-
tfc
Hello. Why has Google Captcha not yet been integrated into the sign up process to most servers? If the reason is privacy concerns, I would really like to know what those could be?
-
MSavoritias (fae,ve)
Why put captcha when you can just make the server invite based? Or have a form in the site?
-
tfc
MSavoritias (fae,ve): Because making the server invite based limits accessibility and/or requires more work from the admin, and your second suggestion I don't know. Are you saying that there are plenty of alternatives that do the same job?
-
MSavoritias (fae,ve)
But the point is to limit accessibility right? Because if its easy spammer come✎ -
MSavoritias (fae,ve)
But the point is to limit accessibility right? Because if its easy spammers come ✏
-
MSavoritias (fae,ve)
Also i dont think there are many people who start a server to host thousands of users. So depends on the setup i guess
-
MSavoritias (fae,ve)
Disroot.org has a web form and it works pretty nice for them. And they are one of the biggest public xmpp servers
-
tfc
To amend my original questions, I'm really just looking to know the privacy implications of such software on end users. Knowing that XMPP developers and end-users care about privacy, and Google Captcha is effective and seems easy to work with, I assume its privacy concerns that led to it not being integrated in servers/clients. What are those concerns?✎ -
tfc
To amend my original questions, I'm really just looking to know the privacy implications of such software (Google Captcha) on end users. Knowing that XMPP developers and end-users care about privacy, and Google Captcha is effective and seems easy to work with, I assume its privacy concerns that led to it not being integrated in servers/clients. What are those concerns? ✏
-
Link Mauve
tfc, the main reason is that CAPTCHA is ineffective at hindering spammers, it costs $1 to solve like 1000 CAPTCHAs (as in, create 1000 accounts) and spammers have that kind of money, and will I guess receive more than that in return.
-
Link Mauve
OTOH is it quite effective at blocking actual humans.
-
MSavoritias (fae,ve)
Yeah i thought it was paid but wasnt sure. What is OTOH?
-
Link Mauve
MSavoritias (fae,ve), on the other hand.
-
MSavoritias (fae,ve)
Ah :D
-
tfc
Link Mauve: Good to know that it is not as effective as otger options. I see, so GC is not a free service. I assumed Google provided it for free for small organizations at least in exchange for data. The only semi-legitimate information I could find about the privacy implications of GC is here. And it seems like different kinds of GC exist. https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2
-
Link Mauve
tfc, do you expect this service to be significantly more expensive to solve than competing CAPTCHA solutions?
-
Link Mauve
And if so, by how much?
-
Link Mauve
Would it also filter out legitimate users who can’t solve it, for instance due to some handicap?
-
tfc
Link Mauve: No, I don't have any cost expectations. I was just coming from a privacy perspective.
-
Link Mauve
Ok.
-
Link Mauve
For privacy, it’s better to just not use any such service.
-
selurvedu
tfc, recaptcha is a privacy nightmare, hcaptcha (cloudflare) isn't any better
-
selurvedu
it's also become really creepy recently thanks to neural networks
-
selurvedu
https://upload.jabber.at/http_upload/se3JoHTkUU3egiy4AB15hXip6HnktdZj/be82eac9-bb62-4cb2-808d-7fc3024a8cba.png
-
selurvedu
Using recaptcha is, or at least, was free, but, as Link Mauve noted very accurately, it costs close to nothing to hire humans to slove it for you. When recaptcha was still just "enter two words from a given picture", it costed $1 per 1000 solved captchas. Link Mauve says the current price is the same.
-
selurvedu
So, as a result, it does a better job to keep legit users away and not very effective for spammers.
-
selurvedu
It filters IP addresses though, so bot-like activity from the same address will gradually raise the difficulty of the given challenge, until it results in an IP block (i.e. the captcha is not shown at all). As a side effect, it's effective to keep Tor users away on a lot of exit nodes.
-
selurvedu
> Would it also filter out legitimate users who can’t solve it, for instance due to some handicap? Speaking of handicaps, there was this addon for all major browsers that eliminated Google reCAPTCHAs by automatically solving them via submitting the audio challenge (intended for visually impaired people) to some Speech-to-Text-as-a-Service. IIRC, it the service was made by Google as well (ironic, right?). It Just Worked™ indeed, like magic, but it broke quite often, so I disabled it. https://github.com/dessant/buster It's still partly functional according to AMO reviews https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver/reviews/
-
tfc
> tfc, recaptcha is a privacy nightmare, hcaptcha (cloudflare) isn't any better How is it a privacy nightmare? Recaptcha can collect IP addresses, browser information for fingerprinting, and human input such as mouse/cursor movements, keyboard strokes. Am I missing something? Don't get me wrong, I'm anti recaptcha just want to know more what Google can collect. (Not considering anything about security)
-
Zash
and connect the user to the service, probably
-
robertooo
They can collect anything just as they can run anything on your PC. JS has way too much attack surface for no reason.
-
robertooo
BTW, it's not only that they can, but it's confirmed they do. That's the primary way these captchas work - by fingerprinting you in non-consensual ways.
-
selurvedu
tfc, isn't that enough? If two people use the same computer, they can tell one person from another simply by how they move their mouse. And, of couse, if you're signed into your Google Account, that captcha-solving fingerprint is tied to your identity.