New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
International Captcha (China)
So it was recently revealed that the domains used in recaptcha are blocked in China. That got me thinking, is google api's? e.g ajax.googleapis.com
What other domains commonly without forethought used on the global web might be blocked? BootstrapCDN? JSDelivr?
Anyone researched this? Other countries of interest?
Thanked by 1poisson
Comments
Great thread. I think it is important to get the information out so that we can better assess how service providers should react.
I see many Crypto sites using this http://www.geetest.com/first_page
@sonic paid Captcha services are a hard sell for most webmasters to accommodate one country's idiosyncrasies don't you think?
Yeah, one country of 1.4 billion people.
Also china isnt the only country censoring the internet. Russia, India, Iran etc. also might block such services at any time.
JSDelivr is the best, their CDN has node inside mainland China.
Recaptcha IS available and launched in China with domain www.recaptcha.net. Replace domain in the document to www.recaptcha.net and you are ready. Document reference: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
You may DM any China-related problem with www.recaptcha.net to me. It's my
dutyjob to make sure it perfectly works in China actually.Note: if you are using CSP headers, besides domains mentioned in the document, also include:
PS: recaptcha.net is owned by Google:
just search gfwlist
@webdev That's really not helpful. For example gfwlist lists recaptcha.net and api.repcaptcha.net while @EveNeko (and others) claim Recaptcha works fine. Conflicting information is rife unfortunately.
A country that for the most part uses domestic resources and services. Therefore represents a minority to the rest of us.
For most people US & Europe is "the majority". Anybody else is "the minority", that definitely includes us in Australia.
While for some sites/services who have actively large number of chinese users or customers paying for a specific solution makes sense. For the vast majority of people, i.e a webhosting forum that uses Recaptcha on it's signup page it's a very hard sell to say that they should spend $50/month for non-vpn China support.
Why should providers react though? If a government is out to disrupt and block internet access from their citizens, any way to get around it is just going to be temporary if the service is actively used in China.
Well, specific regions of China implement their own GFW blocks.
Banned sites differ by city.
I don't mean all providers, but those who intend to aggressively corner the Chinese market will need to figure this part out. Many providers are uninterested but there are those who are.
That's kind of another story. Google domains launched in China are only resolved to China IPs if resolvers are inside China. Otherwise, they will be resolved out of China and blocked. Most people using gfwlist are also likely using global resolvers like 8.8.8.8, 1.1.1.1 or something like that.
The best way to determine if a Google service work in China is to use https://tools.ipip.net/dns.php like things, and see if the domain is resolved to Chinese IP address.
It would really just be easiest if China would formally split off from the rest of the Internet and then we wouldn't have to worry about this nonsense.
It keeps bothering me why so many websites use these in production. Can't they just include libraries on their own domain?
If I'd be interested in China traffic I'd serve everything from my own domain. That seems like the most reliable solution.
For example, you might need to disable HTTPS just for China, and CDN might not support HTTP.
There are many great libraries for making your own captcha, as well as plugins for popular CMS software.
It keeps bothering me why so many websites use these in production. Can't they just include libraries on their own domain?
Convenience and Speed. The CDN behind most of the JS & CSS CDNs is superior to anything you will get at a low end price bracket.
For me these always increased website loading speed. It's additional DNS request, additional TLS connection.
Thanks to HTTP/2 additional CSS/JS requests on the same origin are basically free.
Either you can download CSS/JS from official website, or your programming language package manager does that automatically for you. Why waste someone's else server bandwidth?