[anti-censorship-team] Insufficiently many pregenerated BridgeDB captchas?

[meskio]

Quoting David Fifield (2021-12-09 23:45:06)
> It would be best to generate a fresh captcha image for each challenge,
> but if that's not possible, we should increase the number of cached
> images or regnerate the cache periodically.

Our current mechanism to generate captchas is:
https://github.com/isislovecruft/gimp-captcha

Which requires gimp, and might not be fast enough to generate a captcha per 
request besides not sure how TPA will feel about installing gimp the server. We 
could consider other options.

I see there are few libraries in go or python for it (will require some 
investigation to see if they are not way easier to break than gimp ones). Or we 
could use reCAPTCHA (bridgedb redame says is supported) or hCaptcha, that I 
guess will produce some doubts about privacy of the users.

There is a conversation about deprecating the captchas (as they are broken in 
many situations and are hard for many people) and we are setting up a new API[0] 
that will not have catpchas to see how it goes.

Anyway, I would prefer not to change how we serve captchas until we reimplement 
moat in rdsys. But we could regenerate the captchas, I don't think anybody has 
done it since phw did over one year ago. I created an issue to do it:
https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/24607#note_2599604


[0] https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40025

-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/anti-censorship-team/attachments/20211215/d603bd08/attachment.sig>