cerealxp/FreeCAPTCHA
1
0
Fork 0
Code Issues 12 Pull Requests Releases Wiki Activity

Create a proper README #2

New Issue
Open
opened 2023-06-12 11:49:34 -04:00 by cerealxp · 0 comments
cerealxp commented 2023-06-12 11:49:34 -04:00
Owner
Copy Link

Currently, the README shows how to the previous version of FreeCAPTCHA worked. That version of FreeCAPTCHA is documented here: https://www.turtle-techies.com/roll-your-own-captcha-python/.

This is no good for two reasons:

  1. FreeCAPTCHA is very different now
  2. We want to show a lot more.

Here is what I want to show, in order of priority:

  1. Quick demonstration of what FreeCAPTCHA looks like for users when deployed
  2. How webmasters (remember that word?) can integrate FreeCAPTCHA into their website (focusing on Tor onion services).
  3. Document the architecture of FreeCAPTCHA graphically and explain the techniques (overlayed radio buttons, z-indexing, etc)

So here's the outline of how that should look

  1. Intro
    a. What is FreeCAPTCHA? (FOSS plug and play CAPTCHA for no-JS)
    b. Why is it necessary? (replicate the behavior, quality, and security of commercial JS captchas, without the JS, because Tor users usually disable JS)
  2. Demo
    a. Show a gif demonstrating the use to access an onion service
    b. Link to a video that does the same but shows the cookies as they come in and such
  3. Howto
    a. JS and Python blobs for calling FreeCAPTCHA API
    b. PIP and NPM packages once they exist (middlewares)
    c. HTML blurb for adding freecaptcha iframe to frontend (alternatively, the captcha solving page could be hosted by freecaptcha, and then redirects you to the real site once you've solved the captcha. Similar to how oauth redirects work)
  4. Contributing
    a. Diagram showing the relationship between users' servers and our own. Show each part of the architecture and where it is in relation to everything else.
    b. Explain the z-indexing, overlaying checkbox CSS nonsense. (this also needs to be a separate issue where we try to find a real CSS master who can help us clearly understand and explain this lol)
    c. How the cookies work (see JWT issue)
    d. Security. Disclosing issues. Where weaknesses are likely to be and what kinds (where do we render input unsafely, jinja, possible jwt issues, rotating secret keys, architecture security, etc.) We should have a hall of fame for devs and seperate one for hackers with little trophies.
Currently, the README shows how to the previous version of FreeCAPTCHA worked. That version of FreeCAPTCHA is documented here: https://www.turtle-techies.com/roll-your-own-captcha-python/. This is no good for two reasons: 1. FreeCAPTCHA is very different now 2. We want to show a lot more. Here is what I want to show, in order of priority: 1. Quick demonstration of what FreeCAPTCHA looks like for users when deployed 2. How webmasters ([remember that word?](https://developers.google.com/search/blog/2020/11/goodbye-google-webmasters)) can integrate FreeCAPTCHA into their website (focusing on Tor onion services). 3. Document the architecture of FreeCAPTCHA graphically and explain the techniques (overlayed radio buttons, z-indexing, etc) So here's the outline of how that should look 1. Intro a. What is FreeCAPTCHA? (FOSS plug and play CAPTCHA for no-JS) b. Why is it necessary? (replicate the behavior, quality, and security of commercial JS captchas, without the JS, because Tor users usually disable JS) 2. Demo a. Show a gif demonstrating the use to access an onion service b. Link to a video that does the same but shows the cookies as they come in and such 3. Howto a. JS and Python blobs for calling FreeCAPTCHA API b. PIP and NPM packages once they exist (middlewares) c. HTML blurb for adding freecaptcha iframe to frontend (alternatively, the captcha solving page could be hosted by freecaptcha, and then redirects you to the real site once you've solved the captcha. Similar to how oauth redirects work) 4. Contributing a. Diagram showing the relationship between users' servers and our own. Show each part of the architecture and where it is in relation to everything else. b. Explain the z-indexing, overlaying checkbox CSS nonsense. (this also needs to be a separate issue where we try to find a real CSS master who can help us clearly understand and explain this lol) c. How the cookies work (see JWT issue) d. Security. Disclosing issues. Where weaknesses are likely to be and what kinds (where do we render input unsafely, jinja, possible jwt issues, rotating secret keys, architecture security, etc.) We should have a hall of fame for devs and seperate one for hackers with little trophies.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something is not working

  
Discussion

Fomenting conversation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
Discussion
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cerealxp/FreeCAPTCHA#2
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?