-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Cloudflare Turnstile as a privacy preserving alternative to Google Recaptcha #998
Comments
For now, I'm not interested in natively supporting Turnstile. Cloudflare has not yet provided sufficient ground that supports Turnstile is greater than reCAPTCHA in privacy terms. Also it's still in the open beta stage. |
Ok, sounds good.
I think the fact that Google's business is advertising (which benefits from analytics about the users who are their product that they sell to advertisers) and Cloudflare's business is selling services to people and companies who pay them is a good basis for the difference in their motivations and their different approach to protecting privacy. An example of this is how Mozilla has partnered with Cloudflare because of this commitment to privacy that they have and their lack of a conflict of interests between user privacy and their business (which differs from Google). (Disclosure, I work at Mozilla)
Good point. @takayukister If someone were to PR the addition of a Turnstile module would you be open to that? I ask just to get a sense of whether it's that you don't have an interest in putting dev time towards a Turnstile module, or if it's more that supporting Turnstile doesn't fit in with your vision for Contact Form 7? |
Maybe I would reject the PRs. Turnstile is not that attractive to me. I would suggest creating it as an independent plugin. |
Sounds good, thanks @takayukister |
Hey @takayukister, while I understand that Turnstile is not that attractive to you personally, it definitely is attractive in the EU, where the use of Google Recaptcha is illegal because of GDPR (it would need opt-in, which defeats the purpose of a captcha). Maybe that is something to consider, as I am assuming a significant amount of your users are based in the EU or develop websites targeting EU customers. |
Can you please provide a link to the court decision? |
Every service that transfers personally identifiable information to somewhere outside of the EU, like an IP address, needs to be opt-in according to GDPR. While I am not aware of a specific court decision regarding Google Recaptcha, there was a recent decision regarding Google Fonts, which is basically only a single web request to Google servers, but just the fact that the IP address is transferred to the US makes it illegal if not opted-in, according to the court (I know, it's stupid). The same is true for Google Analytics, Google Maps embeds, etc. As Google Recaptcha assumingly collects way more data than those services, to detect if you are human, it will only be a matter of time until there is a court order. This summary might also be interesting to read regarding Recaptcha and GDPR: https://www.activemind.de/magazin/recaptcha/ While I am no law-expert, I know that our customers do not want to risk not being compliant with GDPR, and therefore for me as a developer (and many others in the EU) Google Recaptcha is sadly not an option. |
No, I'm not asking for explanation or your opinion about GDPR. You claimed that Google reCAPTCHA is illegal.
So, where is the legal evidence? |
I haven't seen anything focusing specifically on the legality of Google reCAPTCHA, however there is definitely legal action being taken against Google Analytics. It wouldn't be a stretch to think that other Google services like reCAPTCHA could also be in violation of GDPR as @freinbichler mentioned. Dropping this in incase it helps someone. At any rate love Contact Form 7 @takayukister keep up the awesome work ❤️ |
One more vote for adding Turnstile. |
https://wordpress.org/plugins/simple-cloudflare-turnstile/ it works with contact 7 |
What a disappointing response from the developer. So grateful the community has come up with an alternative solution! |
I saw this empty PR, #989 , that was opened and closed on this topic, but it might be good to capture this potential feature here as an issue.
Could you/we through a PR add support for Cloudflare Turnstile as a privacy preserving alternative to Google Recaptcha?
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Here's a demo of it in use
https://demo.turnstile.workers.dev/
The text was updated successfully, but these errors were encountered: