By far the most common request I get is for alternatives to Google's Re-Captcha.

The situation is so unclear that I haven't done an alternatives section on the site.

Do you have suggestions for re-captcha alternatives?

(I know this has come up before, but the discussions are scattered across many threads which people are failing to find.)

@switchingsocial A honeypot system which catches bots but doesn't affect users is best.

@masterofthetiger @switchingsocial I like the idea of an alternative being "how to achieve your goal, but better" rather than just "same thing, new label"

@switchingsocial It's a difficult one, because the alternative is for the site owner to find, not the site user. If I want to sign up on a site that uses ReCaptcha, I have to click on the fire hydrants and train Google's AI. (Usually several times over.)

My personal view is that an invite system, or a system that requires a potential user to write a single sentence about why they want to join ("Why do you want to join this radio forum?" "Because I'm interested in radio.") is better than a technical solution that excludes a lot of people.


I have to do captchas regularly on e.g. shopping sites where I've already been a member for years :blobsad:

It's very annoying.

@switchingsocial I feel like they captcha certain users more than others. Firefox users, users with AdBlock, users with non-US IP addresses.

If you're a Chrome/Windows user on Comcast USA, you get a lot less captchas than I do, in a foreign country on a foreign ISP using Firefox/Linux.

@switchingsocial For example, I just moved Mastodon instances. I asked an existing user here to send me an invite code and explained why. I was able to easily sign up with no issues, using the invite.

If I didn't know an existing user, there's a public signup form that requires you to write a sentence about why you want to join, which cuts off most spambots. The system works, no captcha required.

@ak @switchingsocial I'm not at all convinced the protection recaptcha pretends to offer is even necessary most of the time

@ak @switchingsocial
One of the sites I recently signed up on had you write about what you would cook for someone you just met. I think that's a fairly good way to do things.

@switchingsocial personnaly I like skill questions, like "what is the answer to eight plus five". if you draw the question on an image instead of plain text, I think it defeats more bots than any complex systems.

@switchingsocial It's really difficult to find good alternatives which are open source.Most times they're either stupid text captchas or closed source.Here are some alternatives,not all of them perfect but maybe acceptable:
- I just found out about it.It's open source and works with icons,so it's fast and easy to solve.
- It's based on OpenStreetMap and improves the map data by solving captchas,so it's a win-win situation.It's also open source but unfortunately the git isn't public so you have to drop the author a email (please let me know about the response if you do)
- Is what I used on my old,proprietary sites and it was really cool.Just click on the circle and you're finished.It's open source and selfhosted.
- Is what I currently use.Unfortunately it's closed source but it seems to be a small hobby project so privacy shouldn't be that bad there.
- Closed source but free and looks like that's also not a big company.I somehow trust the smaller ones much more.Very simple to solve.
- Closed source and made by a Chinese company.Maybe not the best option but at least it's simple to solve and user-friendly so it's also not the worst.
- A basic open source and selfhosted text captcha.Looks ugly but is still way less frustrating than the Google shit.
I hope I could help you with this list.I don't know if all of those are good enough for your recommendation page but maybe at least a few of them.

@switchingsocial I vote for phpcaptcha (aka securimage). Especially if you run a wordpress site, its point-and-click. @nipos

@switchingsocial Many sites don't even need captchas but yet, they just use google recaptcha because it's there. If you're running small, federated services, have a look at new accounts and close registration if you are getting spam accounts or do some rate limiting.

@switchingsocial The techniques used here seem to work very well. I've implemented some in my contact forms.

@switchingsocial visualCaptcha is nice, however it's discontinued:

the brazilian government uses it on some websites

@switchingsocial Dongles (hardware-based multi-factor authentication) are a great replacement for users and site owners. See for a list. This also decentralizes "single" sign-on!

If hardware is not an option (yet), site owners should probably ask their framework-development community for a locally-hosted replacement such as django-simple-captcha.readthed - any replacement that is not locally hosted is not really a solution.

Happy to discuss more by email.

@switchingsocial Because of the nature of ReCaptcha only someone large like Google could do it. It relies on tracking information...

@switchingsocial i just got a "bitcaptcha" or "bitninja" or something recaptcha when I was on Tor a while ago, but idk. I clicked away. Haha

@switchingsocial WTDWTF solved the problem by making it easier for the moderators rather than making it harder to sign up new accounts.

@switchingsocial A totally naive captcha that anybody can trivially solve will completely stymie bots 99% of the time. It could be almost anything, just a form that asks "what's 3+2?" where the user has to type in a 5. At this point they would need to be specifically targeted, which is something only a small percentage of very large sites have to worry about.

I bodged my own in php for a project a while back (don't remember what happened to it) - there are fonts you can get that obscure the letters and you can store the answer in the user's session...
Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.