Mailing List Archive

Our CAPTCHA is very unfriendly
Hi all,

My apologies if this is the wrong place to start a discussion on this, but
it's a better place than nowhere. I recently took part in two very
different Wikipedia workshops -- one in Uganda for schoolchildren aged
14-17, and one Bodø, Norway, for GLAM people aged 35-55. One glaringly
obvious barrier of entry that was common for both groups is that the
CAPTCHA we use is too freaking hard.

The main concern is obviously that it is really hard to read, but there are
also some other issues, namely that all the fields in the user registration
form (except for the username) are wiped if you enter the CAPTCHA
incorrectly. So when you make a mistake, not only do you have to re-type a
whole new CAPTCHA (where you may make another mistake), you also have to
re-type the password twice *and* your e-mail address. This takes a long
time, especially if you're not a fast typer (which was the case for the
first group), or if you are on a tablet or phone (which was the case for
some in the second group).

So I would like to start a discussion about changing to a CAPTCHA that is
more user-friendly, and hopefully one that isn't as
English/Latin-alphabet-centric as the one we currently use. If Ugandan
children and old Norwegian people, which all use the Latin alphabet, have
such problems deciphering the CAPTCHA, what about people speaking languages
that don't use the Latin alphabet? I would prefer something more
simplistic, like some sort of math or image-based CAPTCHA, instead of the
current CAPTCHA we use.

--
mvh
Jon Harald Søby <http://meta.wikimedia.org/wiki/User:Jon_Harald_S%C3%B8by>
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
Wasn't a new CAPTCHA engine merged a couple weeks ago? What's the status of that? If I remember, the goal of the new engine was to make the CAPTCHA more difficult for bots, so it may (or may not) make things worse for humans. Have we ever done any research to find out how likely humans are to be able to solve our captchas?

Ryan Kaldari

On Nov 6, 2014, at 5:52 PM, Jon Harald Søby <jhsoby@gmail.com> wrote:

> Hi all,
>
> My apologies if this is the wrong place to start a discussion on this, but
> it's a better place than nowhere. I recently took part in two very
> different Wikipedia workshops -- one in Uganda for schoolchildren aged
> 14-17, and one Bodø, Norway, for GLAM people aged 35-55. One glaringly
> obvious barrier of entry that was common for both groups is that the
> CAPTCHA we use is too freaking hard.
>
> The main concern is obviously that it is really hard to read, but there are
> also some other issues, namely that all the fields in the user registration
> form (except for the username) are wiped if you enter the CAPTCHA
> incorrectly. So when you make a mistake, not only do you have to re-type a
> whole new CAPTCHA (where you may make another mistake), you also have to
> re-type the password twice *and* your e-mail address. This takes a long
> time, especially if you're not a fast typer (which was the case for the
> first group), or if you are on a tablet or phone (which was the case for
> some in the second group).
>
> So I would like to start a discussion about changing to a CAPTCHA that is
> more user-friendly, and hopefully one that isn't as
> English/Latin-alphabet-centric as the one we currently use. If Ugandan
> children and old Norwegian people, which all use the Latin alphabet, have
> such problems deciphering the CAPTCHA, what about people speaking languages
> that don't use the Latin alphabet? I would prefer something more
> simplistic, like some sort of math or image-based CAPTCHA, instead of the
> current CAPTCHA we use.
>
> --
> mvh
> Jon Harald Søby <http://meta.wikimedia.org/wiki/User:Jon_Harald_S%C3%B8by>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
I think it would be best if we just removed the captcha, rather than
deploying a new engine.

