replace custom captcha by reCAPTCHA

[basisbit]

Is your feature request related to a problem? Please describe. The current captcha is very easy to bypass.

Describe the solution you'd like Replace custom captcha by reCAPTCHA

[liamwhite]

Then you should make it harder to bypass by changing the colors around, for instance, or rotating the canvas by random offsets. The challenge implementation is not designed to withstand a nontrivial attack. Do note that a serious attacker could just farm solutions (about US$2 per 1000 valid reCAPTCHA solutions, as of the time of writing).

Additionally, there are serious privacy concerns around using a service operated by Google, especially the new reCAPTCHA APIs which essentially monitor a user's cursor movements and keystrokes on a page.

[basisbit]

back to topic: the current captcha is still very easy to bypass, and it discriminates humans that are for example blind or that just don't recognize the images combined with the names. Self-implementing a captcha is probably not a path we want to go, because of lack of developer time and the increased maintenance cost that it would result in. Any alternative suggestions to Google reCAPTCHA? As far as I know, it by far is still the best available captcha. Adding Akismet for comment spam reduction might help to mitigate the problem of Cloudflare behaviour analysis + reCaptha possibly getting bypassed. Maybe some more rate limiting and automatic account-shaddowing could also reduce the problem.

For those that don't want to use reCAPTCHA, a configuration option as environment variable could help.

[basisbit]

(Deleted 3 posts of the discussion. Reason: off-topic & politics)