Skip to content

feat: ALTCHA implementation AKA card testing prevention

stephen requested to merge pre-stripe-captcha into main

One goal of the donate-neo project is to prevent automated card testing from being conductable on the donate form. This commit begins the process of implementing a secondary CAPTCHA which, when solved, will reveal the Stripe card entry fields. This CAPTCHA must fulfill several different needs:

  • It must be open-source
  • It must not track the user or exfiltrate their data in any way
  • It must not provide any real friction for the fulfilling user which might cause them to drop out of the donation process

Therefore, this commit begins the process of implementing ALTCHA, an open-source alternative to Google's ReCaptcha, which ticks off all three of these boxes. (More here:

When fully implemented, a user which has elected to donate to Tor via card will fill out the donation form as normal, and where they might previously have seen a set of Stripe card entry fields, they will now see one of those "Click to prove you're human" boxes. Interacting with any part of the form (or simply tlicking said box) will begin a proof-of-work challenge served by the donate-neo backend; once successfully solved by the frontend and submitted back to the server, and upon successful authentication, the site will remove the ALTCHA interface and replace it with the Stripe card fields.

Further details for this implementation, including a thorough breakdown of how the Stripe one-time payment flow was altered to prevent an attacker from bypassing this setup with their own deployment of front-end code, are in the commit logs.

Merge request reports