[TriLUG] ReCaptcha ( mobile ) issues

[Thomas Delrue via TriLUG]

On 07/20/2016 01:55 PM, Brian McCullough wrote:
> On Wed, Jul 20, 2016 at 08:38:57AM -0400, Triangle Linux Users Group discussion list wrote:
>> On 07/20/2016 08:29 AM, Brian McCullough via TriLUG wrote:
>>> I am working on a web site where we had Captcha installed and
>>> working for some time, years.  Then Google changed how it was called
>>> and used, and it broke.
>>
>> Forgive me for asking but: do you really get a lot of bots on your
>> website? Is it maybe an option to get rid of the captcha altogether?
> 
> I agree, a perfectly reasonable question, and I could counter with a
> different option.  I could try and determine which browser was coming in
> and disable the ReCaptcha just for the browsers that matter.

You could but I would argue against that in favor of actually fixing the
issue. If you decide to turn the captcha off for 'this one browser',
you're actually turning if off for all of them; because the next browser
where it doesn't work will receive the same treatment, and the next one
and the next one... and then there's that bastard who spoofs his user
agent string as well.

> As it happens, it was disabled completely for a year or more, between
> the time that Google changed their API and the time that I "fixed" the
> code.

So they have been running without a captcha for more than a year? Are
their concerns latent (i.e. "they've always been there but nothing
material has changed with incoming spam/abuse") or acute (i.e. "we are
seeing an uptick in abuse from this form")?

> However, the client has concerns about their Contact page and a page
> where users can send each other e-mail messages.

The client is always right... well, mostly... usually... occasionally...
maybe...

> So, the answer is, to a large extent, yes, we do need ReCaptcha, within
> a certain range of "need."

I'm reading your reference to "need" as a case of "The Customer Is
Always Right(tm)" ;)

You mentioned that you "turned the captcha on again after having been
turned off for a long while" (I'm paraphrasing); what about just blowing
away the existing code and re-inserting whatever google is recommending
for you to add these days? Maybe the code that was there did indeed work
until (over) a year ago but now has changed and isn't what you should be
using any more because it does indeed not work and isn't supposed to.
(I'm positing this because I have a hard time accepting that if the code
is right, it wouldn't work on a major browser - although it's not
entirely outside of the real of possibilities.)

On a somewhat tangential track: why do we keep doing free work for GOOG
by training its neural nets every time we solve a captcha? What other
captchas are out there that don't use The All-Seeing Eye?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20160720/0d4580b6/attachment.pgp>