Frequently Asked Questions

General

What is ALTCHA and how does it work?

ALTCHA is an open-source protocol and JavaScript widget designed to combat spam and abuse on websites and web applications. It utilizes a Proof of Work (PoW) mechanism combined with advanced spam filtering to reduce spam and protect against automated bots.

How does the Proof of Work (PoW) mechanism in ALTCHA work?

PoW requires users to complete a computational task to validate their interactions. This task is resource-intensive, making it difficult for unsophisticated bots to bypass.

What role does the Spam Filter play in ALTCHA?

The Spam Filter enhances ALTCHA’s effectiveness by incorporating IP verification, blacklist checking, and advanced content analysis to detect and block spam and malicious actors.

How does ALTCHA handle IP verification and blacklist checking?

ALTCHA’s Spam Filter analyzes IP addresses to identify those from data centers or TOR proxies and checks these IPs against known blacklists to prevent spam from known malicious sources.

Is ALTCHA compliant with privacy regulations?

Yes, ALTCHA is fully GDPR-compliant. It operates as a cookie-less solution and respects user privacy without relying on intrusive tracking mechanisms.

How does ALTCHA improve user experience compared to traditional CAPTCHAs?

ALTCHA enhances user experience by minimizing friction and accommodating automation. Unlike traditional CAPTCHAs, which can be tedious and disruptive, ALTCHA provides a smoother interaction.

Can ALTCHA be customized for different security needs?

Yes, ALTCHA is highly flexible and can be tailored to various scenarios. It allows for server-side enhancements and integration with additional mechanisms such as email or phone verification.

How does ALTCHA compare to reCAPTCHA and other solutions?

ALTCHA excels in privacy compliance, user experience, and adaptability compared to reCAPTCHA and other solutions. It offers stronger privacy protections, better support for automation, and effective spam reduction.

Technical

How do I integrate ALTCHA with my server?

ALTCHA can be integrated with your server using official libraries for various programming languages or through the official API. For detailed integration instructions, refer to the official libraries and official API documentation.

What are the key steps in the PoW verification process for ALTCHA?

The PoW verification process involves:

1. User initiates verification.
2. Widget requests challenge data from challengeurl.
3. Widget solves the challenge.
4. User submits the form with the solved challenge.
5. Server validates the submitted payload against the expected solution.

How does ALTCHA handle challenge complexity and verification?

ALTCHA uses SHA-hashing to manage challenge complexity, requiring three passes of SHA computation for both challenge generation and verification. The difficulty of the computational task can be adjusted using the maxnumber parameter.

What is the recommended method for validating the ALTCHA solution on the server?

The validation process includes:

1. Decoding and parsing the Base64-JSON-encoded payload.
2. Verifying the algorithm, challenge, and signature.
3. Ensuring all checks pass to confirm the request as valid.

How can I prevent replay attacks with ALTCHA?

To prevent replay attacks, implement measures to invalidate previously solved challenges. Maintain a registry of solved challenges and reject any submissions that attempt to reuse a challenge that has already been solved.

What are the security recommendations for challenge expiration?

To avoid indefinite exploitation, set a time limit within which a challenge must be solved. Incorporate a server timestamp into the challenge’s salt or use the expires parameter (available from widget version 0.4) to manage challenge expiration.