reCAPTCHA is one of many "free" systems that are seemingly helpful and innocent, but are actually part of the #Google data-collection ecosphere.
If you must use a particular system that integrates with reCAPTCHA or similar, please provide them feedback that you would like alternatives to Google services.
Users, choose to solicit sites that value your #privacy and user data.
I’ll need to explore some #reCAPTCHA alternatives the next time I’m able to catch my breath at work; perhaps one of the ones listed at Switching Software (https://switching.software/replace/google-recaptcha/). The trick is going to be pulling down and installing something that doesn’t require a high level of server access.
#Google understandably sways people with “convenience” & “ease” —for a price.
I have some reading in my future...
@theprivacyfoundation It's nice to see you discourage people from using reCAPTCHA. But not providing alternatives may reduce the impact.
Oh... and I'm not even talking about CloudFlare.
@allo Hi thanks for your question!
This answers that as a generality: https://mastodon.social/@theprivacyfoundation/104225822722538076
However, if there is no choice, avoiding the Google ecosystem likely increases privacy.
@theprivacyfoundation I never understood why I as a user must prove I'm human. Why not turning the cart around, and let the bots prove? Like, honeypotting them with hidden form fields the human visitor won't see? So if that puzzle is solved, the visitor just "proved" to be a bot – while the visiting human wouldn't even try to solve it as it cannot be seen. Problem solved – or did I miss something? Do such solutions exist?
@chaosmonk Oh, pardon me – I thought this was about making websites privacy-friendly for humans, not about how to best support Google 🤪 So I didn't mean how G could improve their captcha, but what privacy-friendly alternatives (might) exist *outside* of Google, and how they could work to achieve *that* goal.
@IzzyOnDroid Sorry, I guess my sarcasm didn't come through. I agree with you. Unfortunately most web developers are lazy hacks, so they use the solution that Google has conveniently provided them with, and it's one that serves Google's interests, not that of users.
@IzzyOnDroid I totally agree with you. I have seen several solutions that do exactly what you are talking about, but nothing generic enough to work with anything.
It seems like it would be something useful enough to justify the effort of making a general-purpose tool though.l
@IzzyOnDroid @theprivacyfoundation Here's a whole blogpost making your point: https://nearcyan.com/you-probably-dont-need-recaptcha/
@IzzyOnDroid There are numerous such checks made. A chief problem is that there is simply so much bot activity, and bad actors try hard to appear human (or at least non-botlike).
And it's not a case of "hey, you're a bot, prove you're human", because it isn't possible to know this in advance. Humans may engage in botlike behaviours, or utilise bots themselves, sometimes legitimately, sometimes not.
The process is complex and uses numerous indicators.
And no, I'm not happy with the results, and fight ReCaptcha myself (https://toot.cat/@dredmorbius/104371588129861216). But I get why the issue exists.
"Who are you?" --- and "What are you?" --- are the most expensive questions in infotech. No matter how you get them wrong, you're fucked.
@BinaryUnit sad to read. I was thinking they'd be eager enough to fill the gaps if the *look* like a captcha.
@IzzyOnDroid @theprivacyfoundation The Anti-Spam Bee plugin for WordPress uses a honeypot (as the name already suggests) as one of the strategies. https://antispambee.pluginkollektiv.org/documentation/
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!