New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Find an open source alternative to Google Recaptcha for our website #13905

Open
mattab opened this Issue Dec 23, 2018 · 8 comments

Comments

Projects
None yet
4 participants
@mattab
Copy link
Member

mattab commented Dec 23, 2018

Currently we're using Google Recaptcha on pages with a form, which leaks lots of data to Google.

For example on this page: https://matomo.org/contact/

-> It would be fantastic to find & use an open source, decentralised alternative to Google recaptcha on our Matomo.org website.

If anyone knows an alternative to Recaptcha that works, please let us know

@mattab mattab added this to the 4.0.0 milestone Dec 23, 2018

@fdellwing

This comment has been minimized.

Copy link
Contributor

fdellwing commented Dec 24, 2018

There are a lot of Captcha-Libaries, but none of them provide such features as reCaptcha.

@Findus23 Findus23 pinned this issue Dec 24, 2018

@Findus23

This comment has been minimized.

Copy link
Member

Findus23 commented Dec 24, 2018

@fdellwing The only feature we need is not getting overwhelmed with spam 🙂

Bonus points if it is accessibility-friendly.

@fdellwing

This comment has been minimized.

Copy link
Contributor

fdellwing commented Dec 24, 2018

As I said, I know no captcha that is nearly as user friendly as reCaptcha. So best would be to take some random image captcha (where are MANY) and just hit an self made database on top that recognises returning users.

@Findus23

This comment has been minimized.

Copy link
Member

Findus23 commented Dec 27, 2018

As I said, I know no captcha that is nearly as user friendly as reCaptcha

I really have to disagree. I regularly spend multiple minutes getting angrier and angrier as I am clicking through page after page arguing whether something can be considered a storefront when the captcha switches into extra-slow mode where every image takes a 5-second transition to load.
(I am not using a VPN or anything similar, just a regular internet connection)

I think a captcha doesn't need to be complex to stop most bots (after all while Recaptcha is hard to circumvent, it only costs 0.2 cent to pay someone to solve it for you), it just needs to be different enough so it stops automated bots programmed to popular wordpress forms.

I even think that a simple input field asking to enter the name of the open source project you are trying to contact (that maybe also allows common variants) would stop nearly all automated spam.
And the remaining ones I think (from what I see on the forum) are actual people pasting spam texts into the forms and those are not blockable via captchas.
@tsteur, would it be possible to add something like this to the forms without too much work?

@tsteur

This comment has been minimized.

Copy link
Member

tsteur commented Dec 27, 2018

As long as there is a wordpress plugin for it that should be fine. We wouldn't want to build anything ourselves. The plugin would ideally hook into random places where needed and support gravity forms etc.

@Findus23

This comment has been minimized.

Copy link
Member

Findus23 commented Dec 27, 2018

https://wordpress.org/plugins/humancaptcha/ seems to be pretty much what I described, but the plugin looks odd and only seems to integrate with comments.
Apart from that I could only find https://wordpress.org/plugins/humancaptcha/ which seamlessly integrates into login, registration, lost password, comments, bbPress and Contact Form 7.

I have never used Gravity forms before, but it seems to have many features and maybe one can make a required input field with the quiz feature Not sure if it can be combined with the normal contact form.

@tsteur

This comment has been minimized.

Copy link
Member

tsteur commented Dec 27, 2018

Did a quick search for "captcha gravity" maybe https://wordpress.org/plugins/nomorecaptchas/ or https://wordpress.org/plugins/cleantalk-spam-protect/ would help? cleantalk also seems to support woocommerce. not really sure how good they are though.

I reckon something where people need to enter "Matomo" might be too complicated sometimes for some humans (it seems easy but may not always be clear what to enter) and at the same time someone wanting to spam us could easily achieve it.

@Findus23

This comment has been minimized.

Copy link
Member

Findus23 commented Dec 27, 2018

https://wordpress.org/plugins/nomorecaptchas/ or https://wordpress.org/plugins/cleantalk-spam-protect/

Both plugins work by sending the visitor behaviour data to the services' servers and analyzing it there. So I guess they are no better than ReCAPTCHA.

It's odd that there isn't a well-maintained opensource plugin that just does basic local analysation.

someone wanting to spam us could easily achieve it.

Targeted attackers will probably always be able to afford the 0.2 cent it costs to reliably circuvent all types of captcha.

@mattab mattab unpinned this issue Jan 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment