this post was submitted on 29 May 2024
33 points (97.1% liked)

Privacy

32442 readers
857 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

basically what the title says

the ones i'm aware of:

  • google's recaptcha
  • ~~cloudflare's~~ hcaptcha

cloudflare being better for privacy compared to google, but still not great afaik

you are viewing a single comment's thread
view the rest of the comments
[–] mox@lemmy.sdf.org 10 points 6 months ago* (last edited 6 months ago) (1 children)

The only privacy-friendly CAPTCHA is a self-hosted one.

The only user-friendly kind is none at all.

Depending on the web site, an alternative bot-filtering strategy might make sense, such as:

  • Allowing signup without a CAPTCHA, but requiring one before the first post/upload is allowed.
  • Allowing signup without a CAPTCHA, but deleting accounts that behave like bots.
  • Allowing signup without a CAPTCHA, but deleting accounts that don't purchase something.
  • Allowing login without a CAPTCHA, but restricting retry rates and/or temporarily locking accounts after 10+ failures.
[–] retro@infosec.pub 2 points 6 months ago (2 children)

Cloudflare's Turnstile has an invisible mode that you're probably using in a lot of places and aren't aware of it. It provides an invisible challenge to the browser and requires no interaction. I would say no input require in quite user-friendly.

[–] Zerush@lemmy.ml 2 points 6 months ago

Yes, the Honeypot system, an invisible part, only visible for bots, they use it and get blocked. easy.

[–] mox@lemmy.sdf.org 2 points 6 months ago

I would argue that's not a CAPTCHA at all, since it's not a Turing test, but rather a browser inspection.

In any case, Cloudflare services like these are not remotely privacy-friendly.