Page 1 of 1

CAPTCHA issues upon registration

Posted: Thu Feb 22, 2018 10:07 pm
by Torsten
Hi all!

While I finally managed to register with this site (as you see :),
I'd however like to notify you about oddities I encountered during
the registration process.

Have to point out that my internet access bandwidth is limited (only
64 kbps, i.e. ISDN speed). With full-featured browser, complex pages
take several minutes to load. I thus prefer Mikulas' Links browsers,
which loads common sites at reasonable speed.

Alas, user forums nowadays make use of CAPTCHAs to register with their
sites, and so does reactos.org. There is no way to decipher CAPTCHAs
with a text mode browser ... As they rely on JavaScript code, Links
in graphics mode won't do the job, neither.

I thus tried to load https://www.reactos.org/user/register with
Epiphany 3.8.2 from my Raspberry Pi 3G internet router. No CAPTCHA
appeared, the [Create new acount] button revealed a "The answer you
entered for the CAPTCHA was not correct" reply. The same with
Firefox ESR 45.2.0 on Raspbian, i.e. no CAPTCHA shown at all.

Further attempt with an Ubuntu 16.04 live CD, on x86 platform. Comes
with Firefox 45.2.0 as well. Surprisingly, for the first time, a
reCAPTCHA's frame showed up here. However, the Google gadget reported
that I used an "unsupported browser". Erroneously! After several page
reloads (a small eternity later), the connection to Google's servers
seemed good enough to make a CAPTCHA appear.

Worth mentioning that completing one CAPTCHA alone was not enough.
Only after the fifth or sixth, a dearly yearned "A welcome message
with further instructions has been sent to your e-mail address."
was displayed. I opened the one-time registration link in this
confirmation mail in Links from my main computer, but first thought
that a default password should display.

Then (unnecessarily) tried to open ReactOS site's confirmation mail
in Firefox 45.2.0 from Ubuntu 16.04 CD boot. As my freemail account's
site heavily uses JavaScript for advertisments, a total of 100 megabytes
data transfer (over 64 kbps line) was reached here until the next day.
Reactos.org is not to blame for this, just an incurred inconvenience.
Thankfully, required steps from the one-time link could be performed
from Links as well (and the Firefox session be shut down). Login/
logout works fine in Links, so there.

The registration took some energy I'd better have used for contributions.
It seems that not the connection speed to reactos.org was the limiting
(cumbering) factor, but rather the redirection to external Google
servers. Suggestions or confirmation appreciated.

Regards, Torsten

Re: CAPTCHA issues upon registration

Posted: Fri Feb 23, 2018 1:44 am
by ThFabba
Hi, and thanks for your interest. It's unfortunate that you ran into problems with the registration. However those issues don't seem easy to fix. Here's what I know:

Captchas are unfortunately a necessity. The project has experimented with a variety of options, and the current solution is one of the few that is able to keep spam registrations at bay. By the very nature of a captcha it requires either images or sound; it pretty much by design has to be inaccessible to text browsers. But if you have experience with alternatives that work well at scale, I'm sure we're open to hearing about them.

Whether or not Javascript should be a requirement for web pages is arguable. But I'm not sure here is the place for that argument. Also, I'd argue that fight was lost a long time ago.

About Firefox 45... the site is right, it's unsupported. Its end-of-life was more than half a year ago (and that's 45.9.0). The primary reason this is relevant is that that makes the browser insecure. You shouldn't use it, and support for an end-of-life browser is a clear Won't Fix for most websites. I understand that your bandwidth is limited, but keeping your browser up to date really is a requirement you can't get around, since it is by its very nature constantly exposed to untrusted content.

If you have any suggestions that you think would make the site more accessible, I'm sure they'd be appreciated. However when considering changes we also have to take into account the maintenance effort associated with custom-built solutions, weighed against the number of users benefiting from those changes -- and extreme bandwidth limitations are an example that is not likely to be a problem for most.

Thanks for your input.
-T

Re: CAPTCHA issues upon registration

Posted: Sat Feb 24, 2018 7:35 am
by EmuandCo
I hope you are not feeling attacked personally when I am quite shocked about your internet speed. Taking your german into account and the few countries where it's spoken I think you had bad luck or bad phone lines (F*CKING BAD) when I am thinking about the steadily increasing average speed we have (which still sucks compared to other parts of the world though).
Anyways, as ThFabba already told ya, the site is quite correct banning you out with a outdated browser. If you want to stay on one browser longer than right now, I recommend ESR builds from Firefox. (https://ftp.mozilla.org/pub/firefox/releases/52.6.0esr/) But beware, these are bigger than more recent versions due to the old XUL plugin system still being in place.
Regarding the captchas I must tell you that these will not change in any way. We had enough experiments before these and all failed. I have some numbers for you in that case: At some days we had 150+ new threads and 400 new posts all being spam. We don't have 30+ moderators filtering these out, so the new system with 1-2 spam posts a day is a relief for moderators AND users.

