- Running a high profile, or even low profile. service which attracts automated or spearhead attacks makes you appreciate reCAPTCHA
- Web services and users are often low value and reCAPTCHA offers a free medicine
- Cleaning up attacks and such as a devops/webmasters is pain in the ass - getting all those alerts ad Saturdat 11:00pm in a bar - you do not want to cover them from your $100 budget
- reCAPTCHA makes many problems go away for a service provider
- People complaining about reCAPTCHA are often low value users (they do not buy anything) - though I have only subjective point to confirm this
Long term solutions can be only moving away for CAPTCHAs to strongly authenticated humans by a trusted party
- Strong human authentication on every service controlled by Apple/Google/Facebook who has vast data to keep bots in the check
- Start paying for the services - though you still need to do CAPTCHA at least once in the card authorization to prevent cardsters
Alternative for reCAPTCHA - though I do not vouch in for the quality yet: hcaptcha.com/
Bonus: Micropayments instead of ads or make botting too expensive - welcome to cryptocurrency land
We had an alternative to reCAPTCHA for a moment - proof of work coin miners, when properly set up it is also very privacy-friendly by having the possibility of fully self-hosting it. Yes it had it's downsides, but IMHO less downsides than doing work for Google. Same goes for coinminers instead of adsense.
No you didn’t. A few seconds of proof of work is trivial for a bot, any amount that makes it hard for a bot is unusable to a human. This is why nobody uses hashcash.
v.3 allows you to dial down the threshold if you start blocking too many humans.
Bots usually fail in the 0.0-0.3 range, so you can run it with a threshold around 0.7-0.8 and most people won't even notice it. Shame about the gross privacy invasion but it's probably not much worse that running Analytics?
It will kill your site speed score on Lighthouse for mobile.
https://news.ycombinator.com/item?id=20297764
- Running a high profile, or even low profile. service which attracts automated or spearhead attacks makes you appreciate reCAPTCHA
- Web services and users are often low value and reCAPTCHA offers a free medicine
- Cleaning up attacks and such as a devops/webmasters is pain in the ass - getting all those alerts ad Saturdat 11:00pm in a bar - you do not want to cover them from your $100 budget
- reCAPTCHA makes many problems go away for a service provider
- People complaining about reCAPTCHA are often low value users (they do not buy anything) - though I have only subjective point to confirm this
Long term solutions can be only moving away for CAPTCHAs to strongly authenticated humans by a trusted party
- Strong human authentication on every service controlled by Apple/Google/Facebook who has vast data to keep bots in the check
- Start paying for the services - though you still need to do CAPTCHA at least once in the card authorization to prevent cardsters
Alternative for reCAPTCHA - though I do not vouch in for the quality yet: hcaptcha.com/
Bonus: Micropayments instead of ads or make botting too expensive - welcome to cryptocurrency land