-- Tim Starling

On 07/11/14 13:13, Ryan Kaldari wrote:
> Wasn't a new CAPTCHA engine merged a couple weeks ago? What's the
> status of that? If I remember, the goal of the new engine was to
> make the CAPTCHA more difficult for bots, so it may (or may not)
> make things worse for humans. Have we ever done any research to
> find out how likely humans are to be able to solve our captchas?
>
> Ryan Kaldari
>
> On Nov 6, 2014, at 5:52 PM, Jon Harald Søby <jhsoby@gmail.com>
> wrote:
>
>> Hi all,
>>
>> My apologies if this is the wrong place to start a discussion on
>> this, but it's a better place than nowhere. I recently took part
>> in two very different Wikipedia workshops -- one in Uganda for
>> schoolchildren aged 14-17, and one Bodø, Norway, for GLAM people
>> aged 35-55. One glaringly obvious barrier of entry that was
>> common for both groups is that the CAPTCHA we use is too freaking
>> hard.
>>
>> The main concern is obviously that it is really hard to read, but
>> there are also some other issues, namely that all the fields in
>> the user registration form (except for the username) are wiped if
>> you enter the CAPTCHA incorrectly. So when you make a mistake,
>> not only do you have to re-type a whole new CAPTCHA (where you
>> may make another mistake), you also have to re-type the password
>> twice *and* your e-mail address. This takes a long time,
>> especially if you're not a fast typer (which was the case for
>> the first group), or if you are on a tablet or phone (which was
>> the case for some in the second group).
>>
>> So I would like to start a discussion about changing to a CAPTCHA
>> that is more user-friendly, and hopefully one that isn't as
>> English/Latin-alphabet-centric as the one we currently use. If
>> Ugandan children and old Norwegian people, which all use the
>> Latin alphabet, have such problems deciphering the CAPTCHA, what
>> about people speaking languages that don't use the Latin
>> alphabet? I would prefer something more simplistic, like some
>> sort of math or image-based CAPTCHA, instead of the current
>> CAPTCHA we use.
>>
>> -- mvh Jon Harald Søby
>> <http://meta.wikimedia.org/wiki/User:Jon_Harald_S%C3%B8by>
>> _______________________________________________ Wikitech-l
>> mailing list Wikitech-l@lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> _______________________________________________ Wikitech-l mailing
> list Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 6 November 2014 21:06, Tim Starling <tstarling@wikimedia.org> wrote:

> I think it would be best if we just removed the captcha, rather than
> deploying a new engine.


I'd absolutely love that.

On the mobile app, almost everyone who tries to create an account is shown
a captcha. Of those people, 31% of them get the captcha wrong on their
first try, and 17% of those people give up trying to create an account. The
success rate for account creation is less than 50%, in no small part due to
the captcha.

I'd love to eliminate giving our users that headache.

Dan

--
Dan Garry
Associate Product Manager, Mobile Apps
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
I'm interested both in improving our user stats and stamping out spambots.
Dan, how do we know that those 17 percent were predominantly humans?

I've heard that automated captcha cracking is common. Perhaps so, but if
taking away captchas increases the workload of stewards and admins, that
situation presents a need for tradeoffs between making registration be easy
for humans and making registration be difficult for bots.

Pine
On Nov 6, 2014 9:34 PM, "Dan Garry" <dgarry@wikimedia.org> wrote:

> On 6 November 2014 21:06, Tim Starling <tstarling@wikimedia.org> wrote:
>
> > I think it would be best if we just removed the captcha, rather than
> > deploying a new engine.
>
>
> I'd absolutely love that.
>
> On the mobile app, almost everyone who tries to create an account is shown
> a captcha. Of those people, 31% of them get the captcha wrong on their
> first try, and 17% of those people give up trying to create an account. The
> success rate for account creation is less than 50%, in no small part due to
> the captcha.
>
> I'd love to eliminate giving our users that headache.
>
> Dan
>
> --
> Dan Garry
> Associate Product Manager, Mobile Apps
> Wikimedia Foundation
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 6 November 2014 22:39, Pine W <wiki.pine@gmail.com> wrote:

> I'm interested both in improving our user stats and stamping out spambots.
> Dan, how do we know that those 17 percent were predominantly humans?
>

We don't know for certain that they're human. That said, why would a
spambot try to use the Wikipedia app? You're only creating extra hurdles
for yourself by doing so. I've seen no evidence so far that anyone except
humans use the Wikipedia app. Well, and Googlebot, but it reports itself to
us using a special user agent and also only reads articles. :-)

Dan

--
Dan Garry
Associate Product Manager, Mobile Apps
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
Good point. Perhaps there is a case to be made for a small-scale experiment
of removing the CAPTCHA. I suggest consulting the stewards for their
thoughts. We have at least one steward who is supposedly an expert on
spambots, and his input may be valuable. You might also consult the admins
of whichever community you would like to use for the home wiki of the
experiment.

Pine
On Nov 6, 2014 10:54 PM, "Dan Garry" <dgarry@wikimedia.org> wrote:

> On 6 November 2014 22:39, Pine W <wiki.pine@gmail.com> wrote:
>
> > I'm interested both in improving our user stats and stamping out
> spambots.
> > Dan, how do we know that those 17 percent were predominantly humans?
> >
>
> We don't know for certain that they're human. That said, why would a
> spambot try to use the Wikipedia app? You're only creating extra hurdles
> for yourself by doing so. I've seen no evidence so far that anyone except
> humans use the Wikipedia app. Well, and Googlebot, but it reports itself to
> us using a special user agent and also only reads articles. :-)
>
> Dan
>
> --
> Dan Garry
> Associate Product Manager, Mobile Apps
> Wikimedia Foundation
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On Fri, 7 Nov 2014, at 16:33, Dan Garry wrote:
> On 6 November 2014 21:06, Tim Starling <tstarling@wikimedia.org> wrote:
>
> > I think it would be best if we just removed the captcha, rather than
> > deploying a new engine.
>
>
> I'd absolutely love that.
>
> On the mobile app, almost everyone who tries to create an account is shown
> a captcha. Of those people, 31% of them get the captcha wrong on their
> first try, and 17% of those people give up trying to create an account. The
> success rate for account creation is less than 50%, in no small part due to
> the captcha.
>
> I'd love to eliminate giving our users that headache.
>
> Dan
>

I would suggest to ask on a village pump and alter the configuration per local consencus.

svetlana

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 07/11/14 19:17, svetlana wrote:
> I would suggest to ask on a village pump and alter the configuration per local consencus.

We tried that before and the answer was "OMG no", even though nobody
bothered to look at the logs. It turns out that the captcha we were
using was broken from the outset -- trivially solvable with OCR -- but
apparently that didn't affect anyone's opinion of whether or not it
should be enabled.

According to reports from non-WMF users of ConfirmEdit, FancyCaptcha
has little effect on spam rate. See the table here for a summary:

https://www.mediawiki.org/wiki/Extension:ConfirmEdit

Anyway, sure, let's ask on some more village pumps.

-- Tim Starling


_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
+1 on Tim. FancyCaptcha is worse than useless.

Nemo

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
Tim Starling wrote:
>On 07/11/14 19:17, svetlana wrote:
>> I would suggest to ask on a village pump and alter the configuration
>>per local consencus.
>
>We tried that before and the answer was "OMG no", even though nobody
>bothered to look at the logs. It turns out that the captcha we were
>using was broken from the outset -- trivially solvable with OCR -- but
>apparently that didn't affect anyone's opinion of whether or not it
>should be enabled.
>
>According to reports from non-WMF users of ConfirmEdit, FancyCaptcha
>has little effect on spam rate. See the table here for a summary:
>
>https://www.mediawiki.org/wiki/Extension:ConfirmEdit
>
>Anyway, sure, let's ask on some more village pumps.

I think that's unfair.

Wikis have a serious spam problem. People associate CAPTCHAs with spam
prevention. On the English Wikipedia, one of the actions that results in
the user being required to successfully enter a CAPTCHA is adding an(y?)
external link to a page as a newly registered user. This, of course, in
addition to the CAPTCHA presented when registering an account (consider
that many new account creations only come about as the result of the
requirement for an account to make a new page on the English Wikipedia).

Why not disable the extension for a week and see what happens? If you're
wrong and there's a marked increase in wiki spam (account creations and
edits), then you can help devise a better solution than a CAPTCHA.
CAPTCHAs are clearly not a sustainable fix to the underlying problems they
were implemented to address, or so I think you're saying. If you're right
and the CAPTCHA is simply ineffective and unneeded, we've eliminated some
code from production and we can move on. In other words: what exactly is
stopping you from disabling the extension?

MZMcBride



_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 11/7/14, Federico Leva (Nemo) <nemowiki@gmail.com> wrote:
> +1 on Tim. FancyCaptcha is worse than useless.
>
> Nemo
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Literally an anti-captcha. Letting bots in and keeping humans out.

