Use Google ReCaptcha V3 in China
CAPTCHA, which stands for Completely Automated Public Turing Tests to Tell Computers and Humans Apart, is a type of computer test used to determine whether the user is a human or a robot.
In this article, I am going to discuss Recaptcha v2 and v3, and also how you can deploy Recaptcha globally without being blocked by countries like China.
Google Recaptcha V2 is not human friendly. The best way to annoy your visitors on your website is to install Google Recaptcha V2. The image below shows a typical CAPTCHA test that a human has to pass.
As you can see, if this is used on a signup or registration page, the user may leave the site because of the challenge. Google Recaptcha V2 is very good at turn bots away, but it also turns away lots of humans as well.
To solved this, Google released ReCaptcha V3 not long ago (https://www.google.com/recaptcha/intro/v3.html). The difference between google Recaptcha v2 vs v3 is that, in v2 users get the challenge to solve captcha but in v3 user does not get any challenge. Instead, it generates a probability score based on your web browsing behavior. It is up to your website to decide what to do with the score. For a demo of v3, you can visit this URL https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php to get a sense of how it will work. I generally got a score between 0.7 and 0.9 when I tested. If I use a bot to hit this testing URL, I may get a score as low as 0.1.
It seems that v3 may solve the problem of v2. However, to comply with GDPR (General Data Protection Regulation 2016/679) and CCPA (California Consumer Privacy Act), you do need to show a privacy notice to let your visitors know about Google’s privacy notice, and terms of services.
The 2nd topic of this article is to discuss how you can use google ReCaptcha in China. As you know, the Chinese Great Wall Firewall blocks sites like google, facebook, and twitter. For a list of top sites blocked in China, check out https://en.wikipedia.org/wiki/List_of_websites_blocked_in_mainland_China. As you can see, www.google.com and its hosting site appspot.com are blocked in China.
Google offered a solution. See the image below:
However, this solution won’t work. Because https://www.recaptcha.net/recaptcha/api.js will load the 2nd script from src=”https://www.gstatic.com/recaptcha/releases/nuX0GNR875hMLA1LR7ayD9tc/recaptcha__en.js”, which in turn calls https://www.google.com/recaptcha/, which is blocked in China.
people realized this issue, and have come up with a reverse proxy solution to rewrite the domain name www.google.com. e.g., https://gist.github.com/zypA13510/fc3669a4c6957f3593c6ebed76d1d43
This will work. However, the set up of a reverse proxy server will take time and resources to do, it is also error-prone. Is there an easier solution?
The solution offered in this article is very easy to implement. All you need is to download a few JavaScripts from google.com, modify a few domains in the scripts, upload the scripts to your website. Below are the steps you can follow:
- download https://www.recaptcha.net/recaptcha/api.js and modify. Change a line in the script
po.src=’https://www.gstatic.com/recaptcha/releases/nuX0GNR875hMLA1LR7ayD9tc/recaptcha__en.js’
to the one below:
po.src=’https://{YOUR_DOMAIN}/recaptcha/recaptcha__en.js
2. Modify recaptcha__en.js to replace “https://www.google.com/recaptcha/" with https://www.recaptcha.net/recaptcha/. Also modify
/^https:\/\/www.gstatic.c..?\/recaptcha\/releases\/nuX0GNR875hMLA1LR7ayD9tc\/recaptcha__.*/=====>/^https:\/\/{YOUR_DOMAIN}?\/recaptcha\/recaptcha__.*/
3. Upload both api.js and recaptcha__en.js to your website under the folder /recaptcha
4. In your HTML file, use <script src=”https://{YOUR_DOMAIN}/recaptcha/api.js"></script>
5. Test your site to make sure it still works.
