This is not complete and as such, should be considered a WIP. Comments/questions and such below are welcome
Following on from T249854: Add support for hCaptcha, and as a potential solution to T241921: Fix Wikimedia captchas (and the various older incantations).
hCaptcha is an alternative to reCaptcha, without the usual privacy concerns that come with it. cloudflare are currently in the process of moving from reCaptcha to hCaptcha.
It may still require a change to the WIkimedia's Privacy Policy, as it requires loading JS from an external website, and submitting data back to them, but hCaptchas Privacy Policy is seemingly more in line with what we'd want (IANAL, and would need WMF-Legal review obviously). They're more interested in the aggregate data rather than individual data, and try to discard other data as soon as they can.
hCaptcha are offering donation of websites "earnings" from captchas being solved to the Wikimedia Foundation rather than keeping it for themselves. While I imagine this won't solve all of Wikimedia's funding problems, it's nice that we're considered a good solution for the problem. Obviously, there's the potential of this resulting in captcha solves on Wikimedia sites also helping generate income
The implementation is similar to reCaptcha, selecting images of a certain type etc.
Localisation is done to ~150 languages, and they're planning on open sourcing UI translations onto github, so a chance to expand that further and to help support more languages (which is one goal of the Captcha replacement project, T7309: Localize captcha images, though removing the text strings to be identified and typed out does make that task kinda redundant)
There's also a labelling service we could potentially use with MachineVision instead of the Google services. It would be potentially possible to use our own captchas to help label our own images from commons, somewhat a mix of T87598: Create a CAPTCHA that is also a useful micro edit and T34695: Implement, Review and Deploy Wikicaptcha
Questions:
- Does this image matching captcha solution help our Accessibility issues?
Known caveats/issues:
- No "no JS" solution (currently)
- Can't serve captcha through API without expecting clients to load JS etc
- Possibility of specifically allowing bots
- Browser support versions will differ from ours - https://docs.hcaptcha.com/faq
- Not FOSS
- However, Wikimedia can get access to JS source for auditing purposes
- Requires dependency on external server
Useful links: