basically what the title says
the ones i’m aware of:
- google’s recaptcha
cloudflare’shcaptcha
cloudflare being better for privacy compared to google, but still not great afaik
The only privacy-friendly CAPTCHA is a self-hosted one.
The only user-friendly kind is none at all.
Depending on the web site, an alternative bot-filtering strategy might make sense, such as:
- Allowing signup without a CAPTCHA, but requiring one before the first post/upload is allowed.
- Allowing signup without a CAPTCHA, but deleting accounts that behave like bots.
- Allowing signup without a CAPTCHA, but deleting accounts that don’t purchase something.
- Allowing login without a CAPTCHA, but restricting retry rates and/or locking accounts after 10+ failures.
Cloudflare’s Turnstile has an invisible mode that you’re probably using in a lot of places and aren’t aware of it. It provides an invisible challenge to the browser and requires no interaction. I would say no input require in quite user-friendly.