basically what the title says

the ones i’m aware of:

  • google’s recaptcha
  • cloudflare’s hcaptcha

cloudflare being better for privacy compared to google, but still not great afaik

  • mox@lemmy.sdf.org
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    6 months ago

    The only privacy-friendly CAPTCHA is a self-hosted one.

    The only user-friendly kind is none at all.

    Depending on the web site, an alternative bot-filtering strategy might make sense, such as:

    • Allowing signup without a CAPTCHA, but requiring one before the first post/upload is allowed.
    • Allowing signup without a CAPTCHA, but deleting accounts that behave like bots.
    • Allowing signup without a CAPTCHA, but deleting accounts that don’t purchase something.
    • Allowing login without a CAPTCHA, but restricting retry rates and/or temporarily locking accounts after 10+ failures.
    • retro@infosec.pub
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      6 months ago

      Cloudflare’s Turnstile has an invisible mode that you’re probably using in a lot of places and aren’t aware of it. It provides an invisible challenge to the browser and requires no interaction. I would say no input require in quite user-friendly.

      • mox@lemmy.sdf.org
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        I would argue that’s not a CAPTCHA at all, since it’s not a Turing test, but rather a browser inspection.

        In any case, Cloudflare services like these are not remotely privacy-friendly.

      • Zerush@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        Yes, the Honeypot system, an invisible part, only visible for bots, they use it and get blocked. easy.