1. 22

  2. 17

    I don’t agree with the “If you really must use Google reCAPTCHA… There’s the Invisible reCAPTCHA.” part. The delays and privacy invasions are just the same there, you just don’t attribute the slowness to Google. It’s even worse, because when you block reCAPTCHA, as I do, it’s harder to notice why a site suddenly doesn’t work. So far I’ve complained to Bandcamp and GOG about their use of reCAPTCHA, but it hasn’t helped.

    Related: https://lobste.rs/s/mqbre5/you_probably_don_t_need_recaptcha

    1. 2

      What blocking rules do you use for reCAPTCHA? I’ve thought about doing this too, but had trouble finding lists of the domains I need to add to uBlock Origin.

      1. 5

        I block *.google.com, which works because reCAPTCHA is served directly from the Google domain. This is described in detail in the article I linked.

        1. 2

          You should also block recaptcha.net. What happens when you block it — how do sites react?

      2. 2

        Do you have a better alternative?

        One of the web sites I manage (“manage” ­— I try to spend no time on those things) has some forms that attract bots, and if the bot volume increases much more I shall have to do something. The question is what I might do. Blocking Tor completely would help, but I’m not exactly enthusiastic about that. The self-hosted captchas, hidden input fields etc., seem to be in an arms race with the bots, and losing. Right?

        1. 4

          Do you have a better alternative?

          There are alternatives to reCAPTCHA in the article, and in the article that I linked. My comment was about “If you really must use Google reCAPTCHA”; I’d say that if you really must use reCAPTCHA because your boss will fire you if you don’t, use reCAPTCHA, but don’t try to hide that you use it.

          1. 3

            I read the article; what it mentioned seems to be worse in my case and AFAICT also in the general case. Installing something that’s losing an arms race is a waste of time.

            I see your point about not trying to hide it.

        2. 2

          Thanks for sharing! Yeah, I agree about not using it at all and I don’t use it myself. My intention with that section was to add something for those who insist on using Google product like I did for Analytics and YouTube sections too. For me as a user, I’ve had less issues with those invisible captchas than the regular ones but I’ll certainly look into it more. Thanks again!

        3. 11

          On the youtube section, I would add self hosting the videos. The <video> tag exists, you can treat videos the same as images and keep them on your server.

          1. 3

            youtube has a variety of performance improvements over a stock video tag, like choosing an appropriate bitrate, generating a thumbnail, and other things.

            Do you know what i would read to learn what all these differences are and which ones can be implemented easily on a self hosted server?

            1. 3

              Thanks for sharing. Self hosting video is really difficult for most people. Many of the normal hosting providers that people use for their sites don’t even allow videos (or have severe restrictions). This is mostly why I didn’t mention it. I really like PeerTube as a better solution for people who don’t want to upload to YouTube.

              1. 4

                This is really a though one. For one, <video> tag might be too little, and having a peertube instance might be too much.

                But I do think that e.g. video.js and a local file (or S3, Storage or similar) should be enough for a lot of the use cases. If you need a more complex solution, PeerTube might still be too much, but so is youtube or vimeo - so I think you don’t lose anything with self-hosting or having a local peertube. Things not covered by those two cases are probably quite specific and would benefit from custom solution anyway.

                However, that’s what I think, and I’ve been known to hold opinions that simply suck.

              2. 2

                It can be done but posting videos from third parties on your webpage will surely get more copyright requests than just images. Also, you lose some features related to multi codec support and adaptative bitrate which require more advanced players (can also be self-hosted, but not just a plain tag)

              3. 1

                download and self-host whatever font you want to use. Here’s a hassle-free way to self-host Google fonts.

                This is so ridiculous! Please don’t host your own fonts on your own website!

                Can anyone explain to me why a website needs their own fonts, in place of the system ones, in the first place? Does anyone with a custom /etc/hosts NOT block all of these useless fonts?

                ::2	fonts.googleapis.com	fonts.gstatic.com
                ::2	use.fontawesome.com
                ::2	hello.myfonts.net	fast.fonts.net
                1. 5

                  The system fonts might not have all the required characters for the text/language in question. The website author might want to have the website have a certain look.

                  There are many valid reasons. But feel free to tell your browser not to load them (and get a possibly degraded experience), it shouldn’t make any difference whether they are self-hosted or not.

                  1. 2

                    The system fonts might not have all the required characters for the text/language in question.

                    I think this is a valid concern. However, my feeling is that remote font loading is mostly used to aesthetic reasons.

                  2. 3

                    I agree with you about not using third-party fonts at all and I don’t use them myself while I block them using uBlock origin for my browsing. The worst are those sites that use third-party fonts to display icons in their menus etc as blocking say Google Fonts in those cases breaks their site! The idea with that section was to mention a little bit of a better alternative to those who insist on using Google Fonts (self-hosting them does speed things up and perhaps has a privacy benefit too). My main recommendation is to use web safe fonts and this should be the way to go for all sites.

                    1. 1

                      Can anyone explain to me why a website needs their own fonts, in place of the system ones, in the first place?

                      IMO most default system fonts are harder to read than something like e.g. Merriweather.