Its like security through obscurity, minus the obscurity bit since its
been publicly talked about how weak it is for at least 3 years now -
https://www.elie.net/go/p22a

--bawolff

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
+1 for disabling CAPTCHs (at least in signup form).

Anyway, sysops already have enougth tools for treating abuse by spam bots
using AbuseFilter (e.g with rate filter).


On Sat, Nov 8, 2014 at 12:19 AM, MZMcBride <z@mzmcbride.com> wrote:

> Tim Starling wrote:
> >On 07/11/14 19:17, svetlana wrote:
> >> I would suggest to ask on a village pump and alter the configuration
> >>per local consencus.
> >
> >We tried that before and the answer was "OMG no", even though nobody
> >bothered to look at the logs. It turns out that the captcha we were
> >using was broken from the outset -- trivially solvable with OCR -- but
> >apparently that didn't affect anyone's opinion of whether or not it
> >should be enabled.
> >
> >According to reports from non-WMF users of ConfirmEdit, FancyCaptcha
> >has little effect on spam rate. See the table here for a summary:
> >
> >https://www.mediawiki.org/wiki/Extension:ConfirmEdit
> >
> >Anyway, sure, let's ask on some more village pumps.
>
> I think that's unfair.
>
> Wikis have a serious spam problem. People associate CAPTCHAs with spam
> prevention. On the English Wikipedia, one of the actions that results in
> the user being required to successfully enter a CAPTCHA is adding an(y?)
> external link to a page as a newly registered user. This, of course, in
> addition to the CAPTCHA presented when registering an account (consider
> that many new account creations only come about as the result of the
> requirement for an account to make a new page on the English Wikipedia).
>
> Why not disable the extension for a week and see what happens? If you're
> wrong and there's a marked increase in wiki spam (account creations and
> edits), then you can help devise a better solution than a CAPTCHA.
> CAPTCHAs are clearly not a sustainable fix to the underlying problems they
> were implemented to address, or so I think you're saying. If you're right
> and the CAPTCHA is simply ineffective and unneeded, we've eliminated some
> code from production and we can move on. In other words: what exactly is
> stopping you from disabling the extension?
>
> MZMcBride
>
>
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On Fri, Nov 7, 2014 at 2:19 PM, MZMcBride <z@mzmcbride.com> wrote:

> I think that's unfair.
>
> Wikis have a serious spam problem. People associate CAPTCHAs with spam
> prevention. On the English Wikipedia, one of the actions that results in
> the user being required to successfully enter a CAPTCHA is adding an(y?)
> external link to a page as a newly registered user. This, of course, in
> addition to the CAPTCHA presented when registering an account (consider
> that many new account creations only come about as the result of the
> requirement for an account to make a new page on the English Wikipedia).
>
> Why not disable the extension for a week and see what happens? If you're
> wrong and there's a marked increase in wiki spam (account creations and
> edits), then you can help devise a better solution than a CAPTCHA.
> CAPTCHAs are clearly not a sustainable fix to the underlying problems they
> were implemented to address, or so I think you're saying. If you're right
> and the CAPTCHA is simply ineffective and unneeded, we've eliminated some
> code from production and we can move on. In other words: what exactly is
> stopping you from disabling the extension?
>

When we did usability tests of the new version and the old version, it was
exceedingly clear that what Jon has said is true: the CAPTCHA is by far the
most painful part of our signup form. Results and videos of those tests at:
https://www.mediawiki.org/wiki/Account_creation_user_experience/User_testing

Back in the day, when we did the last redesign of the signup form, we
considered running an A/B test of removing the CAPTCHA. Docs for that are
at https://meta.wikimedia.org/wiki/Research:Account_creation_UX/CAPTCHA

The "turn it off for a week and see what happens with spam" test is the
easiest implementation of the above, and even though normally it's a great
way to produce garbage data (not being a controlled experiment) I'd be in
favor of trying it. Every indication we have is that we'd get marked
increases in signup conversion rates (ours are not great -- only 30% of
visitors complete the form successfully IIRC).

For some more background, when we proposed something like that to Chris
Steipp he was pretty iffy about it, and he's not wrong. At other sites that
don't have a CAPTCHA on signup (like Facebook, Quora, others) they avoid a
spam problem in part because they require an email address and
confirmation. For some irrational reason, even in the era of throwaway
email accounts from web services, not requiring email is some kind of
sacred cow among Wikimedians, even if it would make it an easy choice to
throw away our wretched CAPTCHA.

