[rbritton]

There are other options. Cloudflare just switched to hCAPTCHA [0], and proof of work [1] can be effective enough. Aside from those, there's always the option of just leaving it open if there's nothing costly a spammer can do. They're unlikely to use the service itself and associated resources.

[0]: https://www.hcaptcha.com/

[1]: http://www.hashcash.org/

[eyelidlessness]

I just tried hCAPTCHA's example and it was basically indistinguishable to me from ReCAPTCHA. I'm unclear on how it's less friction for an end user.

[rbritton]

I don't have much experience with hCAPTCHA, but my biggest complaint with reCAPTCHA aside from the privacy aspect is that it quite literally tells me I'm wrong on a puzzle when I've done it correctly. It forces me to go through sometimes a dozen or more iterations before finally allowing me through.

[dx034]

With ReCaptcha 3, most users won't notice any captcha at all. Reducing friction to zero for the majority of users is a huge advantage vs other solutions.

[gruez]

>With ReCaptcha 3, most users won't notice any captcha at all

And it achieves that by surveilling all user activity on your site, not just on the signup form.

[slivanes]

The owner of the site decides where the surveying occurs. I've chosen just the page where the captcha is needed and it works great.

[gruez]

That's true, although google's own recommendations are to add the scripts on every page

>reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.

https://developers.google.com/recaptcha/docs/v3

A privacy minded programmer/company might restrict the scripts to the minimal set of pages, but I'd imagine most sites would blindly follow that advice and put it on every page because they think more data = better.