Topic: Can FunCAPTCHA be used instead of ReCAPTCHA at BitcoinTalk? (Read 302 times)

That's not developed in-house. That's why some other exchanges uses that too.

I checked a little further, it's apparently made by Geetest.

https://wordpress.org/plugins/geetest/

But strangely the main website (geetest.com/en) displays a blank page even after switching browsers.

I agree it's way better than reCAPTCHA in terms of usability. That POS made my life hell when my account got "blacklisted" for over a year for no apparent reason.

Is it? I saw many exchanges use it. And I personally prefer it over recaptcha, it's easy and quite fun, recaptcha pisses me off.

Yeah, it seems that FunCaptcha become paid service few years ago. There is some old topics like this one where people are complaining about it:
https://bitcointalksearch.org/topic/no-more-free-funcaptcha-account-for-me-1343161
Though I have no idea how much it costs exactly and in recent years I haven't saw any websites using it.
Now I don't see big problems with ReCaptcha. Yeah, it can be annoying when you use TOR, but since we have captcha bypass option, I don't think it's big issue.

Nope, Binance has its own in-house Jigsaw puzzle.

The CAPTCHA which Binance uses is categorized in Fun captha ? If not, then it can be used instead ?

I've experienced hcaptcha before, it was a nightmare if you're new to the system. Some of the verifications required clicks and there.

100bitcoin, FunCaptcha is something I haven't seen in a long time, and before it was a very popular captcha on most faucets. For what reason all users stopped using it, I do not know. It may have become an easy target for bots, or it may have become a paid service.

I know one captcha which is one of the last to appear on the market, and it was quite similar to reCaptcha, but recently has become quite difficult for most users, and is becoming less and less used.

https://www.hcaptcha.com/

reCAPTCHA is the only effective one. I just looked at FunCAPTCHA, and the rotating-pictures thing would be pretty easy to train a neural network to solve. Also, the language on the front page makes it look like it's targeted toward enterprises who'd have no problem blocking Tor. I bet they'll start blanket-banning Tor once they start losing the arms race against attackers.

I use Tor a lot, and while reCAPTCHA is annoying when used via Tor, it only takes a few minutes. On the forum, you can do it twice and then get a bypass code.


I've looked into that sort of thing, but there is no good solution as far as I've seen. Most solutions are focused entirely on maximizing profit, so they do eg. SHA256 mining which isn't good as an anti-spam PoW, and they use some central pool which has serious privacy implications. (For bitcointalk.org, the revenue from a mining-captcha could be discarded for all I care.) A good solution would:
 - Use a memory-hard PoW, or even better, one designed specifically for JavaScript.
 - Have an excellent API.
 - At least allow the site to proxy mining traffic to protect user privacy.

Also, web-miners are always detected as malware by antivirus software.

Anti-spam PoWs are always asymmetrical vs an attacker, which might make the whole idea unworkable. If it takes an ordinary user 1 minute to solve the PoW, then an attacker is always going to be able to improve on that using specialized hardware and software. If they can bring it down from 1 minute to 0.6 second, then the service is going to have to increase the difficulty so that ordinary users are spending 15+ minutes solving the PoW. For an anti-spam PoW to be a good idea, you need to be able to reduce this asymmetry to at worst something like 10:1, and this has to last, not just be a result of obscurity. I'm not sure that it's possible.

People use smart phones to access BitcoinTalk as well. Imagine this decrease in longevity if they are forced to mine any Crypto, whether it is XMR or GRIN or MWC.

A few questions / observations:

1. Has it withstood numerous attempts to fully automate the captcha solving process (via ultra low cost, high volume means)?
2. You say it "does not keep tracking like Google" yet FunCaptcha's front page mentions that it uses "<...> past reputation of a request <...>") to detect fraudulent actions. So, any source for that claim?
3. I don't see a pricing page on the site so I assume it's an "enterprise-focused" (a.k.a. "costs a fuck ton") service. I really doubt theymos wants to dedicate a substantial amount of the forum's budget to CAPTCHA protection when the current CAPTCHA does the job fine.

This is trivial to bypass for an attacker who has a botnet under his control and provides a huge decrease in usability for the average user.

Is there no way to make people mine monero for 5 minutes when they log in instead? I'd pick that over everythiing else, even just as an option (funds can be added to donations for the forum). Assume people have a 5GHz clock speed...

Every time I have an unstable connection this one saves me and sometimes recaptcha is giving an error, this is a saver for all of us, people should have one kept in case, but be sure to change it from time to time because of the warning Bitcointalk has given.

Yes. That's why I suggested the alternative. This does not keep tracking like Google either.

Correct. I've considered offering it as a service, but I'm afraid it'll be too close to account sales (even though the accounts would be new).
But as a one-time thing, even a Tor user can spend a few minutes clicking captcha. Many sites are very annoying through Tor.

For the first timer through Tor, the experience is terrible.

There's a better solution: Captcha bypass code.
Just bookmark the link it gives.

This is Tor friendly and does not track like Google does. Below is the developer's guide...

https://arkoselabs.atlassian.net/wiki/spaces/DG/pages/58327063/Standard+Setup

Worth a try?

p.s. If anyone already have experience in using it, please share your experience too.