://github.com/dessant/buster/

    buster is a technically legal software designed to show how easy it is to bypass google recaptcha.... if this continues to work, why not a third party SAAS that allows the same thing via an api?

  • Ouch.

    If you're on Github, go to "https://github.com/settings/applications" and you can see, and revoke, any OAuth accesses.

    I just discovered that "Improbable" (the game engine backend company) had too much access, obtained because I once signed up to look at their SDK. I revoked that. (They used to be legit, but then they got involved with Yuga Labs, the Bored Ape crypto people, so trusting them is now questionable.)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts