from tired_fedora@lemmy.ml to degoogle@lemmy.ml on 26 Jun 08:29
https://lemmy.ml/post/49249286
I just hit an “are you a bot” captcha screen on mojeek. At first I was shocked that mojeek, beloved search engine of the privacy crowd, would go down that path: Blocking people who use VPN and a minimal-fingerprint browser just because. However, reading the footnote and digging around a little, Mojeek seems to use Altcha, which can be self-hosted without any external calls or data sharing. altcha.org/docs/v2/…/threat-intelligence/
While I can’t say I identify as a threat quite now (to Mojeek, anyway), I can see how adding a little friction for the bots and scrapers out there can be a good thing for the web overall. As long as this doesn’t happen on every second search and as long as the data stay where they belong, I’m chill with it. Peace out.
threaded - newest
Altcha’s open-source and self-hosted, which is the best-case scenario for captchas. As I understand it Anubis and go-away are also self-hosted and open-source as well.
It is ironic that a search engine championing privacy would adopt a threat intelligence feed, which inherently requires cross-referencing client behavior against a centralized database to determine “threat” status. This approach fundamentally contradicts the minimal-fingerprint philosophy Mojeek espouses, as it shifts the burden of proof onto the user’s local environment rather than relying on on-device or local-only verification methods.
Though i get “you are sending automatic quaris” error everytime
I get that a lot also. I wonder is it because I’m using Tor browser. Anyone found a way around this?
I think proof-of-work CAPTCHA could solve a lot of this problem.
Sure, it’s still going to let some bots through, but those bots are going to have to work to get through.
When you’re a single person, one or two seconds worth of work to solve the CAPTCHA isn’t a problem. When you’re a bot with hundreds of thousands of machines, that’s hundreds of thousands of seconds.