basically what the title says

the ones i'm aware of:

  • google's recaptcha
  • cloudflare's hcaptcha

cloudflare being better for privacy compared to google, but still not great afaik

  • RobotToaster@mander.xyz
    ·
    6 months ago

    mCaptcha can be self hosted https://mcaptcha.org/

    It's technically not a CAPTCHA, for the pedantic, but it serves teh same purpose.

  • OneCupFOSS@reddthat.com
    ·
    6 months ago

    Not sure about captchas but the honeypot filter works fine.

    Its open source so there probably is a good level of privacy.

    https://github.com/spatie/laravel-honeypot

  • mox@lemmy.sdf.org
    ·
    6 months ago

    The only privacy-friendly CAPTCHA is a self-hosted one.

    The only user-friendly kind is none at all.

    Depending on the web site, an alternative bot-filtering strategy might make sense, such as:

    • Allowing signup without a CAPTCHA, but requiring one before the first post/upload is allowed.
    • Allowing signup without a CAPTCHA, but deleting accounts that behave like bots.
    • Allowing signup without a CAPTCHA, but deleting accounts that don't purchase something.
    • Allowing login without a CAPTCHA, but restricting retry rates and/or locking accounts after 10+ failures.
    • retro@infosec.pub
      ·
      6 months ago

      Cloudflare's Turnstile has an invisible mode that you're probably using in a lot of places and aren't aware of it. It provides an invisible challenge to the browser and requires no interaction. I would say no input require in quite user-friendly.

      • mox@lemmy.sdf.org
        ·
        6 months ago

        I would argue that's not a CAPTCHA at all, since it's not a Turing test, but rather a browser inspection.

        In any case, Cloudflare services like these are not remotely privacy-friendly.

      • Zerush@lemmy.ml
        ·
        6 months ago

        Yes, the Honeypot system, an invisible part, only visible for bots, they use it and get blocked. easy.

  • retro@infosec.pub
    ·
    edit-2
    6 months ago

    Cloudflare's CAPTCHA is Turnstile. I've found it very useful. It doesn't use pick the image or type the text, it's just tick the box. You can even set it to invisible, then the user doesn't need to even do that, the challenge is sent to the browser and is completed automatically.

    https://developers.cloudflare.com/turnstile/

    In terms of privacy, it's is still Cloudflare, but at least it's not intrusive to the user experience.

  • Zerush@lemmy.ml
    ·
    edit-2
    6 months ago

    Captchas are obsolete novadays, current AI and even bots solve them better than any human. To avoid spam they are useless more and more, better as done by some forums, they simply wait 30-45 minutes before sending the activation mail, no spambot with an 15 minute mail will recieve it. Another one is the honeypot system to block bots.