[Solved] - Why the hell is Disroot using Re-Captcha?

Captcha is used during account creation to prevent spam accounts. At the moment we are bound to using Google’s Re-Captcha because the user management tool we are using, PWM, is using Re-Captcha exclusively. PWM is the best solution we found for registering accounts or resetting password.

We are not very proud of using Re-Captcha. In fact we feel quite awful knowing G*** services are infiltrating ours, and it is on our wish list to replace it with an alternative. But so far we did not have the time nor the man power to dive into the subject and learn how to hack some different captcha into PWM instead. We did however, notify the PWM community and hope someone will come up with a solution soon. And as soon as we have some extra time on our hands, we will try to find a workaround to this problem.

Till then we beg for your understanding and patience.


Sounds good that you notified the team.

1 Like

Whatever you do, don’t allow log-in with Google :joy:.
Hope you can find another (free software) solution soon, but for now this will do!


It is sad, that a project standing for internet freedom and anonymity is forced to use a service of one of the biggest data collectors.
Well, I am fine with it, as it is only the sign-up.

Hopefully not for long. Today when discussing it in the car, we came up with clever trick that will hopefully enable us to finally ditch captcha.

We still need to test it and all, but by the end of the current sprint (end of January) we should have it up and running.

keep your fingers crossed.

Still not fixed?

Are you making your own database? Then I will help, what was the idea? (curious)

A quick search says phpcaptcha.org is a good alternative, that will increase some server load but at least users don’t have to see that stupid recaptcha!


We use ldap for user database / authentication.

We do have some workaround implementation in works that we will try to roll out in comming weeks.
The problem is that PWM (service for creating users, reseting passwords) written in java does not have implementation for other type of captcha then re-captcha.

The idea is to first implement our workaround (using phpcaptcha in between) and later try to convince upstream developers to include possibility to choose other captcha.

··· On 18 March 2018 08:06:14 CET, Avizini wrote: > > >Still not fixed? > >Are you making your own database? Then I will help, what was the idea? >(curious) > >A quick search says phpcaptcha.org is a good alternative, that will >increase some server load but at least users don't have to see that >stupid recaptcha! > >@muppeth > > > > > >--- >[Visit >Topic](http://forum.disroot.org/t/why-the-hell-is-disroot-using-re-captcha/291/6) >or reply to this email to respond. > >You are receiving this because you enabled mailing list mode. > >To unsubscribe from these emails, [click >here](http://forum.disroot.org/email/unsubscribe/f5d84daa3a551c22bba66886c1bd3367d32acf0a2479508f852a1dae6708e1f4).

Sent from my Android device with K-9 Mail. Please excuse my brevity.

1 Like

Captchas annoy most users, and heavily inconvenience users with disabilities. This article suggests ways of achieving the same goals, but by tricking the bots into revealing they are non-human, rather than requiring every human user proves they are human.

This sounds like a great idea. It deserves consideration.


Feneas.org host a number of different services for financial members, with user credentials hooked up using LDAP. AFAIK they don’t use any Goggle CAPTCHA stuff. Maybe you could ask them what they use?

@strypey @fe18d672.23d4.454b.8 We are not using google captcha for over two years!