Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    CAPTCHA options for Cloudron Applications

    Discuss
    captcha cloudron
    6
    15
    310
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LoudLemur last edited by

      CAPTCHA (Completely Automated Public Turing tests) are used to detect whether the user is human. Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.

      We should look around for some Freedom respecting options which are not troublesome.

      If you have some ideas, suggestions, resources etc. please add them to this thread.

      For example, here is a survey of Free Software options for 2022:

      https://fixthephoto.com/best-free-captcha-sources.html

      L ei8fdb 2 Replies Last reply Reply Quote 0
      • L
        LoudLemur @archos last edited by

        @archos

        CAPTCHAs (Completely Automated Public Turing test) are being used to harvest biometric data to fingerprint people and relay results to Big Data corporations. It is insidious and we need to find a humane, Freedom respecting way of achieving the same outcome and try and support it.

        For example,

        https://friendlycaptcha.com/

        There are others, but ... busy...

        1 Reply Last reply Reply Quote 2
        • robi
          robi last edited by

          There's also hcaptcha.com

          Life of Advanced Technology

          L 1 Reply Last reply Reply Quote 2
          • L
            LoudLemur @robi last edited by

            @robi hCaptcha is proprietary, I seem to remember.
            A while back I investigated Free alternatives.
            There was one where you tell the time on the clock. I must look again.

            1 Reply Last reply Reply Quote 0
            • robi
              robi last edited by

              Mini Doom game captcha, OSS
              https://vivirenremoto.github.io/doomcaptcha/

              Life of Advanced Technology

              L 2 Replies Last reply Reply Quote 4
              • L
                LoudLemur @robi last edited by

                @robi Hahaa! 😂

                That is the funniest thing! Easily the best Captcha!

                1 Reply Last reply Reply Quote 1
                • L
                  LoudLemur @robi last edited by

                  @robi

                  https://www.hcaptcha.com/post/why-captchas-will-be-with-us-always

                  1 Reply Last reply Reply Quote 0
                  • Referenced by  L LoudLemur 
                  • L
                    LoudLemur @LoudLemur last edited by

                    @LoudLemur

                    Why CAPTCHAs are considered harmful:
                    https://ezinearticles.com/?Captchas-Considered-Harmful---Why-Captchas-Are-Bad-And-How-You-Can-Do-Better&id=1104207

                    W3
                    https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts

                    Human Presence (proprietary)
                    https://www.humanpresence.io/

                    Visual Captcha (abandoned, i think)
                    https://visualcaptcha.net/demo/#

                    Captchas.net (good candidate?)
                    http://captchas.net/

                    FriendlyCaptcha
                    https://friendlycaptcha.com/

                    SecurImage
                    https://www.phpcaptcha.org/

                    Hcaptcha
                    https://www.hcaptcha.com/#plans

                    svgCAPTCHA (from MIT)
                    https://openbase.com/js/svg-captcha

                    necrevistonnezr L 2 Replies Last reply Reply Quote 2
                    • necrevistonnezr
                      necrevistonnezr @LoudLemur last edited by necrevistonnezr

                      @LoudLemur BTW Vaultwarden / Bitwarden has captcha built-in (appears after 5 unsuccessful login attempts)

                      1 Reply Last reply Reply Quote 1
                      • ei8fdb
                        ei8fdb @LoudLemur last edited by ei8fdb

                        @LoudLemur said in CAPTCHA options for Cloudron Applications:

                        Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
                        We should look around for some Freedom respecting options which are not troublesome.

                        I agree with your motivation to find freedom respect login protections.

                        However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.

                        Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.

                        What is the problem you're trying to solve with a captcha?

                        necrevistonnezr 1 Reply Last reply Reply Quote 2
                        • necrevistonnezr
                          necrevistonnezr @ei8fdb last edited by

                          @ei8fdb said in CAPTCHA options for Cloudron Applications:

                          @LoudLemur said in CAPTCHA options for Cloudron Applications:

                          Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
                          We should look around for some Freedom respecting options which are not troublesome.

                          I agree with your motivation to find freedom respect login protections.

                          However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.

                          Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.

                          What is the problem you're trying to solve with a captcha?

                          Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs

                          ei8fdb 1 Reply Last reply Reply Quote 2
                          • ei8fdb
                            ei8fdb @necrevistonnezr last edited by

                            @necrevistonnezr said in CAPTCHA options for Cloudron Applications:

                            Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs

                            Yep, I thought the same but then remembered Cloudron already has rate limiting via fail2ban. I don't know (and haven't tested) if it is enabled on login page of each application hosted on an instance.

                            Is there a reason why it wouldn't address the many login attempts from different IPs use case?

                            1 Reply Last reply Reply Quote 0
                            • L
                              LoudLemur @LoudLemur last edited by

                              @LoudLemur Google reCAPTCHA destroying the internet:

                              https://github.com/google/recaptcha/issues/296

                              1 Reply Last reply Reply Quote 0
                              • girish
                                girish Staff last edited by

                                We have been using hcaptcha for cloudron.io for a while now. Seems to work quite well.

                                1 Reply Last reply Reply Quote 1
                                • nebulon
                                  nebulon Staff last edited by

                                  Currently we use hcaptcha for this forum with limited success, however given that the remaining spam we get is usually handcrafted, those are likely real users.

                                  Also we use it for https://console.cloudron.io now and that seems to work well.

                                  1 Reply Last reply Reply Quote 2
                                  • First post
                                    Last post
                                  Powered by NodeBB