This proposal has been implemented

Developed by Open Source Politics
Available as module here: https://github.com/OpenSourcePolitics/decidim-module-question_captcha

An accessible captcha for Decidim

Open Source Politics 30/09/2020 17:57 Finished

Is your feature request related to a problem? Please describe.

The fast sign up feature has been great to drive participation numbers up but new problems emerged.

Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...

To find this type of user try and type "Online" or "Service" on an old enough instance you'll profiles like this one : https://www.decidim.barcelona/profiles/SitusPokerOnline/activity

Describe the solution you'd like

We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.

We found this gem that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.

We might implement this as a module at first.

Interesting read about accessibility and Captchas : #sotd" target="_blank">https://www.w3.org/TR/turingtest/#sotd

Describe alternatives you've considered

There are other improvements that can be made to the fast sign-up feature like

Not showing unconfirmed profiles in the search results
Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution
Have a default authorization which can limit participation only to users that confirmed their email address.

Additional context

Does this issue could impact on users private data?

Funded by

Département de Loire Atlantique

Comentari

Empremta digital

El text següent és una representació abreviada i criptografiada d'aquest contingut. És útil per garantir que el contingut no hagi estat alterat, ja que una única modificació provocaria un valor totalment diferent.

Valor: 76652e0b3aa5f1acfcf8f65fc770f170281fc97843cd63f515061972931bf88e

Origen:

{"body":{"en":"<p><strong><em>Is your feature request related to a problem? Please describe.</em></strong> </p><p>The fast sign up feature has been great to drive participation numbers up but new problems emerged.</p><p>Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...</p><p>To find this type of user try and type \"Online\" or \"Service\" on an old enough instance you'll profiles like this one : <a href=\"https://www.decidim.barcelona/profiles/SitusPokerOnline/activity\" target=\"_blank\">https://www.decidim.barcelona/profiles/SitusPokerOnline/activity</a> </p><p><strong>Describe the solution you'd like</strong> </p><p>We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.</p><p>We found this <a href=\"https://www.ruby-toolbox.com/projects/acts_as_textcaptcha\" target=\"_blank\">gem</a> that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.</p><p>We might implement this as a module at first.</p><p>Interesting read about accessibility and Captchas : <a href=\"https://www.w3.org/TR/turingtest/gid://metadecidim/Decidim::Hashtag/196/sotd\" target=\"_blank\">https://www.w3.org/TR/turingtest/gid://metadecidim/Decidim::Hashtag/196/sotd</a></p><p><strong>Describe alternatives you've considered</strong> </p><p>There are other improvements that can be made to the fast sign-up feature like</p><ul><li>Not showing unconfirmed profiles in the search results</li><li>Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution</li><li>Have a default authorization which can limit participation only to users that confirmed their email address.</li></ul><p><br></p><p><strong>Additional context</strong> </p><p>Can be related to : <a href=\"https://meta.decidim.org/processes/roadmap/f/122/proposals/15628\" target=\"_blank\">https://meta.decidim.org/processes/roadmap/f/122/proposals/15628</a> </p><p><strong>Does this issue could impact on users private data?</strong> </p><p>No </p><p><strong>Funded by</strong> </p><p>Département de Loire Atlantique</p>"},"title":{"en":"An accessible captcha for Decidim"}}

Aquesta empremta digital es calcula mitjançant un algoritme de hash SHA256. Per reproduir-lo tu mateix, pots utilitzar una Calculadora MD5 en línia i copiar-hi les dades d'origen.

Essencials

Preferències

Analítiques i estadístiques

Màrqueting

An accessible captcha for Decidim

Si us plau, inicia la sessió

Configuració de les galetes

Essencials

Preferències

Analítiques i estadístiques

Màrqueting

An accessible captcha for Decidim

Confirmar

Si us plau, inicia la sessió

Compartir