35

We are developing a site that will require the usage of a captcha service.

Has anyone successfully use Google Recaptcha for a website for users from Mainland China?

  • Did you have major problems with load-time?
  • Did you experience any reliability problems?
  • Any problems with the great firewall of china?

Any experience that you can share is appreciated.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
wacdany
  • 991
  • 1
  • 10
  • 19
  • It is really easy to defeat a recaptcha with a human,ocr, or sometimes a speech recognition library. Try adding noise to the images and sound or a puzzle but a human can always download and submit it to a sweatshop or enter the answer themselves and then run a crawler defeating the purpose. It may be better to ask for other forms of human verification. Google even admitted that Recaptcha doesn't stop a crawler. Sphinx4, tesseract, and other programs are really easy to use and, when trained, break captchas. Why even go with the captcha option? – Andrew Scott Evans Jun 02 '14 at 21:56
  • AWS has a region set up in mainland China, you can also try out AliCloud. – B.Mr.W. Jun 03 '14 at 00:16
  • 1
    @Andrew, do you have any suggestion of spam preventing besides Recaptcha? – wacdany Jun 03 '14 at 03:53
  • I scrape/use REST as part of my job. To stop me, I would create legal assurance (Ts and Cs), throttle, check IP addresses and headers to ensure that they are valid and unchanging; check network activity in terms of unusual overall swings in activity. I recently looked into this in a database class and would recommend using Spring and Spring security as well (http://docs.spring.io/spring/docs/3.0.0.M3/reference/html/ch18s02.html), monitor searches for sequences or similarities (++); check against SQL injection. Creativity counts. Best bet, control who gets what with an API. – Andrew Scott Evans Jun 03 '14 at 15:10
  • 1
    Hello @Stephen, if it gives any help we ended up implementing "HoneyPot Captcha" as opposed to captcha, similar to http://subkismet.codeplex.com/ We added some more complexity such as random field name generation from a dictionary, random field position, etc. After the added complexity the honeypot managed to filter spam unexpectedly well (sorry I don't have the numbers, but we didn't receive more customer concerns about it). – wacdany Dec 11 '15 at 03:40
  • Hi @StephenPaulger, I'd like to add that, it is possible to implement a reverse proxy for recaptcha using your own server to get around the firewall. I have tested this on my blog. But it may be against the ToS of Google (I'm not sure), and it may also get your own server blocked by the firewall (I'm not sure either). – zypA13510 Jan 31 '17 at 02:08

1 Answers1

35

i can't even open the Recaptcha page you linked to without VPN. i've been in Beijing the last two years. assuming you're not here and/or don't know very much about the infrastructure situation in the PRC:

  • i'm not aware of any service of Google's that is reliably reachable and fast from the mainland. they are probably the worst choice to depend on from here.
  • in general, if you want stability and speed, you will need to host inside China. the firewall often renders international sites anywhere from painfully slow to completely useless. if hosting here is too much headache and hassle, my understanding is that Hong Kong is the next-best thing.
  • even once you're in China, you'll have to deal with the inter-telecom situation if you want serious speed and stability (they don't always play 'nice' with each other like we're used to in the west, which requires more expensive and complicated hosting setups to mitigate). Note: as someone mentioned above, Alibaba and Baidu's cloud hosting solutions may make this much simpler, and can help skirt some of the ICP license stuff from my understanding.
  • suggested alternative from local developers: http://www.yinxiangma.com/ all in Chinese, but it is China after all.

China is a massive market, but it's far from an easy one. hope that helps, let me know if you have any specific questions.

nrser
  • 1,287
  • 1
  • 13
  • 23
  • 1
    Hello Nrser, Are you aware of any alternative service-oriented solutions (based in China) to integrate Recaptcha or some other way of spam control into forms? – wacdany Jun 03 '14 at 03:54
  • @wacdany i'll ask some local engineers what they use – nrser Jun 03 '14 at 06:21
  • 1
    @wacdany first responses said companies roll their own, which doesn't surprise me: orgs here tend to be wary of relying on external services or giving other companies data. one friend said he would ask some other devs; i'll let you know if they come back with anything. but yeah, Recaptcha is not viable. – nrser Jun 03 '14 at 07:49
  • 1
    @wacdany http://www.yinxiangma.com/, see edit in answer above. – nrser Jun 03 '14 at 07:56
  • Hello @nrser, thank you for the alternative. I have forwarded this and we are taking a look into the viability. – wacdany Jun 03 '14 at 10:39
  • 1
    @wacdany cool, glad i could help. how 'bout accepting the answer? i need moar points so i can post linx :D – nrser Jun 03 '14 at 10:55
  • 1
    There you go answer accepted, technically speaking we haven't validate the feasibility of yinxiangma but I appreciate your help. – wacdany Jun 03 '14 at 10:58
  • 1
    @wacdany hehe, in technical response to your question: no, you can not use Recaptcha in China. i hope the rest of the info and suggestions is useful as well; this info can be hard to obtain if you don't have local developers you can contact. if your Chinese is good, there is a Chinese SO clone at http://segmentfault.com/ that you could try. – nrser Jun 03 '14 at 11:21
  • 6
    As an alternative, consider Google's FAQ entry [Can I use reCAPTCHA globally?](https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally) – dmulter Jul 05 '18 at 19:55