CAPTCHA options for Cloudron Applications
-
Why CAPTCHAs are considered harmful:
https://ezinearticles.com/?Captchas-Considered-Harmful---Why-Captchas-Are-Bad-And-How-You-Can-Do-Better&id=1104207W3
https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughtsHuman Presence (proprietary)
https://www.humanpresence.io/Visual Captcha (abandoned, i think)
https://visualcaptcha.net/demo/#Captchas.net (good candidate?)
http://captchas.net/FriendlyCaptcha
https://friendlycaptcha.com/SecurImage
https://www.phpcaptcha.org/Hcaptcha
https://www.hcaptcha.com/#planssvgCAPTCHA (from MIT)
https://openbase.com/js/svg-captcha@LoudLemur BTW Vaultwarden / Bitwarden has captcha built-in (appears after 5 unsuccessful login attempts)
-
CAPTCHA (Completely Automated Public Turing tests) are used to detect whether the user is human. Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.
If you have some ideas, suggestions, resources etc. please add them to this thread.
For example, here is a survey of Free Software options for 2022:
@LoudLemur said in CAPTCHA options for Cloudron Applications:
Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.I agree with your motivation to find freedom respect login protections.
However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.
Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.
What is the problem you're trying to solve with a captcha?
-
@LoudLemur said in CAPTCHA options for Cloudron Applications:
Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.I agree with your motivation to find freedom respect login protections.
However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.
Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.
What is the problem you're trying to solve with a captcha?
@ei8fdb said in CAPTCHA options for Cloudron Applications:
@LoudLemur said in CAPTCHA options for Cloudron Applications:
Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.I agree with your motivation to find freedom respect login protections.
However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.
Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.
What is the problem you're trying to solve with a captcha?
Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs
-
@ei8fdb said in CAPTCHA options for Cloudron Applications:
@LoudLemur said in CAPTCHA options for Cloudron Applications:
Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.I agree with your motivation to find freedom respect login protections.
However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.
Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.
What is the problem you're trying to solve with a captcha?
Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs
@necrevistonnezr said in CAPTCHA options for Cloudron Applications:
Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs
Yep, I thought the same but then remembered Cloudron already has rate limiting via fail2ban. I don't know (and haven't tested) if it is enabled on login page of each application hosted on an instance.
Is there a reason why it wouldn't address the many login attempts from different IPs use case?
-
Why CAPTCHAs are considered harmful:
https://ezinearticles.com/?Captchas-Considered-Harmful---Why-Captchas-Are-Bad-And-How-You-Can-Do-Better&id=1104207W3
https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughtsHuman Presence (proprietary)
https://www.humanpresence.io/Visual Captcha (abandoned, i think)
https://visualcaptcha.net/demo/#Captchas.net (good candidate?)
http://captchas.net/FriendlyCaptcha
https://friendlycaptcha.com/SecurImage
https://www.phpcaptcha.org/Hcaptcha
https://www.hcaptcha.com/#planssvgCAPTCHA (from MIT)
https://openbase.com/js/svg-captcha@LoudLemur Google reCAPTCHA destroying the internet:
-
Currently we use hcaptcha for this forum with limited success, however given that the remaining spam we get is usually handcrafted, those are likely real users.
Also we use it for https://console.cloudron.io now and that seems to work well.
-
L LoudLemur referenced this topic on
-
On a podcast recently, I heard that one thing CAPTCHAs do "to identify you as a human" is use your click on the square with the ... as a permission to check your browsers recent website history on the other tabs too. I didn't check this but wouldn't be surprised.
-
Turnstile FREE for all.
https://blog.cloudflare.com/turnstile-ga/@girish see if it makes a difference for the forum
@robi said in CAPTCHA options for Cloudron Applications:
Turnstile FREE for all.
When Cloudflare use free, they mean free as in beer, not Free as in Freedom, I think. While turnstile might appear a relief, Cloudflare is a centralizing force on the internet, and I feel Turnstile could easily be used to gatekeep access to the internet. Cloudflare have been involved in censorship before and I suspect they might want to be able to do so again. They might start saying that "unusual traffic" was associated with somebody's address or something like that.
I wish something like this were available without needing to be a Cloudflare service, something we could run ourselves.
-
Actually they are preventing more censorship, compared to all the blocking corps and govts are doing, eroding your freedoms.
Beware the gaslighting.
@robi said in CAPTCHA options for Cloudron Applications:
Actually they are preventing more censorship
I hope you are right, @robi, and you might be, but I think that either governments are using corporations to do their dirty work, like censorship, for them, or those who own the corporations have used their power and influence to subvert governments through lobbying, etc. I think one of the ways they operate is to introduce something that seems beneficial and helpful so that it becomes accepted and widespread. Then the fangs come out and the horrible stuff begins, like censorship.
