REEcaptcha

just write a userscript with image recognition to automate the process and make it work with javashit disabled

The only place where it's really a problem for me is DDL sites.

This site is literally hosted on cloudflare, and guess what captcha they use for their (((ddos))) protection?

good times, I remember it too

Oh i object every day to garbage like recaptcha and cuckflare. I just wanted to clarify this:
It's actually been like this for 10 years. It was standard to use Google Analytics and Recaptcha because every faggot and their dog was sucking on the G since around 2000-2004 (can't remember when this started).

Literally 10 years, not days or months or a few years. 10 years. In 2009, when they had text captchas, Tor users were served captchas that were almost impossible to solve (the success rate was so low that I couldn't figure out whether I was just given an easy captcha because of my IP address or the captcha is actually impossible to solve in most cases). I could sit through about 30 and still not solve it, but usually i would just close the page and move on

Here's an example of the shit you'd get:
ibb.co/h75MYp

A real captcha. Recaptcha v1 stopped being a real captcha when it acted on IP address info (such as blocking IP addresses). Recaptcha v2 was never a real captcha because it relies on monitoring the user for days to build a profile, and it still straight up blocks IPs (literally defeating the purpose of having a captcha at all). If your real captcha gets cracked, you move to a different one. Normalfags do not understand this basic concept. If you're on a real network like Freenet FMS, you don't have IP addresses or user profiles, there are just captchas to mitigate spam. When the captcha is cracked, you get a different one, which has been the modus operandi from the beginning of the internet, but all the normalfags just forgot this once the G was in their mouths. Ironically every time Recaptcha is cracked or bypassed and a bunch of spam gets through, they are perfectly fine with this.

DAE remember this rapidshit captcha
seosmarty.com/wp-content/uploads/2009/05/captcha-1.jpg

There's irony that 4chan still uses it.

It doesn't matter what cloudflare uses, because I never fill out any of their captchas. WHen I visit a site, I only allow traffic to/from that site's IPs. That's soemthing custom I'm doing at the kernel/firewall level via pf rules and tables (and some scripts and browser hacks for Links and Lynx). So right now, as I'm typing this on this thread's URL, my computer only allows traffic to/from these IPs:
104.18.104.234
104.18.105.234
If I got to another site altogether (like say duckduckgo), then those two IPs get wiped and DDG's IPs are only allowed. This happens dynamically for every single link I click on. It's not efficient, because I haven't bothered to check if the IPs are already in the pf table, but fuck it I don't care, it fucking works.

My question was a little more specific, as in "XYZ captcha instead of Google captcha".
The thing with Google's, is that is REALLY EASY to put it into a page: just register a new page in the captcha dashboard, paste some JS in the page, and call an API server-side to check if the user solved the captcha or not. And most of the time you don't even need to do that, as there's always a plugin that does it for you.
It's not like I'm not going to look for an alternative by myself, I will do; you have to understand though that for most webmasters that will not be the case unless a real, actionable, alternative is provided. And that alternative shouldn't be that much more complicated to setup if change is to be expected.

but why do they put that slow fading shit on login pages

woah you mean webmasters are incompetent? no, i am not going to make a one click piece of shit captcha as a service for you

You can make as much fun of people as you want, but if you want change then you'll need to meet THEIR needs, as they're the ones making the websites. It's the same shit for using Google Analytics vs. self-hosting Piwik.
Even for programmers bound to a code of ethics (e.g. ACM, IEEE), the actual effects of using Google's services in your sites are somewhat abstracted, not obvious.
So if it's hard to appeal to ethics, and you don't want to appeal to convenience... what then?

This shit right here is why I hate jewgle captcha the most. Why do they need to load the images so slowly? especially when it loads a similar image(a car or store front) and I have to keep on clicking it, hoping it will load something else. Is it meant to stop bots or kill my fucking patience?

i appeal to not being a dick fuck
this is also true but still not excusable

Write their content security policy they should use. Include googleapis and stuff, but "forget" rules which are required by the reCaptcha only.
Have fun watching how they deploy it. :)

dude, those are cuckflare IPs...

It doesn't, the two IPs you listed are from cloudflare.
Even if they weren't, blocking cloudflare IPs when they ask a captcha to access the page would simply make you unable to access the page, it wouldn't magically bypass the captcha.

Let's not even talk about how insane and anti-multitasking your approach is, or how every MITM (pretty much what cloudflare is) defeats it.

