switched to the powerful and privacy protecting Captcha by @hCaptcha@twitter.com for better protection against spam bots :crazy:

@spamty Which has even worse accessibility than reCAPTCHA, unless you actively link all your web traffic to an account to bypass the CAPTCHAs.


@wizzwizz4 what's a better alternative for hCaptcha? I never used reCAPTCHA because of their privacy policy; Securimage was defeated by bots. So I guess hCaptcha is the best solution for now. 🤔

@spamty Think of some simple puzzles yourself, and write a small program to implement them.

Take Qwant's “select the unique shape” – some randomly-coloured, randomly-distributed squares, and one circle (or vice versa, many circles and one square), with some areas of value noise introduced into the image. It's submitted via <input type="image" />, so doesn't need JavaScript.

Throw together a few puzzles like that. Have a visual, audio and text.


@spamty It doesn't need to be fancy, because it's only on your site (and perhaps a few others). This will protect you against non-targeted attackers, which is all you really need; a targetted attacker would just pay hCaptcha for some hCaptcha bypass tokens.


Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.