remove recaptcha.net from suggested initial whitelist, owned by google now

[jsamuel]

imported trac ticket
created: 2009-09-18 06:59:07
reporter: justin

The initial whitelist that users are given the option to import when they use !RequestPolicy for the first time includes only one destination that is allowed from any origin: recaptcha.net. However, Google just bought reCAPTCHA:

http://www.techcrunch.com/2009/09/16/google-acquires-recaptcha-to-power-scanning-for-google-books-and-google-news/

So, we need to remove it from the suggested initial whitelist. (In case the reader of this wants an explanation of why this changes things: allowing any site to make requests to a Google property without the user's knowledge is exactly the opposite of what !RequestPolicy should do.)

It's a shame, too, as there are a handful of sites whose registration process is complicated by having reCAPTCHA blocked until after the user already has done some work.

[jsamuel]

imported trac comment
created: 2009-09-20 15:56:30
author: justin

Fixed in r271.