I'm migrating from Google reCAPTCHA v2 to v3. As they are quite different, I have a question.
I used to place my reCAPTCHA v2 only inside web pages where a form exists, to make users click and avoid bots. That's understood, ok, but with reCAPTCHA v3 there is NOT a checkbox where to click on (reCAPTCHA v3 analyzes the user behaviour and clicks).
So... should I place the reCAPTCHA v3 just in forms pages or should I place it in all and every pages I have (to make recaptcha observe how the user interacts with the web)?
I would disagree with Galzor’s answer. The documentation says that
The score is based on interactions with your site and enables you to take an appropriate action for your site.
It’s “site” and not page. It goes on to say
reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.
To me that last sentence means “every page with analytics on my site” — i.e. every page, whether it has a form on it or not. Which then gives rise to all sorts of privacy concerns, see also here.
Now my question is: what does the “reCAPTCHA verification” refer to? Including the api.js script or executing something or… 🤔
Unfortunately, the docs don’t spell this out clearly.
Addendum
(Feb 2023)
I switched to hCaptcha and their docs are also somewhat unclear. However, their customer service responded with
You should add the script and the DOM container with hCaptcha widget only on the contact form page and then call our /siteverify endpoint to validate the user.
and
Same scenario for second case, add it only on the sign up page and if validated within our side the user should be able to log in.
Based on that response I added the CAPTCHA only to the Contact page of my website and to the Sign Up page of the webapp.
Not sure this would also apply to Google’s CAPTCHA, though.
I dont think it should go into every page. mostly the users will find it too intrusive on all pages. in my opinion use it on page with form only.
Related
I am a little confused about the implementation of google's V3 recaptcha. The docs say that the algorithm decides the users score based on a number of actions. How is it watching those actions if those actions occur when the recaptcha is not being used?
For example, I have users "vote" on various categories. These votes happen on several different pages within a react app and possibly over more than one session. However, the only time that the recaptcha is called is when the user submits the form. Do I need to somehow notify the captcha to watch the voting actions? Does the code need to be imported in all components or on a higher component so that all voting ones have access to it?
I made some Mailchimp Landing pages a while back using strictly the in-band tools (no fancy API stuff) in the most straightforward way. They all worked when they were created. Now they don't work. A Mailchimp branded "sticker" that I don't remember seeing before appears to be slapped on top of the form in an inopportune place. The sticker has links to mailchimp privacy policy terms and general Mailchimp signup. You can enter an email address in the email field. The other field IIRC is optional but you can't enter anything in it now. And the submit button doesn't do anything. Nothing appears to be wrong in the mailchimp landing page editor. All of the client's landing pages fail the same way and they all worked when they were originally made. Here is an example page: I hope I have asked this question the right way but please forgive me if I did something wrong in the asking.
Google announced Invisible ReCAPTCHA is coming soon. For now, if you want to integrate the new reCAPTCHA to your site or app you can register here.
I do have 2 site keys whitelisted for the new Invisible reCaptcha and I've started "playing" with their examples: see them here https://developers.google.com/recaptcha/docs/invisible
Yes, when the page loads the recaptcha is invisible but when the form is submitted the recaptcha challenge appears all the time. You have to click on images, draw something around something else... etc
I've been testing this on different servers, 2 different sites which have the site key approved to use the Invisible reCaptcha, with different browsers form different locations. Same behavior: Google shows the challenge when the form is submitted on all 3 examples they have on their page.
Is this what we should expect?
Just as with the checkbox, if it can't reliably determine if you aren't a bot, you get a challenge. I can confirm that the invisible part does work when you are detected as a human.
Actually you have to approve the Terms of Service when you create a new reCAPTCHA site, that says that
You agree to explicitly inform visitors to your site that you have implemented the Invisible reCAPTCHA on your site and that their use of the Invisible reCAPTCHA is subject to the Google Privacy Policy and Terms of Use.
I have comments on the footer of each of my wallpaper pages:
http://www.socwall.com/desktop-wallpaper/30688/422-by-unknown-artist/
I'd like comments to post to my Facebook Page's wall:
http://www.facebook.com/SocWall
Is this possible?
Yes, but it will require some coding. Here are the basic steps:
Include the Javascript SDK on your site and subscribe to the comment.create Javascript event that is fired whenever someone posts a comment.
Auth your users for your site and app (again using the JS SDK) and ensure you request the publish_stream, user_likes and publish_actions permissions.
When you get those permissions from the user, perform an FB.api call to /USERID/likes and check whether your Page ID is included in those list of likes.
If it is there, then once the event in step 1 is triggered you can then do a POST on the API to PAGEID/feed with message parameter included. This will post the comment to your Page's feed.
A couple of other things to bear in mind:
If the user is not a fan of your page, you won't be able to do step 4.
You must make it clear to the users that posting a comment will also post to your Page. If you do not tell them, this will put your app in violation of Facebook Platform Policies but more importantly, it'll break user trust and they might report your app.
Basically, I want to use the Facebook Ads Manager Tool to estimate the number of users targeted by a particular set of targeting parameters. I know there is a published API available, but it is only usable if you are on their advertising application "whitelist." I am sure what I am asking is possible. Plus, it would be interesting to learn more about scraping.
Facebook's Ads Manager Tool is basically an AJAX UI for their ads API. In the process of creating a campaign, you can specify targeting parameters, and the page will dynamically report the number of users targeted as you modify the parameters. From what I've read on the web and here on stackOverflow, it is possible to use Firebug or a similar tool to pick apart what requests are being made by the page and to where, then mimicking these calls to get the information you want.
I'm having trouble interpreting the panels of Firebug. I think the URI I'm trying to send a request to is www.facebook.com/ajax/inventory_estimator.php, though I'm not sure how to form a call.
So, if I want to write a script or program that takes a list of words to use as keywords and returns the estimated number of users for each keyword, how could I do it?
Link to Facebook's Ads Manager Tool, Campaign Creation Page:
http://www.facebook.com/ads/create
yes using an extension like firebug to examine the HTTP requests is a good way to do this.
The Net tab is the one you want (last one).
Have you tried irobotsoft webscraper? It has a good ajax support.
Check their forum here: http://irobotsoft.org/bb/YaBB.pl