If we want to avoid spam bots signing up, there is going to be a hit in
ease of use somewhere. Our network of sites is just too large to avoid
being a target. It's just a matter of testing to see how much we can reduce
that hit, and which method might be less easy.
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
>
> For some more background, when we proposed something like that to Chris
> Steipp he was pretty iffy about it, and he's not wrong. At other sites
that
> don't have a CAPTCHA on signup (like Facebook, Quora, others) they avoid a
> spam problem in part because they require an email address and
> confirmation. For some irrational reason, even in the era of throwaway
> email accounts from web services, not requiring email is some kind of
> sacred cow among Wikimedians, even if it would make it an easy choice to
> throw away our wretched CAPTCHA.

Because spam bots can't answer email?

> If we want to avoid spam bots signing up, there is going to be a hit in
> ease of use somewhere. Our network of sites is just too large to avoid
> being a target. It's just a matter of testing to see how much we can
reduce
> that hit, and which method might be less easy.

There is really no evidence that the current hit in ease of use has any
affect on warding off spam bots.

--bawolff
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
Discussing an option with the community to test replacing registration
CAPTCHAs with an email requirement makes sense to me. I would support a
small, carefully designed test. If someone is motivated to create a
Wikimedia account and they don't want to register an email, they can be
given the option to have someone help them to set up an account via IRC,
Facebook, or other communications methods.

I'd very much like to hear input from stewards who deal with cross-wiki
spambots, so I suggest that the designers of the test consult with one or
more stewards during the test design process.

Pine
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
Umm. No. If ever you want major pushback from the broad international
community, requiring any kind of "documentation" to open an account will
probably work very well. I certainly would never have signed up for an
account on Wikipedia if I'd had to supply an email address.

Risker/Anne

On 9 November 2014 00:21, Pine W <wiki.pine@gmail.com> wrote:

> Discussing an option with the community to test replacing registration
> CAPTCHAs with an email requirement makes sense to me. I would support a
> small, carefully designed test. If someone is motivated to create a
> Wikimedia account and they don't want to register an email, they can be
> given the option to have someone help them to set up an account via IRC,
> Facebook, or other communications methods.
>
> I'd very much like to hear input from stewards who deal with cross-wiki
> spambots, so I suggest that the designers of the test consult with one or
> more stewards during the test design process.
>
> Pine
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
We're talking about a test, not a broad rollout (:

I'm curious, Risker: if you don't mind my asking, what about being required
to supply a throwaway email address would have discouraged you from opening
a Wikimedia account?

Pine
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On Sun, Nov 9, 2014 at 8:51 AM, Pine W <wiki.pine@gmail.com> wrote:

> We're talking about a test, not a broad rollout (:
>
> I'm curious, Risker: if you don't mind my asking, what about being required
> to supply a throwaway email address would have discouraged you from opening
> a Wikimedia account?
>
>
Having the email address attached to my account means that i can do
password reset, which has been rather helpful on a number of occasions.

It's a bit sad for folks who don't provide email, that there's not much we
can do to help them recover their account if they forget their password.

I understand that it can be a bit scary to have to provide this information
(what about a throwaway?), but yet is a tradeoff.

Cheers,
Katie



> Pine
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
@wikimediadc / @wikidata
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 9 November 2014 09:27, aude <aude.wiki@gmail.com> wrote:
> On Sun, Nov 9, 2014 at 8:51 AM, Pine W <wiki.pine@gmail.com> wrote:

>> I'm curious, Risker: if you don't mind my asking, what about being required
>> to supply a throwaway email address would have discouraged you from opening
>> a Wikimedia account?

> I understand that it can be a bit scary to have to provide this information
> (what about a throwaway?), but yet is a tradeoff.


I realise it'd be a pile of extra work, and I'm not sure how to
present it clearly - but what about a choice between solving the
captcha or supplying a working email address?


- d.

