Topic: [Poll] What do you think of the forum's usage of reCaptcha? - page 2. (Read 2162 times)

Sad thing is I don't have any bitcoin. Also checked the cooper membership price. It costs around $31 which I don't have.

I read your other topic and it had a lot of insights. Some trolls always lurk around and take things other direction. You also said you are very good with tor. I am not an expert and just use it for bitcointalk browsing with java script enabled.

What I wanted to know if there is any other browser like tor so I could use that and browse anonymously.

This would (0) require Javascript (as reCAPTCHA does—but worse, IIRC this also requires asm.js/webasm which I disable even when enabling JS), and (1) have a drastically disparate impact on those using fast computers versus slow computers/netbooks/mobile devices.  It is also questionable whether it would answer the threat being staved off by the CAPTCHA.  Admittedly, it would work better against what I suspect the threat to be, rather than against spam.

Vod, do you know the actual purpose of the CAPTCHA?  Everybody seems to assume that it’s there to keep out spambots.[1]  My first hunch is that theymos has a problem with bruteforcing of luser passwords, resulting in stolen accounts.  You may perhaps know for certain, not as a matter of assumptions or speculation.

I would understand if theymos desires that such information not be disclosed.  But I ask because I have wanted to suggest some alternative solutions; and it’s difficult to know whether my ideas are even worth mentioning.

---

1. This common assumption simply does not make sense to me.  An account farmer could easily use human labour (self or others) to log bots into a large numbers of accounts with “stay logged in” checked, then let them stay logged in to make unlimited spam/nonsense/copypaste posts.  It would be trivial; all the bots would need to do is to keep their cookies.  I know this because I myself now stay logged in, on a credential apparently set to expire in the year 2023.  I have not filled out the CAPTCHA since 10 December.  Whereas a password bruteforcer would indeed be stymied by the CAPTCHA.  A bruteforcer would also be slowed down by a POW.  A spambot could complete the POW once, then stay logged in for years or until permabanned.

That is pretty cool and a great idea.

I think Theymos should replace the captcha with a proof of work challenge such as https://coinhive.com/

Reduce Spam AND make the forum some additional money. 

I don't know. It may somehow prevent some attacks. I personally find it anoying but if it can always secure the forum and users privacy then I wouldn't mind solving those captcha everytime I visit or logged in.  Mayba a 2fa is much better? Just sayin tho

Tor user here.  Please see the thread I started after my 17-circuit-change login instance, documented with screenshots of various error messages; my conclusion thus far:


P.S., I suggest that you consider purchasing a Copper Membership.  Your Tor signup fee can be put toward the price; and it will let you embed images as a newbie, among other perqs.

Is there another solution for those who use tor. Changed circuits over 16 times (yeah I counted) and then recaptcha showed up. I am not complaining about the recaptcha thing but another solution will be appreciated.

Just like the other members, I do not have problem with reCaptcha because it doesn't take much of my time. I understand if it is for the security concerns and will likely support it if it will prevent and stop possible security attacks. It maybe a nuisance for some because if you have a poor connection, it will consume your time in clicking what is required. Anyways, if reCaptcha will also slow down those people who are going against the rule of having multiple accounts, then it is just and right.

Because you are irrelevant

We, human beings, are no longer relevant to Google (or whatever is hiding behind its facade) at this point in time. Basically, we are a hindrance to it, a pain in the ass if you please, so why should it give us a free pass? Welcome to 1984 brave new world, mate. Since I stay always logged in (well, sort of), I don't care so much about Google reCaptcha at this site, but I definitely know how annoying it can be at other sites where you have to endlessly click on an infinite loop of squares, monkey style

I use FireFox and it works fine too, so I also don't see a problem or any annoying factor in that.
The only thing that I am still learning to use is the time of log in, it's stays 60 min automatically and I oftenly forget to change it as it suits to me the most (always stay logged in), so it happens that I write a comment, press "post" and come to the page where I need to log in again and that's the most annoying thing to me

I believe that everything in this forum reason behind it nothing is waste I believe strongly in it. This is what I think of the forum's usage of recaptcha though I not technical person to go deep into it.

For the past few days, I have been unable to even get a CAPTCHA without changing Tor circuits.  I did some rough testing, hitting “New Identity” in the login page and then changing circuits until I could get a CAPTCHA.  Rinse, repeat.  At worst, I had to try a total of six different circuits before Google would even deign to waste my time clicking pictures.

This brings to mind another thought:  Google could force Tor users to rapidly rebuild circuits to the same endpoint, then potentially watch for any other network activity which could be correlated by timing, size, etc.  Hmmm.  How many Tor nodes are hosted on Google Compute, or otherwise network-visible to Google?  —  Next question:  Does the NSA like to see Tor users rapidly rebuild circuits to the same endpoint?