Re: CAPTCHA issues upon registration

Posted: Sun Feb 25, 2018 8:52 am
by Torsten
Hi ThFabba,

thanks for your in-depth explanations. A consolation after a six-hour effort!
I didn't know that forum sites are so highly affected/ attacked by spammers.
Back in 1998, I simply wrote to mailing lists (and quickly obtained replies),
or posted to newsgroups. Today, many mailing lists require subscriptions,
obviously for undesired contributions, and the usenet's role seems to fade out.

I imagine what might happen if the spam business used artificial intelligence
to resolve captchas ... and understand why you rely on Google's services
here, to keep pace (e.g. upcoming biometrical captchas which, however will
require some sensor to acquire such data). Upon registration, it was mainly
the connection to Google's captcha server which caused problems ...

Your words on JavaScript sound pessimistic. I didn't know that Firefox 45.2.0
is outdated, one and a half year after I actually installed it. Contrary to
Google's notification, it worked anyway. I was in fact concerned about the
100 MB traffic caused by it overnight, as even Live DVDs mount recognized
partitions. It's not my browser for every-day use, rather a last resort for
resolving captchas. I appreciate slim, efficient code - this is why I
actually like ReactOS, which is only three times as big as Windows NT 4.0.

Likewise, this site is more streamlined than other user forums I have seen.
It allows me to read and post using Links 2.13. Please do not change this.

@EmuandCo:
400+ spam posts per day is a lot. I've seem such content in an *archive*
of a forum site, ref. http://mirrors.pdp-11.ru/www.drdosprojects.de.tar.gz ,
which was closed shortly afterwards. I clearly prefer this forum being alive.

Greetings, Torsten

Re: CAPTCHA issues upon registration

Posted: Sun Feb 25, 2018 12:12 pm
by dizt3mp3r
When spam-creating businesses use artificial intelligence to successfully resolve captchas then that's close to being the end of the internet - bar spilling a sample of your blood onto your keyboard for DNA testing.

By the time AI rises, captchas will be the least of our problems... We can only hope that it spawns from Microsoft and will be full of bugs with a poor interface.

Re: CAPTCHA issues upon registration

Posted: Sun Mar 04, 2018 6:57 am
by linrx
ThFabba wrote:Captchas are unfortunately a necessity. The project has experimented with a variety of options, and the current solution is one of the few that is able to keep spam registrations at bay. By the very nature of a captcha it requires either images or sound; it pretty much by design has to be inaccessible to text browsers. But if you have experience with alternatives that work well at scale, I'm sure we're open to hearing about them.

Whether or not Javascript should be a requirement for web pages is arguable. But I'm not sure here is the place for that argument. Also, I'd argue that fight was lost a long time ago.

About Firefox 45... the site is right, it's unsupported. Its end-of-life was more than half a year ago (and that's 45.9.0). The primary reason this is relevant is that that makes the browser insecure. You shouldn't use it, and support for an end-of-life browser is a clear Won't Fix for most websites. I understand that your bandwidth is limited, but keeping your browser up to date really is a requirement you can't get around, since it is by its very nature constantly exposed to untrusted content.
Pretty much agree with ThFabba,

1. Even without captchas, some form of anti bot and anti spam is usually preferred these days.
2. Javascript has been around since the 1990s, the workaround regarding javascript is simply not using a web browser, try any of the other app stores from Microsoft, Google and Apple instead.
3. Firefox is open source in at least one way, it does not come with a commercial guarantee that it is perfect.

Re: CAPTCHA issues upon registration

Posted: Thu Jan 16, 2020 1:06 am
by andreas84
I really dont like the google captchas stuff.
Its not always working as it should.
Google is known to track user which means if you include google frames they likely can track ros users.

Re: CAPTCHA issues upon registration

Posted: Thu Jan 16, 2020 9:49 pm
by EmuandCo
Thread necromancy? Come on! Anyways. Google CAPTCHAS are the best right now, you are free to recommend another way to block bots and spammers

Re: CAPTCHA issues upon registration

Posted: Fri Jan 17, 2020 6:39 pm
by andreas84
How about a bot honeypot:
A question bots are filling for certain but with the note for humans to leave it open.