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On Nov 9, 2014 5:39 AM, "David Gerard" <dgerard@gmail.com> wrote:
>
> On 9 November 2014 09:27, aude <aude.wiki@gmail.com> wrote:
> > On Sun, Nov 9, 2014 at 8:51 AM, Pine W <wiki.pine@gmail.com> wrote:
>
> >> I'm curious, Risker: if you don't mind my asking, what about being
required
> >> to supply a throwaway email address would have discouraged you from
opening
> >> a Wikimedia account?
>
> > I understand that it can be a bit scary to have to provide this
information
> > (what about a throwaway?), but yet is a tradeoff.
>
>
> I realise it'd be a pile of extra work, and I'm not sure how to
> present it clearly - but what about a choice between solving the
> captcha or supplying a working email address?
>
>
> - d.
>
>

Does anyone have any attack scenario that is remotely plausible which
requiring a verified email would prevent?

--bawolff
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 11/09/2014 10:20 AM, Brian Wolff wrote:
> Does anyone have any attack scenario that is remotely plausible which
> requiring a verified email would prevent?

Spambots (of which there are multitude, and that hammer any mediawiki
site constantly) have gotten pretty good at bypassing captchas but have
yet to respond properly to email loops (and that's a more complicated
obstacle than first appears; throwaway accounts are cheap but any
process that requires a delay - however small - means that spambot must
now maintain state and interact rather than fire-and-forget).

I can tell you that on the (non-WMF) mediawiki installations I
administer, requiring email confirmation before being able to edit
reduced spambot editing by well over 95% without the number of spambots
being significantly afftected (it's still quite visible by the bot
/creating/ accounts).

But there is also a great heap of anecdotal data that shows that having
to provide an email account increases the barrier of entry to users
signing up. So, there's a tradeoff.

-- Marc


_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
Marc A. Pelletier wrote:
>But there is also a great heap of anecdotal data that shows that having
>to provide an email account increases the barrier of entry to users
>signing up. So, there's a tradeoff.

Eh, I think the anecdotal data (such as Facebook's and Google's hundreds
of millions account registrations) suggests that e-mail confirmation is
not a huge barrier to entry for legitimate users.

>Spambots (of which there are multitude, and that hammer any mediawiki
>site constantly) have gotten pretty good at bypassing captchas but have
>yet to respond properly to email loops (and that's a more complicated
>obstacle than first appears; throwaway accounts are cheap but any
>process that requires a delay - however small - means that spambot must
>now maintain state and interact rather than fire-and-forget).

Hmmm, I imagine many spambots have already made this investment if they're
dealing with popular systems that require e-mail address confirmation.

Wikimedia is different. You shouldn't even need an account to edit, much
less an e-mail address. But this is a philosophical and principle-based
(principled, if you will!) decision, not really a user experience or
technical decision, in my opinion.

I think calling this issue a sacred cow is a bit overblown, but requiring
an e-mail address would be a violation of our shared values. We strive to
be as open and independent as possible and requiring an e-mail address is
antithetical to that. If anything, we could provide e-mail address aliases
(e.g., mzmcbride@en.wikipedia.org) for our users as a side benefit.

MZMcBride



_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 11/09/2014 12:33 PM, MZMcBride wrote:
> Hmmm, I imagine many spambots have already made this investment if they're
> dealing with popular systems that require e-mail address confirmation.
>

No doubt there are some that do; but it's a very different technical
hurdle and the management tradeoff (and intrinsic delay) of an email
loop makes huge volume fire-and-forget impossible and rate limits the
amount of spamming that can sucessfuly be done - especially if duplicate
email addresses are further limited.

I'm not saying this is a good solution in general - or that it's a
panacea - but it's worth investigating.

-- Marc


_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: Our CAPTCHA is very unfriendly [ In reply to ]
On 09/11/14 06:21, Pine W wrote:
> Discussing an option with the community to test replacing registration
> CAPTCHAs with an email requirement makes sense to me. I would support a
> small, carefully designed test. If someone is motivated to create a
> Wikimedia account and they don't want to register an email, they can be
> given the option to have someone help them to set up an account via IRC,
> Facebook, or other communications methods.

It would be nice to have a link that leads the user to a
#wikipedia-accountcreation channel for getting help creating an account.
There are few ways to get thelp for an inexperienced user if they fail
at the create account form. It is orthogonal however on whether we use a
captcha or not.

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

1 2 3  View All