On one other website I saw the admins use SolveMedia, but sometimes like every 10th or 20th the Hcaptcha appears instead of Solvemedia. So this would break the whole process if someone manages to automatize the claiming with some fancy bot. Also it looks like there are different levels of difficulty for the SolveMedia also. That can also be varied based on some factors. For example, I believe a bot would claim very periodically +- network delay, while a human will always be much more imprecise and random.
100% and we have usually get medium difficulty but have found solvemedia to be just not that great, and when we did hard it just became almost impossible to solve with multiple screens
anyways this is a work in progress lets see what the final results turn out to be :)
thank you everyone for their input healthy discussions are always appreciated
Edit:
I would just like to break down the captchas once more from a security point of view.
For difficulty levels :
Recaptcha - we are constantly changing the difficulty level here from hard to medium to low (since there are 3 steps), this depends on how many captcha solves we are getting a day and what we think the bot ratio is, recaptcha works in the way that if it detects bots on the site more than normal, it also automatically increases difficulty throughout the site for normal users as well which is quite annoying for us because then users keep messaging us regarding them getting like 10 even 20 screens to solve.
Solvemedia - The difficulty levels here are really bad, we have it set to a specific amount and cant really go higher than this because then the captchas are literally unreadable, we had to come up with this level after constantly checking the captcha with various of our users and ourselves, and in the end the balance we came up with, doesnt really give us much help in the security side.
Hcaptcha - We know its annoying that you have to solve captchas in them all the time, and that they really dont allow just normal bypasses like recaptcha allows, but so far hcaptcha seems promising to us, it has been annoying, yes. But in the security side its doing quite well, even with its difficulty set to medium or low, so far, need more data though. But overall, hcaptcha has a really appealing concept to us.
Lastly, I would like to touch on the aspect of security. So seriously, bots are everywhere, and its near impossible to get rid of them completely, especially since they are specifically made for your site. Bots are easily able to solve captcha, with not much difficulty, with most bots using captcha solving services, with these services costing them a little everytime they get a captcha solved. What our solution for this was, for a little while, for suspicious users, we started showing 2 captchas on the claim, one before a claim and one after, this would have highly decreased bots as their profit margin would drop really low. (They try to balance out their profit for each claim with the amount they pay for captcha solved) This is something that actually worked really well in my opinion, it was a good deterrent, but then, some normal users started getting picked as suspicious users too (who were claiming a lot, to be honest, we have many users who claim 150,200+ times a day) so we had to scrap that.
About the SolveMedia captcha mixed with hCaptcha. To be honest, there is not much benefit in this either, it is extremely extremely easy for bots to detect between different captcha systems or etc. This would probably stop the claims for a day, till the bot designer can get in, monitor the change and seriously the bot script change would require only around 1 or 2 lines of code.
The issue regarding bots is not just related to claiming. That is a small factor. Bots cause soo many more bigger issues, e.g server instability, overloading the server, database gets filled fast, analytics and stats getting messed up, issues with our mailing servers, mails getting marked as spam and then normal users not getting them, etc. They ruin user experience and cause other difficulties for normal users as well (including, less bonuses, slower site, etc).
Right now we are trying best to balance our user experience with security for bots but this requires a lot of trial and error, with hcaptcha also being one of the methods we are trying.
