CAPTCHA options for Cloudron Applications
-
-
Why CAPTCHAs are considered harmful:
https://ezinearticles.com/?Captchas-Considered-Harmful---Why-Captchas-Are-Bad-And-How-You-Can-Do-Better&id=1104207W3
https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughtsHuman Presence (proprietary)
https://www.humanpresence.io/Visual Captcha (abandoned, i think)
https://visualcaptcha.net/demo/#Captchas.net (good candidate?)
http://captchas.net/FriendlyCaptcha
https://friendlycaptcha.com/SecurImage
https://www.phpcaptcha.org/Hcaptcha
https://www.hcaptcha.com/#planssvgCAPTCHA (from MIT)
https://openbase.com/js/svg-captcha -
@LoudLemur BTW Vaultwarden / Bitwarden has captcha built-in (appears after 5 unsuccessful login attempts)
-
@LoudLemur said in CAPTCHA options for Cloudron Applications:
Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.I agree with your motivation to find freedom respect login protections.
However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.
Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.
What is the problem you're trying to solve with a captcha?
-
@ei8fdb said in CAPTCHA options for Cloudron Applications:
@LoudLemur said in CAPTCHA options for Cloudron Applications:
Unfortunately, proprietary solutions are being used to collect biometric data which can be used to fingerprint visitors.
We should look around for some Freedom respecting options which are not troublesome.I agree with your motivation to find freedom respect login protections.
However the majority of captchas are not accessible - meaning any human with a visual impairment will not be able to log in to a system.
Multi-factor auth. is already configurable on Cloudron. In my view that is a suitable alternative, while also improving user security.
What is the problem you're trying to solve with a captcha?
Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs
-
@necrevistonnezr said in CAPTCHA options for Cloudron Applications:
Usually it’s a form of rate limiting - preventing too many login attempts from a malicious actor which uses different IPs
Yep, I thought the same but then remembered Cloudron already has rate limiting via fail2ban. I don't know (and haven't tested) if it is enabled on login page of each application hosted on an instance.
Is there a reason why it wouldn't address the many login attempts from different IPs use case?
-
@LoudLemur Google reCAPTCHA destroying the internet:
-
Currently we use hcaptcha for this forum with limited success, however given that the remaining spam we get is usually handcrafted, those are likely real users.
Also we use it for https://console.cloudron.io now and that seems to work well.
-
-
On a podcast recently, I heard that one thing CAPTCHAs do "to identify you as a human" is use your click on the square with the ... as a permission to check your browsers recent website history on the other tabs too. I didn't check this but wouldn't be surprised.
-
@robi said in CAPTCHA options for Cloudron Applications:
Turnstile FREE for all.
When Cloudflare use free, they mean free as in beer, not Free as in Freedom, I think. While turnstile might appear a relief, Cloudflare is a centralizing force on the internet, and I feel Turnstile could easily be used to gatekeep access to the internet. Cloudflare have been involved in censorship before and I suspect they might want to be able to do so again. They might start saying that "unusual traffic" was associated with somebody's address or something like that.
I wish something like this were available without needing to be a Cloudflare service, something we could run ourselves.
-
@robi said in CAPTCHA options for Cloudron Applications:
Actually they are preventing more censorship
I hope you are right, @robi, and you might be, but I think that either governments are using corporations to do their dirty work, like censorship, for them, or those who own the corporations have used their power and influence to subvert governments through lobbying, etc. I think one of the ways they operate is to introduce something that seems beneficial and helpful so that it becomes accepted and widespread. Then the fangs come out and the horrible stuff begins, like censorship.