reCAPTCHA is one of many "free" systems that are seemingly helpful and innocent, but are actually part of the #Google data-collection ecosphere.

If you are a #website / app #developer, consider using tools & APIs that do not collect user & system information.

If you must use a particular system that integrates with reCAPTCHA or similar, please provide them feedback that you would like alternatives to Google services.

Users, choose to solicit sites that value your #privacy and user data.


@theprivacyfoundation I never understood why I as a user must prove I'm human. Why not turning the cart around, and let the bots prove? Like, honeypotting them with hidden form fields the human visitor won't see? So if that puzzle is solved, the visitor just "proved" to be a bot – while the visiting human wouldn't even try to solve it as it cannot be seen. Problem solved – or did I miss something? Do such solutions exist?

@chaosmonk Oh, pardon me – I thought this was about making websites privacy-friendly for humans, not about how to best support Google 🤪 So I didn't mean how G could improve their captcha, but what privacy-friendly alternatives (might) exist *outside* of Google, and how they could work to achieve *that* goal.

@IzzyOnDroid Sorry, I guess my sarcasm didn't come through. I agree with you. Unfortunately most web developers are lazy hacks, so they use the solution that Google has conveniently provided them with, and it's one that serves Google's interests, not that of users.

@IzzyOnDroid I totally agree with you. I have seen several solutions that do exactly what you are talking about, but nothing generic enough to work with anything.

It seems like it would be something useful enough to justify the effort of making a general-purpose tool though.l

@alcinnz @IzzyOnDroid @theprivacyfoundation

Damn that’s a great blog post. Bookmarked it in case I ever need to pick from a non-google captcha solution.

Also, really interested in the whole privacy pass thingy that they mentioned:

I’ll definitely be checking that out

@IzzyOnDroid @theprivacyfoundation Yes, there are several methods, hidden fields, time control, etc. But I guess any too generic solution (like, a reCaptcha nemesis) as @josias says, would be a new target, so it would turn into another arms race. But I prefer that.

@IzzyOnDroid There are numerous such checks made. A chief problem is that there is simply so much bot activity, and bad actors try hard to appear human (or at least non-botlike).

And it's not a case of "hey, you're a bot, prove you're human", because it isn't possible to know this in advance. Humans may engage in botlike behaviours, or utilise bots themselves, sometimes legitimately, sometimes not.

The process is complex and uses numerous indicators.

And no, I'm not happy with the results, and fight ReCaptcha myself ( But I get why the issue exists.

"Who are you?" --- and "What are you?" --- are the most expensive questions in infotech. No matter how you get them wrong, you're fucked.

#WhoAreYou #identity #recaptcha #authentication


@IzzyOnDroid @theprivacyfoundation up until now all the Honeypot techniques that I tried upon form submitting a form didn't work at all and most of the spam comes trough unfortunately, so a captcha is so far the way to go, it does not need/should be from Google though

@BinaryUnit sad to read. I was thinking they'd be eager enough to fill the gaps if the *look* like a captcha.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!