Follow

reCAPTCHA is one of many "free" systems that are seemingly helpful and innocent, but are actually part of the data-collection ecosphere.

If you are a / app , consider using tools & APIs that do not collect user & system information.

If you must use a particular system that integrates with reCAPTCHA or similar, please provide them feedback that you would like alternatives to Google services.

Users, choose to solicit sites that value your and user data.

@theprivacyfoundation I give negative feedback to #Google #CAPTCHA users when possible, but it's usually the feedback mechanism itself that uses it. Of course, to solve such CAPTCHAs is to support them.

@theprivacyfoundation I've only heard of its existence, but there is the "Negative CAPTCHA": basically a Captcha that is easy for a computer to solve, but impossible for a human (github.com/subwindow/negative-)

@theprivacyfoundation
And with recapcha you train Google's deep learning for free

@theprivacyfoundation

I’ll need to explore some #reCAPTCHA alternatives the next time I’m able to catch my breath at work; perhaps one of the ones listed at Switching Software (switching.software/replace/goo). The trick is going to be pulling down and installing something that doesn’t require a high level of server access.

#Google understandably sways people with “convenience” & “ease” —for a price.

I have some reading in my future...

#Code #WebDev #Dev

@theprivacyfoundation It's nice to see you discourage people from using reCAPTCHA. But not providing alternatives may reduce the impact.

@theprivacyfoundation

reCaptcha, various javascript CDN, font servers, social widgets, GoogleAnalytics and so on...

Oh... and I'm not even talking about CloudFlare.

@allo Hi thanks for your question!

This answers that as a generality: mastodon.social/@theprivacyfou

However, if there is no choice, avoiding the Google ecosystem likely increases privacy.

@theprivacyfoundation I never understood why I as a user must prove I'm human. Why not turning the cart around, and let the bots prove? Like, honeypotting them with hidden form fields the human visitor won't see? So if that puzzle is solved, the visitor just "proved" to be a bot – while the visiting human wouldn't even try to solve it as it cannot be seen. Problem solved – or did I miss something? Do such solutions exist?

@chaosmonk Oh, pardon me – I thought this was about making websites privacy-friendly for humans, not about how to best support Google 🤪 So I didn't mean how G could improve their captcha, but what privacy-friendly alternatives (might) exist *outside* of Google, and how they could work to achieve *that* goal.

@IzzyOnDroid Sorry, I guess my sarcasm didn't come through. I agree with you. Unfortunately most web developers are lazy hacks, so they use the solution that Google has conveniently provided them with, and it's one that serves Google's interests, not that of users.

@IzzyOnDroid I totally agree with you. I have seen several solutions that do exactly what you are talking about, but nothing generic enough to work with anything.

It seems like it would be something useful enough to justify the effort of making a general-purpose tool though.l

@alcinnz @IzzyOnDroid @theprivacyfoundation

Damn that’s a great blog post. Bookmarked it in case I ever need to pick from a non-google captcha solution.

Also, really interested in the whole privacy pass thingy that they mentioned: privacypass.github.io/

I’ll definitely be checking that out

@IzzyOnDroid @theprivacyfoundation Yes, there are several methods, hidden fields, time control, etc. But I guess any too generic solution (like, a reCaptcha nemesis) as @josias says, would be a new target, so it would turn into another arms race. But I prefer that.

@IzzyOnDroid There are numerous such checks made. A chief problem is that there is simply so much bot activity, and bad actors try hard to appear human (or at least non-botlike).

And it's not a case of "hey, you're a bot, prove you're human", because it isn't possible to know this in advance. Humans may engage in botlike behaviours, or utilise bots themselves, sometimes legitimately, sometimes not.

The process is complex and uses numerous indicators.

And no, I'm not happy with the results, and fight ReCaptcha myself (toot.cat/@dredmorbius/10437158). But I get why the issue exists.

"Who are you?" --- and "What are you?" --- are the most expensive questions in infotech. No matter how you get them wrong, you're fucked.

#WhoAreYou #identity #recaptcha #authentication

@theprivacyfoundation

@IzzyOnDroid @theprivacyfoundation up until now all the Honeypot techniques that I tried upon form submitting a form didn't work at all and most of the spam comes trough unfortunately, so a captcha is so far the way to go, it does not need/should be from Google though

@BinaryUnit sad to read. I was thinking they'd be eager enough to fill the gaps if the *look* like a captcha.

@theprivacyfoundation reCAPTCHA discourages purchases due to annoying javascript layers and privacy concerns

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!