Website Why not join the 21st century and implement cookies on your website?

[Fantum7]

The captcha says pick motorcycles but the whole picture is one motorcycle.

Then it says click the bridges so I click the bridges but no, apparently only the wrong bridges.

I click remember me, but you won't.

[devyni9]

Idk bro, you want too much.
I suggested them to upgrade to reCAPTCHA v3 few years ago that doesn't require to solve puzzles anymore but to this day we don't have it. :/

[Shred]

recaptcha v3 is like v2 with the only difference that if the system determines that you are a bot you can't do anything to "redeem" yourself.

[devyni9]

recaptcha v3 is like v2 with the only difference that if the system determines that you are a bot you can't do anything to "redeem" yourself.

No, you're wrong.

v2 requires user interaction, such as clicking on a checkbox ("I'm not a robot") and/or solving image recognition tasks
v3 requires no user interaction at all, it works in the background evaluating user behavior (mouse movement, clicks, time spent on page) to determine if it's a human or a bot.

[Shred]

If v2 determines you are a bot, it gives you a captcha to fill. If v3 determines you are a bot, it tells the website you are a bot and doesn't give you a chance to go through a captcha to prove it wrong. The website is then supposed to do its own verification tasks to guess if the user really is a bot or not.

v3 is crap, which is why nobody uses it.

[Repost]

The remember me checkbox definitely works but changing your IP will invalidate the session.

[devyni9]

If v3 determines you are a bot, it tells the website you are a bot and doesn't give you a chance to go through a captcha to prove it wrong. The website is then supposed to do its own verification tasks to guess if the user really is a bot or not.

v3 is crap, which is why nobody uses it.

You won't be marked as a bot to prove otherwise if you're not a bot.

[devyni9]

v3 is crap, which is why nobody uses it.

Maybe you don't use it in your legacy work project lol.

[Repost]

You won't be marked as a bot to prove otherwise if you're not a bot.

It must have been quite the challenge to not have any false positives, ever.

[devyni9]

It must have been quite the challenge to not have any false positives, ever.

It depends on the fine-tuning of score threshold. If you demand very high score then false positives can occur in some circumstances.

[Repost]

It depends on the fine-tuning of score threshold. If you demand very high score then false positives can occur in some circumstances.

That's a nice way to pass the blame.

[Shred]

You won't be marked as a bot to prove otherwise if you're not a bot.

That's not true.

Maybe you don't use it in your legacy work project lol.

A more nuanced answer: v3 is only good if you can pair it with other verification methods. The documentation lists a few. They are unreasonable for most websites, and still, most websites are still using v2 or have switched over to turnstile or hcaptcha.

v3 seems to me like one of those projects that were made by google for google.

[Obnoxious]

On top of all that, literally thousands of people login just fine every single day.
That for sure points at there not really being any major issue, or in the very least nothing that affects more than a microscopic minority.

[Fantum7]

The remember me checkbox definitely works but changing your IP will invalidate the session.

Nowhere in the HTTP specification does it say anything about how the user SHALL endeavor to always connect to a site using the same IP address.

This is especially problematic as we're all living on the 3.3.5a client, which I imagine will never support IPv6. My IPv6 address never changes (if I so wish it.) My IPv4 address is constantly changing, regardless of my wishes.

[Fantum7]

On top of all that, literally thousands of people login just fine every single day.

raised on the grind, we're like trained monkeys