Stop using reCaptcha on all your services

because 1 reCaptha is unsolvable when you are using Tor 2 reCaptcha allows Google to track user's visits

added component::internal services/service - trac priority::high resolution::fixed severity::major status::closed type::defect labels

Related to #10809 (moved)

Captchas should be self-hosted. Or, at least, not hosted by an effing PRISM provider!

STR: Post a comment containing a blacklisted word, such as busin3ss.

Result: Trac decides you're a spammer and serves you a Google captcha.

Raising priority/severity to try and get some attention.

Trac:
Sponsor: N/A to N/A
Priority: Medium to High
Severity: N/A to Major

@cypherpunks, what does STR stand for?

Trac:
Username: ohheyalan@icloud.com

Replying to ohheyalan@…:

@cypherpunks, what does STR stand for? Steps to reproduce.

Really, the fact that they switched to serving the images from google.com instead of recaptcha.net shows it's just another avenue for them to collect google auth cookies.

@OP while I completely agree torproject should not use google for captchas (wtf!), just FYI tor browser has a different set 3rd party cookies for each site so even if you're logged into google while getting a google captcha on this site you will not be sending your logged-in google cookies with the captcha requests.

Yes! Yes! Tor should NOT sleep with evil Google!!

Hey, I wrote a captcha code for myself a few years ago. If you're interested, feel free to use/edit my code to see fit.

I hope Tor websites(all, incl. Trac) serve 100% pure torproject.org server's data.

Trac:
Username: ikurua22
Reviewer: N/A to N/A

Trac:
Username: ikurua22

DO_IT_YOURSELF_CAPTCHA_SAMPLE.php

Trac:
Username: ikurua22

Please, don't use ikurua22's shit and take some good captcha library (there are plenty of them).

captchas are currently disabled.

Trac:
Resolution: N/A to fixed
Status: new to closed

closed

mentioned in issue #18697 (moved)