Per my discussion with @Reception123 and @Universal_Omega, hCaptcha is also an alternative which we may want to look into.

A mix of the two might be useful potentially. I’ve not seen any captcha challenges on any websites that use v3, which shows it’s effectiveness. For users who fails a v3, it might be possible to re-return the form displaying hCaptcha or another form of validation.

It would also be interesting to see hCaptcha’s solvability as it is essentially similar v2, which was solved constantly.

For users who fails a v3, it might be possible to re-return the form displaying hCaptcha or another form of validation.

I think this is where the issue lies. People who fail the check and get a low automated score never report actually doing the picture tests or anything. I think these should show if you have too low a score from just click watching and whatever other stuff it does in background.

I think using v2 instant (https://developers.google.com/recaptcha/docs/versions#recaptcha_v2_im_not_a_robot_checkbox) might be better because then some people will get auto but they only get image if fail.

The AI isn't doing great

I like the idea of trying a mix of two and I think that might be good for both issues (spambots and users not being able to use V3)

After discussion with Agent, I've moved us back to v2 as the quickest measure available. Since this is not ideal at all, this task will be kept at high priority and a fix (such as the proposal to combine two captchas) should be looked into ASAP.

Its strange, because I deployed v3 on testwiki.wiki just a few days after it was deployed on miraheze, and there haven't been any issues there, no spambots have gotten in and users haven't reported issues.

In T8335#168792, @Reception123 wrote:

I have now moved us back to v3, after @RhinosF1 discovered a task that suggested that the issue was that we were using recaptcha.com instead of google.com and that makes sense since the issues started pretty much after that change. However, it still might be necessary to look into a fallback solution perhaps

ConfirmEdit uses ReCaptcha.net also. Strange that happened then. Maybe we can fallback to v2 in certain regions then.

In T8335#168812, @Universal_Omega wrote:

In T8335#168792, @Reception123 wrote:

I have now moved us back to v3, after @RhinosF1 discovered a task that suggested that the issue was that we were using recaptcha.com instead of google.com and that makes sense since the issues started pretty much after that change. However, it still might be necessary to look into a fallback solution perhaps

ConfirmEdit uses ReCaptcha.net also. Strange that happened then. Maybe we can fallback to v2 in certain regions then.

Yeah, it's probably an issue with v3 but not v2 then (since ConfirmEdit doesn't have v3 of course). But that's definitely the only explanation for the issues as before there were no issues and they suddenly appeared (and RhinosF1 also found a task describing similar problems)

Pending mandate for ReCaptcha Enterprise.

Just wanted to note that since the AbuseFilter was disabled, ReCaptcha issues are much more rare and the average so far is 3-4 per day.

Testing with 0.3 score

If there are not at least 7 form entries for ReCaptcha errors until next Wednseday this task will be downgraded to low priority, since that would mean that the 0.3 setting has largely worked.

In T8335#185899, @Reception123 wrote:

During the past few weeks, there has been a decrease of requests (discounting requests that didn't need actioning because the users managed to create the accounts after retrying + requests from China). On average, these would be less than 1 user per week. Therefore, because it is less of an issue and inevitably some users will be caught by captcha, I think the best option for now is lowering the priority for this task.

Has there been a decrease in account creation requests? I can't say I've seen any spambot creations as of late.