basically what the title says

the ones i’m aware of:

  • google’s recaptcha
  • cloudflare’s hcaptcha

cloudflare being better for privacy compared to google, but still not great afaik

  • mox@lemmy.sdf.org
    10·
    1 month ago

    The only privacy-friendly CAPTCHA is a self-hosted one.

    The only user-friendly kind is none at all.

    Depending on the web site, an alternative bot-filtering strategy might make sense, such as:

    • Allowing signup without a CAPTCHA, but requiring one before the first post/upload is allowed.
    • Allowing signup without a CAPTCHA, but deleting accounts that behave like bots.
    • Allowing signup without a CAPTCHA, but deleting accounts that don’t purchase something.
    • Allowing login without a CAPTCHA, but restricting retry rates and/or temporarily locking accounts after 10+ failures.
    • retro@infosec.pub
      31·
      1 month ago

      Cloudflare’s Turnstile has an invisible mode that you’re probably using in a lot of places and aren’t aware of it. It provides an invisible challenge to the browser and requires no interaction. I would say no input require in quite user-friendly.

      • mox@lemmy.sdf.org
        2·
        1 month ago

        I would argue that’s not a CAPTCHA at all, since it’s not a Turing test, but rather a browser inspection.

        In any case, Cloudflare services like these are not remotely privacy-friendly.

      • Zerush@lemmy.ml
        2·
        1 month ago

        Yes, the Honeypot system, an invisible part, only visible for bots, they use it and get blocked. easy.