recaptcha VS fast-mail-bomber

I know Google has a ReCAPTCHA service, and I think it’s free up to scales I would probably never use up. Still, I’d prefer something than can be self hosted so is totally free. And where you don't have to register your domain with a 3rd party, you can just use it on any domain.

The traditional way of using "I am not a robot" Recpatcha seems to be with a

## Step 1: Obtaining reCAPTCHA Keys Go to the Google reCAPTCHA website (https://www.google.com/recaptcha) and sign in with your Google account. Click the + sign and fill in the details as follows:

* https://www.google.com/recaptcha/ * allow * https://www.gstatic.com/recaptcha/ * allow * https://www.google.com/js/ * allow * captcha.com * allow * recaptcha.net * allow

https://www.google.com/recaptcha/ * allow

Depends on what you mean by "proxying". Everything you do (serving a Single-Page Application or requesting HN by backend, processing it's HTML and sending the content to your own frontend) will take traffic away from news.ycombinator.com and to another domain - which comes with it's own set of dreadful scenarios.

There used to be (and still are) things like https://mreidsma.github.io/bookmarklets/jquerify.html which allow to inject JS on click (and thus would make it possible to transform that site), but I gave it a shot and HN is set up to disallow this:

  Refused to load the script 'https://code.jquery.com/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.