Again, Zig Forums still uses it indirectly via cloudflare.
"muh cuckchan" isn't going to solve that.

The intentional and excessive newbie-unfriendly attitude of much of the foss community is the reason why google and cloudflare got where they are in the first place.

It's to annoy people, and convince them to stop using anonymous connections.

No shit, Sherlock. I know Zig Forums uses cuckflare. But I don't go fill out any special cuckflare captchas related to "OMG malicious traffic incoming from ur IP!###", only the Zig Forums base64-encoded captchas that come up on their assigned IPs that you have to fill out once every 24 hours. Anything else gets dropped.
And I really don't give a flying fuck about any multitasking web shits. I know all the plebs love to have 6 gorillion tabs open at once, with all the fucking web beacons tracking their asses. Well that's their fucking problem.

I'd just like to interject for a moment. The 8ch posting page is free of google botnet, even over Tor (which allows for decent anonymisation even if the owner is a data seller).

Well I'm not saying Zig Forums has got any google stuff. Just that if it did, I wouldn't load it.
Haven't used Tor yet, but I might have to if the EU goes full retard and starts blocking this site and others that aren't good goys.

Aka, you are IP hopping until cloudflare lets you in.
Something TOR users can accomplish with a 3 button hotkey.
So you don't care about using IRC and browsing a link someone sent you at the same time?
"everything I can't do is for plebs" is pathetic.

Do you even understand how cloudflare works?

I think Gore and snuff porn is totally out of bounds, but in cloudflare and google's case I would happily put a Hiatus on that opinion for the fuckers who perpetuate this crap.

What does cuckflare have got to do with google's captcha? We don't get google captcha here.
And no I don't use IRC for like a decade. I'd rather hop on a text BBS tbh.
As for cuckflare anti-DoS captcha, I don't ever get it at all. Most likely wouldn't bother to browse here at all if I did. Got that kind of shit when I followed a Bloomberg link the other day. I just hit the back arrow and gtfo. Ain't worth my time, and I'm just a NEET.

Nope. 8ch uses cuckflare. Cuckflare serves "bad IPs" a captcha page which of course uses recaptcha instead of a real captcha. In fact this is funny because this faggot over here is saying webmasters shouldnt have to educate themselves and get off recaptcha. Well actually if only cuckflare did that, most of the web would be fixed. But cuckflare's main selling point is about the """benefits""" of sucking corporate cock, so of course they'll never use anything other than recaptcha (not that their captcha use case is even valid in the first place).
Even if you use 8ch's onion domain, the images are still on 8ch.net (lol)

You don't need to IP hop on Tor anymore. Just set your user agent to the same as what Tor Browser uses and you wont get the captcha:
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
also make sure image.http.accept is set to */* if you're using palememe
but nvm it looks like you dont have a "bad IP" in the first place since you're not getting the captchas

see above

Well fuck them. There is almost nothing of value on the web. We need to make a new internet free of retard fucks. We're not here to make friends, we're here to get/share/trade information, which the newbie web is mostly devoid of. On the web you have almost no useful information. Hardware reviews by charlatans, health advice from charlatans, thousands of lame recipes that just exist to have referal links to Amazon. And that's after you get through their JS/CSS/nigger as a service/bootstrap bloated pages and captchas.

Heh, you're still posting about the cuckflare bypass thing. You're persistent, I like it.

Right. The fix is to come back to PERSONAL websites, which NeoCities was supposed to encourage. So go, and make your site! Clearly you have a lot of knowledge. I would read it.

Can I make a site dedicated to holocaust denial videos on neocities?

I don't know. Why would you want to? There's enough of that stuff. Make it tech-related, with a lot of knowledge.

Look you meme, if you want to argue that webmasters should stop using Google's captcha, you then have to provide a more convenient alternative to justify the change. If you want to argue that they should stop being lazy fucks and that they need to "educate themselves" then you'll need a better argument than "you need to stop being a dick fuck".
If you cannot understand that basic concept: the idea that people do things only if they personally benefit in some way (even if it's only about feeling good about themselves), then you have no hope of "convincing" anyone that doesn't already agree with you.

What's stopping you? The infrastructure is in place, and hosting a site is trivially easy. You can even use other protocols distinct from HTTP/S if it triggers you so much.

