A discussion about captchas

Coffee Lounge
1

I came across this website using a sweet captcha called “FriendlyCaptcha” - wow, what a relief not having to label cars and traffic lights split in the middle


(I’m not their customer)

It uses a JavaScript challenge solved by the browser. In a world where you can literally pay someone to solve captcha for you in a third-world country, is it really worth to use annoying captchas on your website instead of a JavaScript challenge or something similar?

Edit: This one looks interesting too, open-source, although not a JS challenge:
https://captcheck.netsyms.com/

Edit 2: Friendly Captcha’s widget is open-source, the backend isn’t (edit: actually there’s a working script you can self-host, although it’s more like source-available than open-source in terms of freedom)

1 Like
2

Not an expert, just my 2 cents: just like it’s possible to break most bike locks within a few seconds… it’s still worth it to lock your bike with an extra lock. Because if you don’t put the extra lock on it, it goes from 30 seconds to 10 seconds. In other words: becomes an easier target.

Now I’m not sure how well this carries over cyber security. But some arguments to use a captcha, even if paid to use:

  • costs money to get through the captcha, decreases incentive
  • costs more time (a few seconds at least for the captcha to be resolved)