Hi All,

In the next update of lemmy there appears to be a change that removes the ability to use a CAPTCHA entirely. However, it will also ship crucial changes to how it functions such that the app will be WAY more bandwidth efficient and caching friendly.

Originally, I held the position that I would stay on the older version of 0.17.4 (the present version) and would only upgrade once CAPTCHA’s were re-introduced in some way. However, given the hosting and bandwidth costs associated with running websockets to users, it makes better sense to use my resources and offload CAPTCHA to Cloudflare and upgrade to the next release.

To be clear, CAPTCHA and similar technologies do have flaws - especially the one Lemmy had been using. And that they also pose issues for people of varying abilities. However it’s critical that these deterrents exist to keep low effort attacks and exploitation at bay. I still urge the developers to roll back the removal of the old CAPTCHA until a direct replacement is implemented.

Let’s be frank, If a nation state wanted to hack tucson.social, they could probably do it given enough effort - but I’m not protecting against nation-states. I’m protecting against people with vendettas, small spam operations, internet edgelords with egos, etc.

So in order to provide a better user experience at tucson.social, a “smarter” experience, and get ahead of a planned change that needs preparation anyways, I’ll be dropping the Lemmy provided CAPTCHA today in favor of more intelligent and dynamic ones from Cloudflare. They should only pop up if your traffic is particularly “bot like” and should be easier to see and solve if you do get them.

TL;DR - This “shouldn’t” impact anyone and should improve the sign-up experience of the site.