Because there used to be an old site holocaustdenialvideos.com, but it got shut down. Mirrors keep getting uploaded to youtube and taken down, so it'd be nice to have a place where holocaust denial videos are always available, and in fact, it could have other videos that keep getting taken down from youtube, unrelated to the act of denying the holocaust as well now that I think about it, but I don't think they'll allow it. I'll have to host it myself.

great idea guys

...

You faggots will complain about every captcha.

So that's your biggest problem with the "normie web" ? That there isn't a holocaust denial video site? I thought you said the net is for sharing information...okay, I guess this is information too. Unless you aren't the same guy. But anyway, there is lots of other information that CAN be shared. So get off your asses and do it. Or if you don't want to, then support OTHER personal websites.

I mean, do you visit corpo shit sites like asstechnica? Then you are part of the problem. Spend that time on some guy's site instead. Post him a comment. Make him happy.

I'm a different user and was genuienly wondering. You are right though, even if the only way a person is going to see your site is by word of mouth. I really do think the idea I put forward would see some use however.

Wow, exact same experience here after deleting my own Google account.

Most obnoxious shit about recaptcha imo. It's intentionally designed too because different sites have different fade speeds on the images. Who chooses the fade speed on the pics, the site owner who implements the recaptcha api or Google's own algorithm?

That means they are already tracking you well enough.

Okay then I'm sorry for jumping onto you. Of course a freedom video hosting site would be great, but is too big of an endeavor. We have to do what we can, and we CAN make our own personal websites and write quality articles. Otherwise, again, switch your browsing habits from the asstechnicas to niche sites. You know...that guy making that retro gaming site you like? He will go away soon if he gets no audience. So be that audience.

I happen to have a personal tech site (but will expand topics soon), and I do have 34K views on neocities for the year it has existed - that's something asstechnica gets in ONE DAY. Not to be arrogant but I think my articles are more quality. At least I put my soul into them.

We can fix the net! The corpo shit sites subsist solely by the sheer amount of TRASH they manage to dump. Popularity and high search engine ranking - NOT quality. So don't visit them! We cannot outdo them by quantity, but we can by making our own QUALITY sites and supporting others just like that.

Attached: crusader.jpg (1024x926, 153.65K)

We know there's no such thing as a CAPTCHA that's incapable of being defeated by the deepest levels of image analysis. We also know that even if there is, you can just plug paid-by-the-penny pajeets into an API and have basically automated CAPTCHA solving anyway.

Thus it's just a matter of throwing X amount of resources at a CAPTCHA to get Y successful attempts in Z time, not a matter of them being unbreakable or not, even if it's Jewgle that made it. So why not just use proof-of-work as your CAPTCHA and substitute valuable human time and effort with mostly worthless (at the scale of a personal computer user, since their computer is idling most of the time anyway) computer time and effort.

That is, just take the amount of time that it would normally take a human user to solve an actual CAPTCHA and instead require the client to submit a PoW that would take about that much time to calculate on a mid-tier machine (which would require (((Javascript))) at first but eventually you could get browsers/websites to adopt specific technology for this so it could all be done natively).

You can scale the difficulty of the PoW up or down based on the security you require, or have an algorithm that automatically scales it up and down based on how suspiciously elevated usage patterns are above normal. You can fingerprint the user's browser/IP (or even combine it with Google's kikey mouse movement fingerprinting) and scale the PoW requirement up based on rate limiting or on whether it's considered "extra suspicious" by some heuristics algorithm or whatever too. In fact, you can literally just say "We want there to be a maximum of only X number of form submits per minute" and have the PoW difficulty scale up to pretty much exactly that amount, which you can't do with a traditional CAPTCHA because the time to complete them isn't directly quantifiable like PoW is.

The idea can pretty much be combined with any of a regular CAPTCHA's extra security features, except you won't be pissing off your users because they won't have to do anything other than sit there and wait (or go browse another tab) while the "CAPTCHA" (since it's not even really a CAPTCHA at this point) executes. Even considering the most extreme example possible (which would likely never be necessary), I'd rather go browse another website and wait 5 minutes for my registration to go through than select a single traffic light or car.

It hurts spammers because they work in bulk, meaning every CPU cycle is precious to them, but it doesn't affect your average computer user in any way since they're not harmed by having their CPU cycles used for 10 seconds to crunch some hashes while an icon bounces, and they can do whatever else they want on their computer while they wait anyway (instead of having to focus on a frustrating task). It's in fact probably even more secure than a regular CAPTCHA since it puts grandmas and trained professional CAPTCHA solver street shitters on the same playing field.

