New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I have noticed with a few sites it does hang up, but for the most part its good.
For the end user it's probably the best captcha. To actually prevent any bots it's pretty much useless.
Extremely easy to bypass compared to some other captchas that actually manage to stop bots.
To those who have said boycott all sites that use cloudflare captcha how do you use domain registrars, as I am just following up on my previous post asking for domain registrars to try and most are using this ubiquitous cloudflare.
So seems you will be heavily missing out on like 90% of commercial sites if you choose to boycott it. Same as used to be the case with recaptcha.
Namesilo using recaptcha. Dynadot using cloudflare. So pick your poison.
Nicnames.com - recommended by one user in that thread, no captcha on sign up that I see but they didn't offer uk domain registration on the results!
Seems like it would be an awful amount of legwork spending time on the internet if following this 'no cloudflare captchas' rule.
What about hCaptcha guys?
What about it?
For me cloudflare is the worst because it is impossible to get past it sometimes, however when it lets you through then it is easier then doing a task.
The fact that people say you are let through only because the thing has scraped so much data on your is concerning though.
I have noticed a couple of non cloudlflare ones are also like that now so seems to be becoming a standard. Yandex, which seems to like to give it to me after just one or two clicks of checking my mail, also does it. Some other one as well I forgot.
It's good as a tool to slow down exploit and brute force attacks. I think that's what it was really designed for anyway.
Cause there no such another lazy option available on market
Absolutely yes!, unfortunately even turnstile somehow just yapping "error occurred" on my computer, people tend forget actually can just limit request and less using captcha and making web less suffer.
Or we just old-style captcha like this
More and more people who rely on Cloudflare for their domain DNS, cache, and optimization will surely use their Turnstile captcha as well.
I still remember on one of my past clients’ sites, there was a time when Cloudflare’s captcha, especially in Under Attack mode kept making visitors stuck and there's me telling visitors almost every day to try refreshing the page, clearing cache and cookies, and using incognito or private mode to fix the issue, and for a few of them it still didn’t work.
My reasons as a dev would be:
1. Lesser evil than Google reCAPTCHA v2. v3 was basically useless to me, not sure about now though
2. No tricky puzzles like v2. I really hate having to mark all the stairs and still fail
3. I already use Cloudflare for the domain so I have no reason to use reCAPTCHA or hCaptcha
I don't particularly like it, but it's the best we have right now for a free captcha service.
Ok I am just going through the recommended registrars and for those who say boycott any site that uses cloudflare turnstile many of the registrars will use it. Dynadot, which many recommend here, uses cloudflare turnstile so I should boycotts the site?
It seems you have to make compromises somewhere along the lines when using these 3rd party services.
I hate the monopoly that Cloudflare is, especially since they have full reign over so much internet traffic. But damn do they offer some incredible features at little to no cost. Stuff like additional request headers with ASN/GeoIP data have made life a lot easier for my applications. It's like being dependent on a drug.
Every cloud provider operates the same business model as drug dealers. Get you hooked on free samples and then eventually upsell you to a paying customer. Cloudflare in particular can be used for free, that's why it's so popular.
I was reading more about their turnstile captcha yesterday and read something from a press release of theirs claiming they are better than google because they are not harvesting your data to sell to advertisers like google would and their services they offer are 'direct' or something like that.
Others here have said that turnstile only works by this harvesting of data and that it is one of the worst for that but maybe cloudflare's claim can remain true even with this in mind as it is in the intent in what it is used for.
"Yes we harvest your data but only use it for good."
Oh and it is really ironic I think that just a few years ago google would have been the monopoly and everyone would have been complaining that captcha was the dominant one yet it is breathtaking how fast cloudflare overtook it to become the new monopoly, only having launches in 2023 I think I read.
Why can't there be steady competition in this field in terms of several/many vying for top stop? There is hcatpcha you see here and there but very rarely. It seems one takes up 99% of the market and then the rest battle for the scraps.
I think Cloudflare is easy to integrate. No server side changes needed and you can configure it for countries. In my case i enable turnstile for all countries that are not my target audience.
Compared to other verification methods, CF is faster and more effective.
Ok now this pisses me off. Case in point, I seem to now be permablocked from one of the valued forums I use with the cloudflare infinite page reload when I am not even using proxies or vpn or anything but using mobile internet which is the only connection I have.
It used to be if that happened I could just reconnect and get a new IP but that is no longer working.
super fast and EU based.
free plan is below the colorful pay buttons and section.
requests seem pretty low, maybe they have higher allowance when they see your site.
https://friendlycaptcha.com/#demo
https://friendlycaptcha.com/#features
Free CAPTCHA for non-commercial use
Friendly Captcha offers a free CAPTCHA for non-commercial websites with low traffic.
Includes:
1 protected domain
Up to 1,000 requests / month
Privacy-friendly protection
No image labeling tasks for users
User-friendly and fully accessible
I used recaptcha and hcaptcha, bots got through all the time, using turnstile 98% of bots got filtered from registering.
F
Site owners are rarely looking for actual CAPTCHAs. They're looking for box ticks like "DDoS protection" and "bot protection" without really knowing what those are. As long as the CEO can load the website on his phone without being bothered, it's a success.
You don't get popular by providing good products and services. You get popular by understanding how to bullshit in the exact way everyone else expects. Bribery also helps.
I rolled my own altcha based solution for joining the waiting list for my app. Within a day there was a spam sign-up to a non-deliverable @qq.com address. But been no more since. On my 5800X the javascript takes about 5 seconds to solve in chrome.
Home-rolled captchas are an interesting niche: they won't be as sophisticated as the big players (remember most of that sophistication is smoke and mirrors though) but most bots won't bother to complete them because they'll have to be coded specifically for your website and that only happens if it's a high value target.
I guess they were just running a scraper in a JavaScript environment. For them they'll just be filling in the email address and clicking submit after waiting ~5 seconds after page load.
My aim was really just to make it too expensive to do it at scale. Each decoded token challenge can only be used once and within an hour.
But I was surprised that it only took a day for a bot to test it when I haven't noticed much other scraping activity.
Same as the Linux vs Windows debate for security - that being one argument, many others in favour of using Linux of course.
I really hate reCAPTCHA. It’s super frustrating as a user and often doesn’t work properly in Brave.