Skip to main content

Cookie settings

We use cookies to ensure the basic functionalities of the website and to enhance your online experience. You can choose for each category to opt-in/out whenever you want.

Essential

Preferences

Analytics and statistics

Marketing

This proposal has been implemented

An accessible captcha for Decidim

Avatar: Open Source Politics Open Source Politics Main repo (merged)

Is your feature request related to a problem? Please describe.

The fast sign up feature has been great to drive participation numbers up but new problems emerged.

Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...

To find this type of user try and type "Online" or "Service" on an old enough instance you'll profiles like this one : https://www.decidim.barcelona/profiles/SitusPokerOnline/activity

Describe the solution you'd like

We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.

We found this gem that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.

We might implement this as a module at first.

Interesting read about accessibility and Captchas : #sotd" target="_blank">https://www.w3.org/TR/turingtest/#sotd

Describe alternatives you've considered

There are other improvements that can be made to the fast sign-up feature like

  • Not showing unconfirmed profiles in the search results
  • Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution
  • Have a default authorization which can limit participation only to users that confirmed their email address.


Additional context

Can be related to : https://meta.decidim.org/processes/roadmap/f/122/proposals/15628

Does this issue could impact on users private data?

No

Funded by

Département de Loire Atlantique

Comment

Confirm

Please log in

The password is too short.

Share