Even more bespokely, if you combine this with blinded tokens like in Cuckflare's existing Privacy Pass system then you could just run your computer overnight and have enough PoW tokens generated for your next day's web browsing, no waiting needed ever. It wouldn't be a perfect system, but it'd be no less secure than what we have and it would mean never deliberating over whether to select a square that has 5% of the stop sign in it ever again.

sour_grapes.png
Also implying there is no intrinsic value in control over such a large and popular thing.
And we need to rewrite it in Rust, of course.
It's a completely realistic and well thought plan, and it certainly won't fail for lack of attention and lack of clear advantages.
Low signal to noise ratio =/= no information.
Inb4 "my web will be organized better": look at wikipedia and tell me how you'll avoid those issues.

Then you get DDOSed out of existence if you attract any attention, as happened to Zig Forums itself.

Nobody here is complaining about the text-only captcha used to post here, so don't strawman.
Can work without javascript, has at least an option for text-only, and there are no correct solutions "failing" to make you solve more: that's my list for a good captcha.

Google, because the same site will offer different fade speeds over different tor identities.

If this isn't bait, because spammers have access to cheaper computer time and effort than legit users, also the last thing we need is chinks farming up captcha tokens to then resell them.

I addressed that in the post. You can scale the necessary difficulty of the PoW up based on your analysis of the source (which is exactly what happens already with existing CAPTCHAs). Spammers have cheaper access to CAPTCHA-solving services too. What's your point faggot?

I have a site, you might come across it one day.

turn off REcaptcha

no, recaptcha is one of the very few captchas that's actually bad

I'm not sure about hashcash type systems. The need for a captcha is a real problem (most people use them in invalid ways though, for example cuckflare requiring them for viewing static content, regardless of whether "it's to stop scraping"). Combining hashcash with a captcha is a good idea though.
This shouldn't even be possible. The ideal is that your computer isn't fingerprintable over networks. It's easy to accomplish this, just not in the disaster that is the web. Also a big problem is that most web browsing is just viewing paragarphs of text. You shouldn't even need captchas for that, but you do, thanks to cuckflare and other post 2010 webscale shit.

some sort of ad-hominem, can't be bothered to argue
oh it has plenty of advantages. just see Freenet for example or any other content-addressable storage, which focuses on storing information rather than adding new buggy APIs every week because some marketers want them
you don't seem to understand, it's actually almost impossible to host _anything_ useful on the cancer web. it's a commerce platform. you use it to order more toilet paper. your stupid concerns over popularity don't matter

Just share it faggot.

No you didn't, you recycled Google's solution and all of its problems.
On "your" anaysis? So you have a central authority? So why bother with a blockchain at all?
And that is ignoring how "analysis of the source" making captchas impossible for certain legit users is the entire reason this thread exists, how do you plan to avoid that if you planned that far?
That's why captchas are far from a perfect solution, pushing a new system that is even more vulnerable to economy of scale isn't a good plan.
What's yours? A "Pls gib me monies" javascript botnet?

Not really, and I bet you know that already.
Then list them clearly: even if you don't convince me, you might convince someone else reading.
But I bet those "advantages" are the kind Vi fans use to pretend an unintuitive CLI abomination is an acceptable default for text files.
Bullshit.
I can get a resistor color code table in a matter of seconds, I can find papers and courses on a somewhat obscure engineering topic I might need on my job, I can find info to help out with my hobby, I can discover and download TOR...
Your idea of "useful" seems to be insanely warped.
Are you reading or just skimming until you find a word that triggers you?
I wasn't saying popular=good, I was saying anyone that can control something popular is powerful.

Who is "they"? I pretty much avoid google sites altogether, except youtube. Most of the other big sites I visit (e.g. DDG, wikipedia, archive.org) don't use cuckflare, and if they have any google web beacons, those get dropped by my firewall.
Most of the smaller sites I visit also don't use cuckflare. I have pretty niche interests, and a lot of those sites don't get much traffic. If you think cuckflare has the entire Internet in their grip, well you're wrong. A lot of the normie sites, they probably have though.
Also don't forget they have competition from amazon cloud services. But I block those guys completely, so I can't even properly browse sites that use it (images don't load, etc.) I'd do the same exact thing if I stopped visiting this chan. Endchan doesn't need it, nor does nttpchan.

