Hi On 09-06-19 21:34:44 -0700, Abhilash Raj wrote:
The current capchas (cue recapcha v3) are pretty much against privacy. Trying to get into any site that uses them with tor browser or just blocking a lot of cookies will make it extremely difficult for you to get in even though you are not a bot. So I don't believe what we need is a capcha on site that requires login anyway. Why not rate limit by IP or offer a cool off period of a day or a week to people who repeatedly try to login. To be honest I don't solves capchas anymore because of Buster [1]. I also don't want to be training Google's image recognition for cars.That is a great post, and I agree that captchas should be more hard to break using automated systems. But sadly, even the state of the art systems like Google's reCaptcha can also be broken with little effort [1].
What I would prefer? Questions for niche forums can be domain specific, like Arch Linux asks you the output of a long command passed base64. For a site that is not targetted specifically, a capcha like "2+4=x" is more than enough. For sites like the one Manav mentions, a capcha is not a solution since the service is already gated by login.
^[1]: https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver/
-- Regards Jagan PUBKEY: https://j605.tk/pgp
signature.asc
Description: PGP signature
_______________________________________________ Users mailing list [email protected] http://lists.dgplug.org/listinfo.cgi/users-dgplug.org
