So, anyone got a chance to look at this?!?
I’m kind of glad this came along. We can just throw this into our Auth pages and won’t have to use hcaptcha or honeypots!!
Perhaps the new live implementation of phoenix auth can have this as well.
2 Likes
Personally I am not a fan of using external services that can potentially leak user data or let third parties obtain any kind of stats about sites I run. I’d much prefer an in-app solution 
Discourse does a great job of catching spammers/bots - the registration form is JS only, and they check for things like how quickly a profile was set up (and when posting, whether they are linking to the same URL etc) - so it’s definitely doable and I’d say has been more effective than those external services in the past (on the sites I’ve run anyway).
1 Like
I’m not sure I’m fully following. It sounds like you still need a server-side verification step, right? It’s not some kind of magic client-only solution 
. I think the main innovation here is that it purportedly reduces the occurrence of explicit challenges dramatically, which is definitely a UX experience. Of course, that comes with different trade offs as @AstonJ mentioned!
2 Likes