Attached: 1.png (384x272, 1.86K)

Either google or cloudflare, at a minimum.
Any cloudflare site is a google site by proxy, because they send info to google to know if you automatically pass the captcha or not.
That protects you from client-side tracking, nothing more.
If the site passes info to google server-side, or if the site host does it for them, your firewall does jackshit.

We already covered that earlier, m8. I don't ever fill out any of those stupid "OMG suspicious traffic" cuckchas. If I ever see anything like pic-related, I'm outa there.
Anyway as you can see, they don't tend to load properly. So all those archive.is links that people post constantly, I don't even bother to click them, since all I ever got was this kind of shit.

Attached: shekelberg.png (953x764, 56.91K)

Also, if you go on 4chan (who also use cuckflare), their post captcha has a direct link to google. Google doesn't try to hide the fact you're sending stuff to them. Anyway everyone knows they're behind the reCaptcha shit.

My dude, eariler you said
and now you tell me you get them but don't do them?

My point is that stuff is sent anyways on the server's side, so firewall based solutions do not work for that.

neocities is free speech but requires recaptcha to sign up :^)

So get a friend to sign up for you. Or another host. But don't just fucking whine and whine.

>Bloom(((berg)))
And nothing of value was lost.

Actually considering Bloomberg is a trading terminal provider the entire economic system may very well be lost.

yes

>no more (((economic system)))

Attached: 953.gif (500x276, 199.44K)

If the USA economy crashes your shitty internet and water is going with it.

jokes on you gwei-lo i'm in china

Even worse heh.

The fact that you brought up blockchains or thought I was suggesting a blockchain at all just because I mentioned using PoW means you know absolutely zero about the history/design of PoW and its original intended use case and are infinitely too retarded to be having a conversation about this subject.

Luckily for you I am too busy to post on this brainlet board frequently so maybe you'll be fortunate enough to not see this post and be embarrassed when you look up hashcash and the history of PoW and realize that even bringing up the word "blockchain" in this context exposes you as the biggest know-nothing on the planet.

Seriously neck yourself, you buzzword spewing moron. Quit pretending to be knowledgeable because you memorized a vocabulary list.

Also, for the record, for *any* CAPTCHA system it is the most convenient/secure to combine it with an analysis of the solver based on a centralized store of information so that you can do dynamic difficulty adjustments. But you could easily federate it and give people a choice of whose analysis to trust.

None of this matters though since you're already disqualified from the conversation. Go back to /g/.

laowai baizuo

...

Attached: botnet_in_3_easy_steps.png (959x740, 94K)

kys my dude

Looks like you're a bit slow, so let's review what was already discussed:
YOU> This site is literally hosted on cloudflare, and guess what captcha they use for their (((ddos))) protection?
ME> It doesn't matter what cloudflare uses, because I never fill out any of their captchas.
The cuckflare anti-DoS reCaptcha isn't the same as the Zig Forums base64-encoded text captcha that doesn't need javascript (pic-related).

Attached: foo.png (953x764, 116.34K)

Why does 4chan have google recaptcha sending them infos directly then? It's redundant. You're wrong, and just spreading FUD.

(((reeeeeCAPTCHA))) v3 finalized
archive.is/r4uxm
web.archive.org/web/20181101234454/https://security.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html
It runs (((adaptive risk analysis))) in the background and gives you a score from 0.0 to 1.0 depending on the following:

Related: has anyone figured out how to force recaptcha to use check boxes? That slow image reload is killing me

Well that explains why a lot of us here get the turing test every time we click the checkbox. The browser configurations used by black hats are pretty much the same browser configurations used by those hyper concerned with privacy and freedom.

You need a google account.

And let the Jews win?

They already won, see

that isn't copypaste. look at 'server side integration': that implies writing code on your server, which isn't provided, and would vary with language anyways.

Here's how you could compete with them: write two cgi-scripts that someone would drop in their cgi-bin/. The first one is embedded in an iframe, and has the user complete a captcha and then sets a cookie. The second one you could post against (ideally only from localhost), and it would respond telling you if a given cookie is valid. Ideally, these scripts would auto-update, so that when the captcha breaks it will be silently fixed

If you had extra time on your hands, you would write plugins for major server software; apache, nginx, django, express, etc, and get your plugin into the relevant package manager. These would be literally plug and play, you could probably even write a gui installer for them.

shill

Goddammit jewgle.

Floens somehow forced recaptcha to always be just check boxes in the clover app. It is possible, I just don't know how

I think that Tor user agent is outdated.

Figured it out.
Floens uses NoScript