Comment by LinuxBender
3 years ago
Aside from 3rd party code perhaps one middle-of-the-road idea would be a table of a few hundred factoids and then code that makes multiple choice checkbox factoids like
- Select everything that is a color im sure there are more clever open-ended questions and maybe sometimes switch up "is" with "is not".
- Red
- Blue
- Monkey
- Violet
- Armchair
People say that bots can learn such things but if every site had their own in-house tool then bots would have to keep track of thousands of site specific puzzles. Each site could even rotate through a dozen sets of different puzzle types and pause the ones that get learned. This would avoid sending cookies to a third party or depending on 3rd party code thus mitigating some corporate capture.
Bonus complexity: Don't use Alpha-Numeric characters. Use something like "figlet" [1] and cycle through a few of its ASCII art fonts.
> but if every site had their own in-house tool
Costs money to maintain and build correctly, which naturally leads to buying existing solutions.
I've heard that too, but I think it would take a decent developer 1 hour to make a first pass at such a thing. It doesn't have to be complicated nor perfect. I think it should not require images nor javascript. It should probably be a server-side LUA script that caches the puzzle and answer.
I found a few starter ideas [1][2] and concepts [3] but I would prefer to use something like figlet vs gd generated images. Figlet or something like it should be much lighter weight. I just have to find one that is readable on cell phones.
[1] - https://github.com/lua-programming/lua-captcha
[2] - https://github.com/mrDoctorWho/lua-captcha
[3] - https://nedbatchelder.com/text/stopbots.html
Said every customer
1 reply →
I think your idea is exactly what I would want in a captcha, but an issue with your example is that it would only pertain to English speakers, and it would be difficult to translate it into a variety of different languages to accommodate everyone.
I assume the existing captcha services look at the Accept-Language header. That header could be read by the Lua script. Each puzzle set could be translated one time through google translate or perhaps a better translation site. It should probably be proof read by someone from each language used to ensure nothing translates out of context into something offensive. I think I've seen people do this on Github, having people proof read translations. In this case it probably should be a smaller group to reduce risk of leaking the puzzle mapping to the bot code authors.
I think chatgpt is way ahead of you.
[dead]