VSP self-hosted captcha upgrade progress

[xaur]

This issue tracks VSP upgrade progress to close exposure of their users to Google recaptcha.

Updated 2020-03-23.

• https://dcr.blue/
• https://dcr.farm/
• https://dcr.stakeminer.com/
• https://dcr.ubiqsmart.com/
• https://dcrpool.dittrex.com/
• https://dcrpool.ibitlin.com/
• https://dcrpos.idcray.com/
• https://dcrpos.megapool.info/
• https://dcrstake.coinmine.pl/
• https://decred.staked.us/
• https://decredvoting.com/
• https://pool.d3c.red/
• https://stake.decredbrasil.com/
• https://stakepool.dcrstats.com/
• https://stakepool.eu/
• https://stakey.com/
• https://stakey.net/
• https://tokensmart.io/
• https://ultrapool.eu/

Other issues:

• https://decred.raqamiya.net/ uses recaptcha (but as part of their own front-end, not the reference front-end), hits fonts.googleapis.com, hits coinmarketcap.com
• https://dcrpool.dittrex.com/ hits Twitter to load widgets
• https://dcrpool.dittrex.com/ is using sendgrid for their emails
• https://dcr.farm/ hits fonts.googleapis.com
• https://dcr.farm/ hits coinmarketcap.com
• https://99split.com/ hits googletagmanager.com

[xaur]

Additionally, during testing it was discovered that https://dcrpool.dittrex.com/ also calls Twitter to load widgets. Shame!

[xaur]

https://dcr.farm/ is upgraded but it hits fonts.googleapis.com

edit: the font is now self-hosted (2019-04-19), but a hit to coinmarketcap.com remains

[jholdstock]

dittrex and tokensmart upgraded
pos.dcr.fans doesnt have recaptcha

[xaur]

@jholdstock thanks, updated checklist. I think you have perms to edit the top comment too.

pos.dcr.fans still hits google.com and gstatic.com to load recaptcha. decred.raqamiya.net had 502 Bad Gateway when I checked.

[jholdstock]

Tried editing the top comment but couldn't. Two updates

• https://decred.raqamiya.net/ is still using google recaptcha, but it is as part of their own front-end and not the reference front-end.
• https://pos.dcr.fans no longer has recaptcha (or any other captcha)

[xaur]

@jholdstock just tried https://pos.dcr.fans/signup and it tried to load recaptcha, it is also in the page source.

Moved raqamiya to Other section.

It's weird you can't edit other's issue descriptions because I can in my repos. Not sure what permission level that requires though.

[jholdstock]

You're correct about pos.dcr.fans. Strange how it is never displayed.

Probably because you dont own this repo, its permissions will be set by the github.com/decred organisation

[chappjc]

Wow, their site is still broken. No signups for weeks and they haven't noticed...

[JoeGruffins]

dead pools?
https://d1pool.com/, https://dcr.grassfed.network/, https://pos.dcr.fans/

checking https://dcrpos.idcray.com/ and https://stake.decredbrasil.com/

[xaur]

Indeed. Updates:

• Removed d1pool, grassfed and dcr.fans. They were removed from dcrwebapi and are no longer listed. I'm surprised GrassFed failed to keep their VSP up.
• idcray and decredbrasil load fine for me.
• megapool and stakepool.eu are the only remaining VSPs that load Google recaptcha.
• The new 99split.com hits googletagmanager.com, added to Other Issues
• raqamiya hits Google fonts and coinmarketcap, added to Other Issues.
• decred.yieldwallet.io looks ok.
• dcr.farm no longer hits 3rd party domain, at least their VSP site.

I think as soon as the remaining 2 VSPs get rid of the recaptcha we can close this issue since recaptcha is the biggest problem (imo), and move "Other Issues" to a new issue.

[jholdstock]

I've just noticed that dcrpool.dittrex.com is using sendgrid for their emails which seems odd.

For an example, try signing up with a temporary email and look at the email sender and the registration URLs included in the body

[xaur]

Updated the issue to add the use of sendgrid by dittrex. As of writing their page shows 502 and last update on our VSP page is 18 hours ago.