Propose new functionalities for Decidim software
#DecidimRoadmap Designing Decidim together
In our organization we've come with the necessity to allow everyone to answer certain surveys, whether is registered and logged in the platform or not. We find this specially important to avoid the use of external tools where to place that data (like google forms).
Of course this is a feature that has to be used with care, as it's prone to receive spam or manipulation.
However, well used, can be useful to lower the barrier for certain users to participate in processes. Or just to collect specific data (emails for example).
As said, we need this feature and we already implemented it (pull request pending) here:
https://github.com/decidim/decidim/pull/4996
The implementation adds a new setting option in the steps process admin that allows the administrator to enable open responses to everyone.
This proposal has been accepted because:
- Has been reviewed by Decidim Product and complies with the Social Contract
- It is funded by Platoniq
- Available in release 0.20 via #4996
Related images
Report inappropriate content
Is this content inappropriate?
17 comments
Conversation with Carol Romero
Hi @microstudi, is this feature funded by Platoniq? I'm asking to update roadmap 2019 with your contributions.
It's already implemented, reviewers in github are waiting for your opinion on this matter to review the code:
https://github.com/decidim/decidim/pull/4996
And yes, sorry. Funded by Platoniq
Conversation with Carol Romero
Hi @microstudi, we have discussed this functionality and from the @product team there is no objection to incorporating it, adding some changes to improve security, such as:
- A clear warning of the risks involved and the obligation to comply with the social contract.
- Save the IP address (not whole, maybe @andres can develop the technical details).
- To avoid spam, consider including some invisible captcha.
Thanks @carol for your answer. The warning won't be a problem. I'll try to reach @andres about how to save the IP properly.
About the invisible captcha, does anyone know of some opensource way to do it?.
There's the option would be to incorporate the recaptcha (from google, but it will require a new configuration option for the API key), it's not opensource, it's google...
Currently I found 2 options for performing captchas in rails that seem interesting:
https://github.com/subwindow/negative-captcha
https://github.com/kiskolabs/humanizer
Does anyone have experience with that (or others)? Any help on this matter would be helpful.
Rigth now we're using https://github.com/markets/invisible_captcha on decidim-core
Regarding IP address, I think it's necessary to save a hash of the IP address so the admins of the survey can have some kind of notice if there's any kind of misuse of this feature (for instance the same person filling it multiple times). We can (and should) concatenate this with a secret like you do on https://github.com/decidim/decidim/pull/4996/files#diff-7fda638890188b260274109de633d4a4R56
Thanks Andrés,
I'll use the same gem then.
About the IP hash, no problem about adding that too in addition with the system already in place (which uses the user session). However there is no guarantee that having the same IP means the same user. Users behind a corporation/organization proxy might have the same IP and be different (thus legit users) computers.
I still think this can be useful, but only for analysis in cases of abuse. I wouldn't program the detection of a user trying to fill a survey twice based on that.
Conversation with Marc Riera
I'm -1 on this. This is prone to trolling/automating (even with the captcha we're using), and the feature per se skips all verification features that have been implemented on Decidim. Even if you save the IPs, what will you do later? the survey has already been compromised, will you remove all answers from a given IP if the IP data is suspicious? You could be discarding real, legit data.
For the same reasons we could allow anonymous voting on proposals or budgets, for example.
gathering opinions on some matter from citizens.
In our experience administrating several participatory sites for organizations, we really need every little help available to bring users to the platform, and surveys are a great way to do it. There are specially useful to collect data from a group in order to prepare interviews with them later, or to collect emails where to send and announcement later. In those cases you don't really care about having "compromised" data, because you just will discard it naturally (as you won't speak to those people). I'm sure we can come up with many more examples where this feature may come in handy.
In my opinion, this is just another tool we are giving to the administrators, and a powerful one (it will be disable by default). I like to think that people behind participatory sites are trustable and they know what their doing so they'll use this feature wisely.
Sorry, first line was about that we see in the surveys many other possibilities than just gathering opinions.
I don't agree with your comparative about allowing anonymous voting on proposals, these are intended to achieve real decisions and consensus while surveys are not.
If we don't add this feature, we will be forced to use external tools that allow that, in many cases without any knowledge about the data storage and loosing the opportunity keep users in the platform.
Also, I see many endorsements from people that are administrating real participatory sites, so I suppose they've encountered similar problems and see value in this feature.
Finally, I think it would be a good idea to add a column in the exported data that would tell you if that answer comes from a registered user or a non registered one. This way you filter the data if you need to.
What do you think? Did I've convince you? I really think that this has more advantages than inconveniences.
Just to give some insight on why this is needed, before @microstudi proposed this feature I've got feedback from multiple admins from different institutions just past week: from Barcelona City Hall on Monday, and from the Interinstitucional Catalan Workgroup. Then, without any contamination of these discussion, just a couple of days later we received the PR, so I think it's a shared necessity on the majority of the users.
For me the question shouldn't be on *if we do this* but on *how we do this*.
Regarding the possible attacks on this feature and the comparison with proposals / budgets voting, is not the same because this forms are only for diagnosing and are not binding. If so we should (and must) explain the risks to the admin and she's the one that should make that decision.
As @microstudi said, the alternative that's being in use right now is Google Form, and it have the same problems (non verified users).
Hi @all,
Just wanted to put forward the fact that this kind of feature has been asked several times in France by Open Source Politics's clients or people interested by Decidim.
I personnaly agree with what @microstudi said earlier "If we don't add this feature, [people] will be forced to use external tools that allow that, in many cases without any knowledge about the data storage and loosing the opportunity keep users in the platform."
Hi. This improvement would be very useful for us, so we support it.
Conversation with Ariadna Vila
Hi @microstudi , I have found that when you use this feature, you can vote only once. To vote again you need to delete the cookies.
It is fine to vote only once per person, but in cases where different members of a family (for example) want to vote through the same PC, they cannot.
Is there any solution for this problem?
Yes, this has been commented before. Maybe a option could be added in order to not collect session usage to determine if the same user has already voted.
However, is pretty easy to just open a new "private window" in the browser and vote again. That's what usually we do when we have this problem.
I've already tried to use a private window but If I try to vote again I can't: the system has registred my vote. I think this shouldn't happen when using this feature.
The only solution I've found is to delete the cookies which is not a problem for me, but it might be for other users.
FYI, as @microstudi mentioned, there's an open issue regarding this need. See https://github.com/decidim/decidim/issues/7438
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...