Follow

's detects whether a user downloads images. If not, they're presumed to be a bot & get attacked with a puzzle. And yet it's all the *images* that strain the network in the 1st place, not the text.

in this sense, a is actually harmful to the environment, not just bots.

Show thread

@tobtobxx Your premise in your question assumes there's a problem to solve. Can you describe the problem?

@resist1984 How would you defend against let's say spam bots creating a lot of new resource intensive git repos on a public git server? (The users are created by humans, just the repos are created by bots.)

@tobtobxx in principle there's no need for a web UI for github. repos can be serviced via SSH and to date there's been no need to CAPTCHA SSH users. Github chooses to make some functions exclusively available in their web UI (e.g. PRs), but that's their choice. And it's that choice by which their perceived need for CAPTCHA arises.

@tobtobxx vandalism still happens, ssh or not, but this can be controlled by way of access controls. Not to mention cleanup tools. E.g. if your inbox gets spammed the email firewalls isn't your only defense. There is SpamAssassin, and the possibility to extend Spamassassin's role beyond email.

@resist1984 I was thinking about @codeberg's situation.
codeberg.org is a small nonprofit offering services similar to GitHub but with a foss backend (gitea fork).
They were recently impacted by an attack described in my previous post.

They ended up blocking access via tor, which they are not happy to do, but rather forced.

I guess we live in a cruel world. Those trying to do things right get attacked and ripped🤷🏼‍♂️.

@tobtobxx @resist1984 This has been discussed but thankfully we could avoid to enforce this option.

To be precise we never did and do not generally block tor or users from the tor network. We just do not allow account setup with single-use/throwaway email provider addresses anymore that have frequently been used by attackers. Also, IPs engaging in attacks are banned for some hours.

Codeberg is still accessible via tor.

@codeberg @tobtobxx I'm glad Tor was not permanently blocked -- that would have been an overly crude attempt at a remedy. Restricting access to the kinds of email accounts that require mobile ph# reg. is also overly crude, and I hope that would be temporary until the server gets smarter about detecting & reacting to attack. Perhaps access controls need to be more refined.

@codeberg @tobtobxx in any case, the most disasterous example is shown by .com, which has been ruined by 's . I can't even post bug reports & find it entirely unusable.

@resist1984
Is there a tool to automatically solve these CAPTCHAs ? This would help a lot.
@codeberg @tobtobxx

@wend @tobtobxx @codeberg there are tools to solve CAPTCHAs, and i think there's even a project to solve Google's, but i wouldn't use it as it still supports the mechanism and perpetuates harm to those who don't have such tools.

@codeberg @tobtobxx @wend some bots outsource the solving to India, where the sweat shop workers get ~$5/day. I wouldn't support that either.

@resist1984
#CAPTCHA is definitely annoying. I have seen this with #ZOOM as well. I think its because they've a lot of WINDOWS users.
@codeberg @tobtobxx

@resist1984
Is it possible at all to solve a captcha an not been treated as a robot ?

@wend I don't follow. If you're presented with a CAPTCHA, then you've already been treated as a robot whether to solve it or not. From there, I personally suggest /not/ solving CAPTCHAs b/c that supports the CAPTCHA pushers. When you dance for them you give them power.

@resist1984
Also, so I understand, Google's CAPTCHA also tries to detect if you've signed into, or have, a Google account & connect the two - tracking!

@Horizon_Innovations indeed it does.. it collects any google cookies that are still active.

@resist1984 I refuse to be a free 'mechanical turk' for google's image classifier training.

Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!