The EU has released an open source CAPTCHA solution
https://joinup.ec.europa.eu/collection/eupl/news/eu-captcha-under-eupl-12
this post was submitted on 22 Sep 2023
306 points (97.8% liked)
Privacy
37279 readers
1167 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
So there is one, very nice!
Heard about mCaptcha too
Not sure why they used sha256 though, it mostly defeats the goal of protecting from bots (those can get access to ASICs, as oposed to regular users).
Does it work well?
It does, yes.
Is it open source? If no, proton can suck my stroganoff.
Edit: The official subreddit of Proton says that it is a proprietary CAPTCHA system. Great.
Stroganoff is quite good if cooked correctly, may I try a taste of it? I'm messing with you
Does it say that both the front end and back end are proprietary, or just the back end? I'd be fine with a closed source back end
Nothing is mentioned other than "proprietary system". Probably meaning that both ends are closed source. I don't see how I can verify whether it respects my privacy or not. I don't see a reason to implement this instead of mCAPTCHA, which is fully FOSS.
I'd be much happier if they'd finish building Drive to have auto-upload like every. other. cloud. service.
We keep hearing "small team" so why do they keep adding half-done products and services?
Proton finishing drive would be nice.
In browser file editing is the biggest feature I’m missing from Google Workspace.
That can't be done without a massive, massive amount of engineering hours well beyond proton's size. There's a reason only huge software companies like Google or Microsoft are able to offer that.
it's a half done google in terms of functionality
Other than making the web tedious to use, my biggest CAPTCHA complaint is that it puts the main providers in a position to monitor everyone's web use. The blog post doesn't address that, but it does say this:
No third-party services
Perhaps they mean it's self-hosted? That would be very welcome. It might require open source code to catch on, since many site owners are uncomfortable running mystery code on our servers. That would be very welcome, too.
Here's hoping it's good.
since many site owners are uncomfortable running mystery code on our servers
And yet Node.js exists and flourishes.
What do you mean by that, isn't node open source as well?
The joke is a lot of devs import random node modules hahaha
I wonder if it's really true that this practice is particularly prevalent in JavaScript development or just a false impression caused by it being one of the most, if not the most, used programming language
is-odd has entered the chat
is-even has too because it had to be a dependency 💀
The Node package manager is used in some web applications and has a very trusting distribution model, but it's not particularly relevant to what I wrote (red herring fallacy), and GP's phrasing alone is enough to identify them as a heckler. Please don't feed the trolls.
True that, still, I was genuinely curious
New captcha designs should require you to beat a dark souls boss
Next one will be to 100% every Assassins Creed game.
This is amazing. Great to have more alternatives to Google's crap
No third-party services
Support for alternative routing
(following link)
alternative routing requires us to use third-party infrastructure and networks we do not control
huh
That just means they're using other servers to route traffic. It doesn't mean those servers are third party services.
Nice, but captchas are never a good measure to avoid bots, only to annoying users, apart from spying them, if it is from Google. Long before AI, bots could solve captchas better than humans. It is a clearly obsolete method. Apart the system used by Proton is impossible for blind users, Google captcha at least had an auditive captcha too.
It does stop bots, but only extremely simple bots that for instance scrape data. That's mostly it though, more sophisticated bots can easily beat Captchas
This is the problem. I remember a very simple method to avoid spambots on a forum with great success. It is based on the following idea: A spambot or even a spammer necessarily uses a disposable email to register. These emails are usually not valid for more than 10-30 minutes, just to be able to receive the confirmation link. In this forum, the sending of the confirmation email has been delayed for half an hour due to this and with this the spam problems have ended. A normal user, if they really want to sign up, waits this time without problems. Then the usual 50 messages before being able to put a link as an additional measure. Simple and without third party apps.
I often won't touch websites with captcha as its used to train ai for google so if I see open source captcha solutions of which I doubt I will see as often as id like as googles strong hold
But proton keep up the good work
hCaptcha is catching on pretty quickly.
That's still proprietary, so you'll just be feeding someone else's systems no?
Yeah I'm not saying hCaptcha is good. It just shows that new captcha systems can become popular, and that Google's hold isn't as strong as it may seem.
Oh yeah, that's true
It's a pretty cool idea. The more you fail, the more POW is applied.
Cool! But i still hate Captcha!
FUCK ALL CAPTCHA i want to develop a program not to solve captcha but to actually break them then when they go down bypass them some how some way one day i swear i will
view more: next ›