← Back to context

Comment by LinuxBender

3 years ago

Aside from 3rd party code perhaps one middle-of-the-road idea would be a table of a few hundred factoids and then code that makes multiple choice checkbox factoids like

- Select everything that is a color im sure there are more clever open-ended questions and maybe sometimes switch up "is" with "is not".

- Red

- Blue

- Monkey

- Violet

- Armchair

People say that bots can learn such things but if every site had their own in-house tool then bots would have to keep track of thousands of site specific puzzles. Each site could even rotate through a dozen sets of different puzzle types and pause the ones that get learned. This would avoid sending cookies to a third party or depending on 3rd party code thus mitigating some corporate capture.

Bonus complexity: Don't use Alpha-Numeric characters. Use something like "figlet" [1] and cycle through a few of its ASCII art fonts.

[1] - https://github.com/xero/figlet-fonts

> but if every site had their own in-house tool

Costs money to maintain and build correctly, which naturally leads to buying existing solutions.

I think your idea is exactly what I would want in a captcha, but an issue with your example is that it would only pertain to English speakers, and it would be difficult to translate it into a variety of different languages to accommodate everyone.

  • I assume the existing captcha services look at the Accept-Language header. That header could be read by the Lua script. Each puzzle set could be translated one time through google translate or perhaps a better translation site. It should probably be proof read by someone from each language used to ensure nothing translates out of context into something offensive. I think I've seen people do this on Github, having people proof read translations. In this case it probably should be a smaller group to reduce risk of leaking the puzzle mapping to the bot code authors.