By far the most common request I get is for alternatives to Google's Re-Captcha.
The situation is so unclear that I haven't done an alternatives section on the site.
Do you have suggestions for re-captcha alternatives?
(I know this has come up before, but the discussions are scattered across many threads which people are failing to find.)
@switchingsocial A honeypot system which catches bots but doesn't affect users is best.
Any good websites about this method?
@switchingsocial It's a difficult one, because the alternative is for the site owner to find, not the site user. If I want to sign up on a site that uses ReCaptcha, I have to click on the fire hydrants and train Google's AI. (Usually several times over.)
My personal view is that an invite system, or a system that requires a potential user to write a single sentence about why they want to join ("Why do you want to join this radio forum?" "Because I'm interested in radio.") is better than a technical solution that excludes a lot of people.
I have to do captchas regularly on e.g. shopping sites where I've already been a member for years
It's very annoying.
@switchingsocial I feel like they captcha certain users more than others. Firefox users, users with AdBlock, users with non-US IP addresses.
If you're a Chrome/Windows user on Comcast USA, you get a lot less captchas than I do, in a foreign country on a foreign ISP using Firefox/Linux.
@switchingsocial For example, I just moved Mastodon instances. I asked an existing user here to send me an invite code and explained why. I was able to easily sign up with no issues, using the invite.
If I didn't know an existing user, there's a public signup form that requires you to write a sentence about why you want to join, which cuts off most spambots. The system works, no captcha required.
@switchingsocial interesting article about captcha here : https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side not about alternatives, though
@switchingsocial personnaly I like skill questions, like "what is the answer to eight plus five". if you draw the question on an image instead of plain text, I think it defeats more bots than any complex systems.
As per usual, I'll refer you to the #AlternativeTo site with Open Source options:
I hope this helps!
I would recommand you this, alternatives are mentioned too!
@switchingsocial It's really difficult to find good alternatives which are open source.Most times they're either stupid text captchas or closed source.Here are some alternatives,not all of them perfect but maybe acceptable:
- https://captcheck.netsyms.com I just found out about it.It's open source and works with icons,so it's fast and easy to solve.
- https://wiki.hsr.ch/StefanKeller/wiki.cgi?ReMAPTCHA It's based on OpenStreetMap and improves the map data by solving captchas,so it's a win-win situation.It's also open source but unfortunately the git isn't public so you have to drop the author a email (please let me know about the response if you do)
- https://github.com/Lokno/click-captcha Is what I used on my old,proprietary sites and it was really cool.Just click on the circle and you're finished.It's open source and selfhosted.
- http://www.pluscaptcha.com Is what I currently use.Unfortunately it's closed source but it seems to be a small hobby project so privacy shouldn't be that bad there.
- https://www.keycaptcha.com Closed source but free and looks like that's also not a big company.I somehow trust the smaller ones much more.Very simple to solve.
- https://www.geetest.com/en/ Closed source and made by a Chinese company.Maybe not the best option but at least it's simple to solve and user-friendly so it's also not the worst.
- https://www.phpcaptcha.org A basic open source and selfhosted text captcha.Looks ugly but is still way less frustrating than the Google shit.
I hope I could help you with this list.I don't know if all of those are good enough for your recommendation page but maybe at least a few of them.
Thank you for the great list! 👍
@switchingsocial Many sites don't even need captchas but yet, they just use google recaptcha because it's there. If you're running small, federated services, have a look at new accounts and close registration if you are getting spam accounts or do some rate limiting.
@switchingsocial Dongles (hardware-based multi-factor authentication) are a great replacement for users and site owners. See https://www.dongleauth.info/dongles/ for a list. This also decentralizes "single" sign-on!
If hardware is not an option (yet), site owners should probably ask their framework-development community for a locally-hosted replacement such as https://django-simple-captcha.readthedocs.io/en/latest/ - any replacement that is not locally hosted is not really a solution.
Happy to discuss more by email.
@switchingsocial Because of the nature of ReCaptcha only someone large like Google could do it. It relies on tracking information...
@switchingsocial i just got a "bitcaptcha" or "bitninja" or something recaptcha when I was on Tor a while ago, but idk. I clicked away. Haha
@switchingsocial WTDWTF solved the problem by making it easier for the moderators rather than making it harder to sign up new accounts.
@switchingsocial A totally naive captcha that anybody can trivially solve will completely stymie bots 99% of the time. It could be almost anything, just a form that asks "what's 3+2?" where the user has to type in a 5. At this point they would need to be specifically targeted, which is something only a small percentage of very large sites have to worry about.
@switchingsocial I'd just point people towards this article on the topic:: https://kevv.net/you-probably-dont-need-recaptcha/
mastodon.at is a microblogging site that federates with most instances on the Fediverse.