Project

General

Profile

Task #2141

Replacing reCAPTCHA with self-hosted version

Added by Krasnaya Ploshchad’ . 11 months ago. Updated 22 days ago.

Status:
New
Priority:
Low
Category:
-
Target version:
Team - Qlater
Start date:
Due date:
% Done:

0%

Estimated time:
Tags:
URL:

Description

Ask LibreOffice currently using reCAPTCHA for CAPTCHA, but this service as well as many other Google services have been banned by PRC for a long time, making this site not useful for their people, to avoid that, Ask LibreOffice should replacing it by free and open source replacements.

History

#1 Updated by Florian Effenberger 11 months ago

Ask LibreOffice currently using reCAPTCHA for CAPTCHA, but this service
as well as many other Google services have been banned by PRC for a long
time, making this site not useful for their people, to avoid that, Ask
LibreOffice should replacing it by free and open source replacements.

Do you know of a working alternative and have some hands-on experience
you can share with us? That'd be great! :-)

#2 Updated by Krasnaya Ploshchad’ . 4 months ago

Florian Effenberger wrote:

Ask LibreOffice currently using reCAPTCHA for CAPTCHA, but this service
as well as many other Google services have been banned by PRC for a long
time, making this site not useful for their people, to avoid that, Ask
LibreOffice should replacing it by free and open source replacements.

Do you know of a working alternative and have some hands-on experience
you can share with us? That'd be great! :-)

I have found some alternates can provide captcha without relying on Google’s online service, all of them are FOS:
https://github.com/mewebstudio/captcha
https://github.com/dchest/captcha
https://github.com/Gregwar/captcha
http://dice-captcha.com/
http://jcaptcha.sourceforge.net/
http://www.phpcaptcha.org/
http://www.sweetcaptcha.com/

Alternatively, we can also get source from Google to build our own captcha:
https://github.com/google/recaptcha/releases

#3 Updated by Florian Effenberger 4 months ago

I have found some alternates can provide captcha without relying on
Google’s online service, all of them are FOS:
https://github.com/mewebstudio/captcha
https://github.com/dchest/captcha
https://github.com/Gregwar/captcha

Do you have experiences wrt. their detection rate? A properly working
captcha is quite important given the amount of spam we regularly see, so
if we have insight into their detection rate, that would avoid parts of
own tests. ;-)

Alternatively, we can also get source from Google to build our own captcha:
https://github.com/google/recaptcha/releases

Would this be working in China, or is this blocked as well?

#4 Updated by Krasnaya Ploshchad’ . 4 months ago

Florian Effenberger wrote:

I have found some alternates can provide captcha without relying on
Google’s online service, all of them are FOS:
https://github.com/mewebstudio/captcha
https://github.com/dchest/captcha
https://github.com/Gregwar/captcha

Do you have experiences wrt. their detection rate? A properly working
captcha is quite important given the amount of spam we regularly see, so
if we have insight into their detection rate, that would avoid parts of
own tests. ;-)

Then I’m out of idea.

Alternatively, we can also get source from Google to build our own captcha:
https://github.com/google/recaptcha/releases

Would this be working in China, or is this blocked as well?

If you create your own captcha based on this, but not send any request to Google, it would be work and not being disturbed by GFW.

#5 Updated by Florian Effenberger 4 months ago

  • Subject changed from Replacing reCAPTCHA on Ask LibreOffice to Replacing reCAPTCHA with self-hosted version
  • Assignee set to Guilhem Moulin
  • Target version set to Qlater

I'll assign this to Guilhem
However, not sure when we will find time for this - if a volunteer wants to look into it before, happy of course to give them access to our testing site :-)

#6 Updated by Krasnaya Ploshchad’ . 4 months ago

Florian Effenberger wrote:

I'll assign this to Guilhem
However, not sure when we will find time for this - if a volunteer wants to look into it before, happy of course to give them access to our testing site :-)

Thank you, I hope you can avoiding GFW soon.

#7 Updated by Krasnaya Ploshchad’ . 4 months ago

LO Extensions and Templates website should do it too for Registration form.

#8 Updated by Florian Effenberger 3 months ago

Guilhem, I wonder whether that is some EasyHack and/or volunteer task to look into, or is it so trivial that it needs no investigating, but merely doing? (which then is limited to the admin group of course due to access requirements)

#9 Updated by Florian Effenberger about 1 month ago

Florian Effenberger wrote:

Guilhem, I wonder whether that is some EasyHack and/or volunteer task to look into, or is it so trivial that it needs no investigating, but merely doing? (which then is limited to the admin group of course due to access requirements)

Something for the next infra call?

#10 Updated by Guilhem Moulin 22 days ago

  • Priority changed from Normal to Low

We're currently using reCAPTCHA v2 as plugins to MediaWiki, Askbot, Plone (https://extensions.libreoffice.org) and Silverstripe (https://libreoffice.org); switching to another captcha solution requires that we find and configure a working plugin, or possibly develop our own if there is no such plugin.

The WebSSO system uses a self-hosted captcha solution, and once we change the auth method of the above services their frontend for account creation will disappear. I'm thus lowering the priority per the Nov. 21 infra call. If there is a working plugin which can replace reCAPTCHA in Askbot I can offer to deploy it, otherwise I'd rather spend my time on the SSO migration than attempting to glue the various bits together :-P

Also available in: Atom PDF