Those are the sorts of subtle questions which make for papers on anonbib.  Or for attacks.  For a “cloud” provider who hosts many Tor nodes, I think I smell at least the possibility of a guard-discovery attack here.  Tor is known to be weak against an adversary who can observe both endpoints.  If Google forces Tor users to build circuits until they hit a Google-hosted middle node, then I conjecture they could use a similar attack to find the guard (counting the guard as if an “endpoint”).  They then know that a user with guard X logged into bitcointalk.org at dates and times which can, in turn, be correlated with a bitcointalk username (assuming they can’t just use some XSS to grab that off the login page—or share/cross-reference databases with Cloudflare).  Every little bit helps a network observer gathering data for deanonymization.

As an aside, Tor Browser/Torbutton could really use a feature which permits conveniently changing exits without rebuilding the entire circuit.

I also have big problems with reCaptcha and sometimes I get that message about sending automated queries.Only way to log in in forum is to reset my modem and get new IP.So problem is connected with IP address of individual user,but may be also related to specific site.

For example if I have problem with reCaptcha on one site,on some other site same reCaptcha is so easy to solve,or there is no even captcha like in Google short link service.I notice also if you try to reload captcha to many time to get an easier one,this may tag you as bot.

Last few days reCaptcha is super easy for me on bitcointalk,it can be solved in a single attempt.When your IP get block from Google,there is link-help page and you should send them e-mail with your IP address so they maybe check and unblock your IP.

I suspect that the issue is not keeping out bots as such, but preventing bruteforce attempts against luser passwords.  theymos et al., am I right?  Bots need an account for spam.  The forum already charges “evil” IP addresses Bitcoin for new signups.  But most people pick bad passwords; they think that “p4ssw0rd1975” is super-unguessable.  Do the maths.


The CAPTCHA varies its “difficulty” (actually: its tediousness) based on Google’s opinion of the connecting IP address.  Do not assume your experience to be the same as others’.  It isn’t.

For Tor users, this often means page after page of “challenges” which in total take up to a few minutes to solve.  I have not recently done a Google CAPTCHA in less than sixty seconds, and I’ve had plenty of practice.  When I click “Verify”, I get hit with another round; n.b. it does not say my answers are “incorrect”, it just gives me another “challenge”.  Also, as I posted above, Google may even refuse to serve a CAPTCHA.  Google now has the peremptory power to lock people out of bitcointalk.org.

This forum is Tor-friendly, which I much appreciate.  According to theymos, Satoshi “always used Tor” to connect to this forum.  But Satoshi would now find his time wasted, likely to the eventual point of giving up in frustration.

The following happened again just now, multiple times.  I had to repeatedly change circuits before I could even get a CAPTCHA.  Observe that this gives Google the power to fully lock Tor users out of Bitcointalk.org any time they want:


The CAPTCHA then took me 89 seconds to solve—first slowly-reappearing storefronts, then a long batch of street signs.  This was when I knew I was timing it, so I tried to do it as fast as I could; and as one who has exclusively used Tor to access the Internet for some years, I think I must have world-class CAPTCHA solving skills.

On the cost of authority by google.I don't like my  time being wasted by google.Why would I spend 20 seconds of my precious time to prove I'm not a bot when I'm really not.I don't know rant isn't gonna help but just saying since you asked.


Brains ? Let;s way for a day google asks you to solve complex logarithms in the specified amount of time to prove you're a human.


The best alternative is to control that from the server side.

I feel like it's a great system. It keeps the bots away from easily mass-spamming us.
reCaptcha can be solved easily & quickly. Although it sometimes says correct answers are incorrect, if you use your brain, you should be able solve them correctly most of the time.

I saw that some people say that it's very buggy whilst using terrible internet, but I feel like there's more wrong then, as I come across horrible internet all the time, in restaurants, on vacation, etc... And until now it has always worked well.

Of course, it would be nice if it was possible to choose an alternative that works well for everyone and I'm completely in for that, unless it has disadvantages for people that are currently not experiencing any negative side effects from the reCaptcha.

This reCaptcha is suck, each time im use the cafe internet, too many popup pop out from it and asking me to choice. Its like an English class for 2yo baby. But it keep the forum safe from the flood. So unfortunately, we need to deal with it.

I am having problems solving Recaptcha
it started a couple of months ago and for some time I was not able to solve it all,because it kept me in an everending loop of
"incorrect" answers although I was sure I solved them correctly
when I googled(sic!) I found out that the problem was pretty common(and random) and the only way to get rid of it
was logging out of all of your google related accounts or using incognito mode in your browser
needless to say that its a hassle,so I think any captcha BUT recaptcha will do

I use Tor.  On my current login, I got this:


Changing circuits worked—this time; but if Google is sometimes refusing to even serve up a CAPTCHA, that bodes ill for the future.  These things tend to go one way.

I posted separately on the general issue of the login CAPTCHA.  Sorry that post was misplaced.

It is also problematic that Google’s image-clicking CAPTCHAs force me to work for free, enslaving me to their so-called “AI” on projects I despise.  Right.  “Self-driving cars.”  No, cars which are not under your control.  A Google-driven car is like money in a bank, as opposed to Bitcoin, the car with a steering wheel and pedals.