@theprivacyfoundation I never understood why I as a user must prove I'm human. Why not turning the cart around, and let the bots prove? Like, honeypotting them with hidden form fields the human visitor won't see? So if that puzzle is solved, the visitor just "proved" to be a bot – while the visiting human wouldn't even try to solve it as it cannot be seen. Problem solved – or did I miss something? Do such solutions exist?
@chaosmonk Oh, pardon me – I thought this was about making websites privacy-friendly for humans, not about how to best support Google 🤪 So I didn't mean how G could improve their captcha, but what privacy-friendly alternatives (might) exist *outside* of Google, and how they could work to achieve *that* goal.
@IzzyOnDroid Sorry, I guess my sarcasm didn't come through. I agree with you. Unfortunately most web developers are lazy hacks, so they use the solution that Google has conveniently provided them with, and it's one that serves Google's interests, not that of users.
@IzzyOnDroid I totally agree with you. I have seen several solutions that do exactly what you are talking about, but nothing generic enough to work with anything.
It seems like it would be something useful enough to justify the effort of making a general-purpose tool though.l
@IzzyOnDroid @theprivacyfoundation Here's a whole blogpost making your point: https://nearcyan.com/you-probably-dont-need-recaptcha/
@IzzyOnDroid There are numerous such checks made. A chief problem is that there is simply so much bot activity, and bad actors try hard to appear human (or at least non-botlike).
And it's not a case of "hey, you're a bot, prove you're human", because it isn't possible to know this in advance. Humans may engage in botlike behaviours, or utilise bots themselves, sometimes legitimately, sometimes not.
The process is complex and uses numerous indicators.
And no, I'm not happy with the results, and fight ReCaptcha myself (https://toot.cat/@dredmorbius/104371588129861216). But I get why the issue exists.
"Who are you?" --- and "What are you?" --- are the most expensive questions in infotech. No matter how you get them wrong, you're fucked.
@BinaryUnit sad to read. I was thinking they'd be eager enough to fill the gaps if the *look* like a captcha.
@IzzyOnDroid @theprivacyfoundation The Anti-Spam Bee plugin for WordPress uses a honeypot (as the name already suggests) as one of the strategies. https://antispambee.pluginkollektiv.org/documentation/
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!