Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace CAPTCHA #244

Closed
omarroth opened this issue Nov 18, 2018 · 15 comments

Comments

@omarroth
Copy link
Owner

commented Nov 18, 2018

An issue raised in #239 is the clock CAPTCHA is too weak. Because of this and other issues (such as accessibility for blind or visually-impaired users), I think the CAPTCHA should be replaced.

A couple alternatives:

  • Logic/math puzzle example
  • Some other form of image recognition (although this has the same accessibility issues)
  • Making sure form isn't submitted after x seconds (although this may also reject users with password managers)
  • Some combination of the above mentioned

Obviously I would appreciate any other suggestions.

@zipline808

This comment has been minimized.

Copy link

commented Nov 19, 2018

I imagine you don't have to worry too much about accessibility issues regarding image recognition considering the nature of Invidious. You might argue that the blind could still use it for audio consumption but I imagine the blind have better suited places for them to go that aren't subject to such frequent changes that might frustrate their experience. As for those who are colour blind there are tools available that let you view an image as though you were colour blind yourself, thus letting you know if the images you'll use for the test are suitable.

@Zero3K

This comment has been minimized.

Copy link

commented Nov 19, 2018

How about one that used number and/or letters as a graphic image?

@elypter

This comment has been minimized.

Copy link

commented Nov 19, 2018

i would only replace a captcha if it has been abused. for smaller sites a captcha doesnt have to be so strong. it has to be unique so it doesnt get attacked automatically. there has to be someone who is interested first. i would think about an alternative to have as a backup but only throw it in once it is needed. all captchas will eventially be solvable so the longer you wait the longer it lasts.

@Discookie

This comment has been minimized.

Copy link

commented Nov 19, 2018

  1. I imagine the people who cannot complete 1. already have some kind of helper around, although I've known people who were having trouble completing some of the tasks I've seen. I'd prefer not having to think while trying to log in though.

  2. Even though the blind might have better places to consume audio content, it's not a reason to ignore their accessibility issues completely. I imagine the site is already well-parsed by screen reader software, simply because it's so bare-bones, but I'd like to verify that.

  3. I'm completely against it, as I do use a password manager. It might be good to have a check for a ridiculously short elapsed time, but around half a second is the maximum I wouldn't notice.

  4. My color-blind friends have really bad experiences with number/letter captchas, and OCR is so accurate today that the only ones it wouldn't recognize are the ones that I'd have trouble recognizing too.

I think the best solution would be to make 2. the default, and have 1. as an option.

For reference, comparison on Captcha alternatives by the Accessibility Guidelines Working Group:
https://www.w3.org/TR/turingtest/

@omarroth

This comment has been minimized.

Copy link
Owner Author

commented Nov 22, 2018

Added text captcha with 26eb59e.

For the image captcha, I'm planning on adding a second hand to the clock, so it'll look like this:
image

Which increases the possibility space by about an order of magnitude, at the cost of (hopefully) not too much inconvenience.

@omarroth

This comment has been minimized.

Copy link
Owner Author

commented Nov 26, 2018

Added with 934c81b.

@ghost

This comment has been minimized.

Copy link

commented Nov 26, 2018

@omarroth I saw that now and that second's hand idea is great!

@omarroth

This comment has been minimized.

Copy link
Owner Author

commented Nov 27, 2018

Great! I think this can be closed then, since the issues raised appear to be addressed.

@omarroth omarroth closed this Nov 27, 2018
@elypter

This comment has been minimized.

Copy link

commented Nov 27, 2018

single digit hours

will hours 10-12 not be chosen or what do you enter then?

@omarroth

This comment has been minimized.

Copy link
Owner Author

commented Nov 28, 2018

10-12 will work as expected, the reason it's h is to avoid users from zero-padding, e.g. "08:20:35" (although that will also work).

@elypter

This comment has been minimized.

Copy link

commented Nov 28, 2018

maybe use (h)h:mm:ss to avoid confusion although it doesnt look as nice or just skip those hours which would reduce entropy just slightly.

@ghost

This comment has been minimized.

Copy link

commented Dec 8, 2018

https://share.riseup.net/#eYugoeZKLVIvG3qr_v99lw

This is captcha test used by qwant, adding for reference if in future Invidious decides to change how captcha works

@TylerHobanDotCom

This comment has been minimized.

Copy link

commented Jan 17, 2019

https://share.riseup.net/#eYugoeZKLVIvG3qr_v99lw

This is captcha test used by qwant, adding for reference if in future Invidious decides to change how captcha works

hey do you have any riseup invites if so can you please send one to fistonal@protonmail.com

@omarroth

This comment has been minimized.

Copy link
Owner Author

commented Jan 17, 2019

Please don't solicit things here @TylerHobanDotCom.

This is captcha test used by qwant, adding for reference if in future Invidious decides to change how captcha works.

Unfortunately the link is no longer working for me. Do you have another copy @Avizini?

@ghost

This comment has been minimized.

Copy link

commented Jan 17, 2019

@omarroth Oh! I am sure it will be present somewhere, I'll look it afterwards.

Also see how arch forum does verification. This is not good replacement because many won't understand what to do.

That qwant one was a simple square image which had like 10 shapes and some scattered lines/dots. It asks user to chose the odd one out.

@TylerHobanDotCom i don't have riseup account.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.