Privacy @lemmy.ml GonzoKnows @monero.town 1 yr. ago

Introducing Proton CAPTCHA | Proton

proton.me Introducing Proton CAPTCHA | Proton

We developed our own CAPTCHA service to ensure it is secure, respects privacy, and optimized to be usable by everyone. Find out how it works.

Proton @lemmy.world Z4rK @lemmy.world 1 yr. ago

Introducing Proton CAPTCHA

proton.me /blog/proton-captcha

64 comments

The EU has released an open source CAPTCHA solution

https://joinup.ec.europa.eu/collection/eupl/news/eu-captcha-under-eupl-12
- So there is one, very nice!
  
  Heard about mCaptcha too
- Does it work well?
  
  It does, yes.
Is it open source? If no, proton can suck my stroganoff.

Edit: The official subreddit of Proton says that it is a proprietary CAPTCHA system. Great.
- Proton has opened sourced everything so far and I would expect them to do that here. They have whole pages written on why they open source everything and why that helps privacy.
  
  It's a proprietary CAPTCHA, the sources say.
- Stroganoff is quite good if cooked correctly, may I try a taste of it? I'm messing with you
- Does it say that both the front end and back end are proprietary, or just the back end? I'd be fine with a closed source back end
  
  Nothing is mentioned other than "proprietary system". Probably meaning that both ends are closed source. I don't see how I can verify whether it respects my privacy or not. I don't see a reason to implement this instead of mCAPTCHA, which is fully FOSS.
I'd be much happier if they'd finish building Drive to have auto-upload like every. other. cloud. service.

We keep hearing "small team" so why do they keep adding half-done products and services?
- If you slap "privacy" in the marketing material you can sell a more expensive product, with less features, and communities such as this one will pay anyway.
  
  So that's why. It's in their own benefit to make more products rather than improve existing ones.
- Rclone added beta support.
  
  https://rclone.org/protondrive/
  
  nice to see
- Proton finishing drive would be nice.
  
  In browser file editing is the biggest feature I’m missing from Google Workspace.
  
  That can't be done without a massive, massive amount of engineering hours well beyond proton's size. There's a reason only huge software companies like Google or Microsoft are able to offer that.
- it's a half done google in terms of functionality
Other than making the web tedious to use, my biggest CAPTCHA complaint is that it puts the main providers in a position to monitor everyone's web use. The blog post doesn't address that, but it does say this:

No third-party services

Perhaps they mean it's self-hosted? That would be very welcome. It might require open source code to catch on, since many site owners are uncomfortable running mystery code on our servers. That would be very welcome, too.

Here's hoping it's good.
- since many site owners are uncomfortable running mystery code on our servers
  
  And yet Node.js exists and flourishes.
  
  What do you mean by that, isn't node open source as well?
New captcha designs should require you to beat a dark souls boss
- Next one will be to 100% every Assassins Creed game.
This is amazing. Great to have more alternatives to Google's crap
No third-party services

Support for alternative routing

(following link)

alternative routing requires us to use third-party infrastructure and networks we do not control

huh
- That just means they're using other servers to route traffic. It doesn't mean those servers are third party services.
Nice, but captchas are never a good measure to avoid bots, only to annoying users, apart from spying them, if it is from Google. Long before AI, bots could solve captchas better than humans. It is a clearly obsolete method. Apart the system used by Proton is impossible for blind users, Google captcha at least had an auditive captcha too.
- It does stop bots, but only extremely simple bots that for instance scrape data. That's mostly it though, more sophisticated bots can easily beat Captchas
  
  This is the problem. I remember a very simple method to avoid spambots on a forum with great success. It is based on the following idea: A spambot or even a spammer necessarily uses a disposable email to register. These emails are usually not valid for more than 10-30 minutes, just to be able to receive the confirmation link. In this forum, the sending of the confirmation email has been delayed for half an hour due to this and with this the spam problems have ended. A normal user, if they really want to sign up, waits this time without problems. Then the usual 50 messages before being able to put a link as an additional measure. Simple and without third party apps.
I often won't touch websites with captcha as its used to train ai for google so if I see open source captcha solutions of which I doubt I will see as often as id like as googles strong hold

But proton keep up the good work
- hCaptcha is catching on pretty quickly.
  
  That's still proprietary, so you'll just be feeding someone else's systems no?
It's a pretty cool idea. The more you fail, the more POW is applied.
Cool! But i still hate Captcha!
FUCK ALL CAPTCHA i want to develop a program not to solve captcha but to actually break them then when they go down bypass them some how some way one day i swear i will
Proton is trying to do too many things and can't excel at doing one thing. It's getting too big beyond its capabilities which means services are going to suffer at a lower quality.

If the want blanket trust from users, remove the VPN login to make it anonymous and change the VPN code to remove all anti-features and comply with native F-Droid, other RiseUpVPN is the only choice for everybody to use.
- Lmao if you're reading this, do not use RiseUp VPN.
  
  Why? Not being cheeky.
  
  What's the problem with riseup? I've also read some other comments below, but their confusing wording does not help..
- Sure, push a known malware free vpn service while bashing a service that is very well known and respected.
  
  Source for Riseup having known malware?
  
  I have to admit that I don't know enough about any of this to be sure I'm reading in the right way. Is it "known malware, free VPN" or "known malware-free VPN"?
  
  You found malware in the source code for RiseUpVPN? The source code is publicly accessible, what kind of malware is in it?
  
  It's one of the most transparent services, there's this neat video examining the available free VPNs by Techlore that was coincidentally made very recently: peertube/piped
- What "Anti-features" does proton VPN have?
  
  Accoding to F-Droid build service, it says ProtonVPN depends entirely on non-free network services, which means:
  
  "This Anti-Feature is applied to apps that promote or depend entirely on a Non-Free network service which is impossible, or not easy to replace. Replacement requires changes to the app or service. This antifeature would not apply, if there is a simple configuration option that allows pointing the app to a running instance of an alternative, publicly available, self-hostable, free software server solution."
  
  Compared to RiseUpVPN source code which has zero anti-features
everyday I have more reasons to not trust Proton

You've viewed 64 comments.