If your site is only hosted on one server and it catches fire, you can swiftly reinstall on a new server and change the IP your domain is pointing to, too... Still a single point of failure.

I run a small, extremely niche fan site with under 500 users, and I received a very similar email the other day - someone complaining about the "cookie popup" (which my site doesn't have), and then sending me a "screenshot" in a sites.google.com link when I told them I don't know what they're talking about.

Only difference is that it downloaded a .zip file containing a shortcut (.lnk) file which contained commands to download and execute the malicious code.

When I opened the Google domain link from TFA it downloaded a zip file for me. Perhaps it detects OS/Browser and serves the most appropriate attack?

All the worst slurs I can think of in my limited vocabulary can't even be spelled with the characters available. I suspect the opposite - they might have been chosen to avoid spelling things like that.

You either know some radioactively hot slurs, or you've just not hung out there enough. Only the "i" is missing, and a week doesn't go by that someone doesn't post it with the 1 instead. Granted, I think that one's a repost (never bothered to try to check).

It does not, at least not once you pass the Cloudflare Turnstile challenge (which can be done with an API as well.)

Is your company hiring? :)

I would also be inclined to believe that my project to solve the proprietary 4Chan text CAPTCHA cannot solve an unrelated image CAPTCHA. I'd bet a lot of money on it, in fact!

I initially wrote the alignment-only script (in the source repo as `user-scripts/4chan-captcha-aligner.ts`) before the rest of the project because the person who was collecting the data manually for me couldn't wrap their head around the slider-style CAPTCHAs. There's definitely a learning curve.

The 4Chan userbase hates the CAPTCHA as much as I do :)

This, but unironically.

I really hope my post didn't come off as if I was trying to make it sound like this was a new idea. Regardless, this is good information, because it counters the posts of the form "great, now that you made this, you're going to make it harder."

I didn't look at it that way, just maybe that you (and/or others) might not have been aware of its existence since I didn't see it mentioned anywhere.

Reddit and Twitter both have huge bot problems. On Reddit it's a bit less obvious due to the upvote/downvote system, and on Twitter it's a bit less obvious because you usually only follow people you want to see. Make a post on Twitter that mentions something like cryptocurrency, and you'll get a dozen bot replies immediately.