This proposal has been implemented

Developed by Open Source Politics
Available as module here: https://github.com/OpenSourcePolitics/decidim-module-question_captcha

An accessible captcha for Decidim

Main repo (merged)

Open Source Politics 30/09/2020 17:57

Is your feature request related to a problem? Please describe.

The fast sign up feature has been great to drive participation numbers up but new problems emerged.

Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...

To find this type of user try and type "Online" or "Service" on an old enough instance you'll profiles like this one : https://www.decidim.barcelona/profiles/SitusPokerOnline/activity

Describe the solution you'd like

We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.

We found this gem that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.

We might implement this as a module at first.

Interesting read about accessibility and Captchas : #sotd" target="_blank">https://www.w3.org/TR/turingtest/#sotd

Describe alternatives you've considered

There are other improvements that can be made to the fast sign-up feature like

Not showing unconfirmed profiles in the search results
Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution
Have a default authorization which can limit participation only to users that confirmed their email address.

Additional context

Does this issue could impact on users private data?

Funded by

Département de Loire Atlantique

Filter results for: Funding available

Comment

Liked by Virgile Deville and 2 more

Liked by

Virgile Deville

Daniel

Pauline Bessoles

4 comments

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It is useful to ensure the content has not been tampered with, as a single modification would result in a totally different value.

Value: 76652e0b3aa5f1acfcf8f65fc770f170281fc97843cd63f515061972931bf88e

Source:

{"body":{"en":"<p><strong><em>Is your feature request related to a problem? Please describe.</em></strong> </p><p>The fast sign up feature has been great to drive participation numbers up but new problems emerged.</p><p>Increasingly Decidim platforms are targeting by bots that create accounts accounts that advertise scams in their public profile. Sometimes it's for sexual services, I let you imagine what their profile picture look like...</p><p>To find this type of user try and type \"Online\" or \"Service\" on an old enough instance you'll profiles like this one : <a href=\"https://www.decidim.barcelona/profiles/SitusPokerOnline/activity\" target=\"_blank\">https://www.decidim.barcelona/profiles/SitusPokerOnline/activity</a> </p><p><strong>Describe the solution you'd like</strong> </p><p>We want to implement an accessible captcha to prevent bots from creating an account. The invisible one is unfortunately not doing the job.</p><p>We found this <a href=\"https://www.ruby-toolbox.com/projects/acts_as_textcaptcha\" target=\"_blank\">gem</a> that is quite popular and well maintained that implement an act as text captcha (it's text, so it's accessible + it's not google, asked an accessibility expert and she validated it). Which means you set a turing proof question and the expected answers and the user has to answer to sign up. Our feature proposition is to implement this library and allow the admin of the org to setup its own set of questions and answers so its the admin responsibility to make them available in multiple language and that they are easy enough for a human (even with cognitive pathologies) to answer and hard for a computer to solve.</p><p>We might implement this as a module at first.</p><p>Interesting read about accessibility and Captchas : <a href=\"https://www.w3.org/TR/turingtest/gid://metadecidim/Decidim::Hashtag/196/sotd\" target=\"_blank\">https://www.w3.org/TR/turingtest/gid://metadecidim/Decidim::Hashtag/196/sotd</a></p><p><strong>Describe alternatives you've considered</strong> </p><p>There are other improvements that can be made to the fast sign-up feature like</p><ul><li>Not showing unconfirmed profiles in the search results</li><li>Re-sending the confirmation link regularly so that the users that don't click on the link don't get blocked so easily after posting their first contribution</li><li>Have a default authorization which can limit participation only to users that confirmed their email address.</li></ul><p><br></p><p><strong>Additional context</strong> </p><p>Can be related to : <a href=\"https://meta.decidim.org/processes/roadmap/f/122/proposals/15628\" target=\"_blank\">https://meta.decidim.org/processes/roadmap/f/122/proposals/15628</a> </p><p><strong>Does this issue could impact on users private data?</strong> </p><p>No </p><p><strong>Funded by</strong> </p><p>Département de Loire Atlantique</p>"},"title":{"en":"An accessible captcha for Decidim"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.

Essential

Preferences

Analytics and statistics

Marketing

An accessible captcha for Decidim

Liked by

Please log in

Cookie settings

Essential

Preferences

Analytics and statistics

Marketing

An accessible captcha for Decidim

Share

Liked by

Confirm

Please log in