With some help from hCaptcha, we're now able to stop the spam registration attempts and not bother 99.9% of legitimate visitors at the same time.

It was not ideal having to annoy everyone who tried to register last week but it's all fixed now thanks to the hCaptcha team! 🙏👏

@plausible Got hit by one the very first time. I very much doubt I'm in the 0.01%.

You're *letting* hCaptcha track everyone signing up to Plausible. While that's still better than tracking all of those people's users, you can do better. (Plus, accessibility issues; it'd be good if you could add some way for people who can't solve hCaptchas to register.)

Fortunately, they don't seem to be setting tracking cookies, apart from the standard _cfduid that Cloudflare promises isn't used for that.

@plausible I'm probably wrong to mistrust hCaptcha; unlike the rest of the companies I bash, they haven't really done anything to deserve that mistrust. (They haven't really done much to earn trust, either, but I suppose that comes with time.)

@wizzwizz4 @plausible hmm that's weird! we tested it on several different devices and browsers with different situations such as vpn on, vpn off, adblocker on and off and didn't get any since this change. the logo still shows up but you just have to tick it and there's no challenge

@markosaric @plausible I've just stopped getting them. That's odd… Maybe I *was* in the 0.01%? (Or maybe it's just remembering my IP address? I completed one at the end of my testing, about half an hour ago.)

I'm still getting it consistently on Tor, though – and it's impossible to complete them sometimes, because I get "Rate limited or network error. Please retry."

@wizzwizz4 @plausible i really don't have a more realistic solution at this time. the spam issue is real and badly affects us if we don't prevent it and this does it.

they're independent, they're not part of surveillance capitalism / adtech, they're not fond of google and they make money from their product fees directly.

we can remove them if it turns out they're not to be trusted but i don't see any reason to mistrust them at this stage and while spam continues

@markosaric @plausible Yeah. I probably just have a vendetta. They're actively working on a cryptographic solution to reduce the tracking they have to do for the accessibility thing, which doesn't really have an upside for their (entirely hypothetical) user tracking side-business, so… there's probably no issue with using it.

hCaptcha is incentivised to go evil, though – unless they don't get a cut of the money from a CAPTCHA solve, in which case I'm very impressed with how they've done things.

@wizzwizz4 @plausible yeah they're solving a real issue that only google was able to do before so hope they succeed and we get even more competitive tools not owned by google. it's very needed for the health of the whole web.

could be great to get rid of the spammers too so we don't need this protection in the first place but that's a different topic :)

@markosaric @plausible Ah, thanks, that was enough for me to spot the error I was making.

> hCaptcha isn't perfect. Therefore, it's not good enough and we should burn it.

It's one of the best things around, and a lot better than Google's CAPTCHA service; I should wait for (or make) something better before I criticise it (unless it's constructive criticism directed to the hCaptcha team's feedback page).

@wizzwizz4 @plausible they seem to be very responsive in my brief interaction with them.

i tagged them on twitter complaining about all our visitors needing to go through these challenges and they responded within a couple of hours and we had a conversation in which they fixed the issue and according to them 99.9% of actual people won't be challenged anymore

seems accurate enough in our tests as before this change 100% of visitors were challenged

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.