This site uses cookies. By continuing to browse the site, you agree to our use of cookies. Find out more about cookies.
Skip to main content
Metadecidim's official logo
  • English Triar la llengua Elegir el idioma Choose language
    • Català
    • Castellano
Sign Up Sign In
  • Home
  • Processes
  • Assemblies
  • Initiatives
  • Consultations
  • Conferences
  • Help

Propose new functionalities for Decidim software

#DecidimRoadmap Designing Decidim together

Phase 1 of 1
Open 2019-01-01 - 2030-12-31
Process phases Submit a proposal
  • The process
  • Debates
  • Propose new features
  • News
chevron-left Back to list

An accessible captcha for Decidim

Avatar: Open Source Politics Open Source Politics verified-badge
30/09/2020 17:57  

Is your feature request related to a problem? Please describe.

The fast sign up feature has been great to drive participation numbers up but new problems emerged.

Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...

To find this type of user try and type "Online" or "Service" on an old enough instance you'll profiles like this one : https://www.decidim.barcelona/profiles/SitusPokerOnline/activity

Describe the solution you'd like

We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.

We found this gem that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.

We might implement this as a module at first.

Interesting read about accessibility and Captchas : #sotd" target="_blank">https://www.w3.org/TR/turingtest/#sotd

Describe alternatives you've considered

There are other improvements that can be made to the fast sign-up feature like

  • Not showing unconfirmed profiles in the search results
  • Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution
  • Have a default authorization which can limit participation only to users that confirmed their email address.


Additional context

Can be related to : https://meta.decidim.org/processes/roadmap/f/122/proposals/15628

Does this issue could impact on users private data?

No

Funded by

Département de Loire Atlantique

  • Filter results for category: Participant profile and configuration Participant profile and configuration

List of Endorsements

Avatar: Virgile Deville Virgile Deville
Avatar: Daniel Daniel verified-badge
Avatar: Pauline Bessoles Pauline Bessoles verified-badge
Endorsements count3
An accessible captcha for Decidim Comments 4

Reference: MDC-PROP-2020-09-15699
Version number 4 (of 4) see other versions
Check fingerprint

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.

Value: 76652e0b3aa5f1acfcf8f65fc770f170281fc97843cd63f515061972931bf88e

Source: {"body":{"en":"<p><strong><em>Is your feature request related to a problem? Please describe.</em></strong> </p><p>The fast sign up feature has been great to drive participation numbers up but new problems emerged.</p><p>Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...</p><p>To find this type of user try and type \"Online\" or \"Service\" on an old enough instance you'll profiles like this one : <a href=\"https://www.decidim.barcelona/profiles/SitusPokerOnline/activity\" target=\"_blank\">https://www.decidim.barcelona/profiles/SitusPokerOnline/activity</a> </p><p><strong>Describe the solution you'd like</strong> </p><p>We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.</p><p>We found this <a href=\"https://www.ruby-toolbox.com/projects/acts_as_textcaptcha\" target=\"_blank\">gem</a> that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.</p><p>We might implement this as a module at first.</p><p>Interesting read about accessibility and Captchas : <a href=\"https://www.w3.org/TR/turingtest/gid://metadecidim/Decidim::Hashtag/196/sotd\" target=\"_blank\">https://www.w3.org/TR/turingtest/gid://metadecidim/Decidim::Hashtag/196/sotd</a></p><p><strong>Describe alternatives you've considered</strong> </p><p>There are other improvements that can be made to the fast sign-up feature like</p><ul><li>Not showing unconfirmed profiles in the search results</li><li>Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution</li><li>Have a default authorization which can limit participation only to users that confirmed their email address.</li></ul><p><br></p><p><strong>Additional context</strong> </p><p>Can be related to : <a href=\"https://meta.decidim.org/processes/roadmap/f/122/proposals/15628\" target=\"_blank\">https://meta.decidim.org/processes/roadmap/f/122/proposals/15628</a> </p><p><strong>Does this issue could impact on users private data?</strong> </p><p>No </p><p><strong>Funded by</strong> </p><p>Département de Loire Atlantique</p>"},"title":{"en":"An accessible captcha for Decidim"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.

Share:

link-intact Share link

Share link:

Please paste this code in your page:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/15699/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/15699/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>

Related images

example spam user

Report inappropriate content

Is this content inappropriate?

Reason

4 comments

Order by:
  • Older
    • Best rated
    • Recent
    • Older
    • Most discussed
Avatar: Virgile Deville Virgile Deville
06/10/2020 18:16
  • Get link Get link

@carol @andres_pereira thoughts on this ? Thanks in advance

Avatar: Pauline Bessoles Pauline Bessoles verified-badge
23/11/2020 18:42
  • Get link Get link

We made it in a module : https://github.com/OpenSourcePolitics/decidim-module-question_captcha

Conversation with Aram
Avatar: Aram Aram
07/02/2022 08:39
Edited
  • Get link Get link

It looks like the module was updated 5 days ago, right? Https://github.com/OpenSourcePolitics/decidim-module-questioncaptcha/blob/master/lib/decidim/questioncaptcha/version.rb Can you @Pops confirm if it is fully compatible with the current Version of Decidim 0.25.2? Thanks!
Kudos! Fake users are an increasing problem in every Decidim.

Avatar: Aram Aram
08/02/2022 17:48
  • Get link Get link

It's interesting to follow this discussion on github about "Fighting Spam aka The Clone Wars": https://github.com/decidim/decidim/discussions/8239

Add your comment

Sign in with your account or sign up to add your comment.

Loading comments ...

  • Terms and conditions of use
  • About the community
  • Download Open Data files
  • Metadecidim at Twitter Twitter
  • Metadecidim at Instagram Instagram
  • Metadecidim at YouTube YouTube
  • Metadecidim at GitHub GitHub
Creative Commons License Website made with free software.
Decidim Logo

Confirm

OK Cancel

Please sign in

decidim Sign in with Decidim
Or

Sign up

Forgot your password?