Page MenuHomePhabricator

Move input device dynamics logging to backend
Open, Needs TriagePublic

Description

Logging input device dynamics from Javascript was a short-sighted setup: it creates unnecessary difference between a data collection setup and a setup that actively adjusts captcha behavior. Also, it makes it unnecessarily to enrich the data with things that are only available at the backend (e.g. the correct captcha value, or even the success status of the form submit), and to track registrations which did not submit any JS data.

To fix that:

  • Move the code from WikimediaEvents to ConfirmEdit.
  • Use the AuthChangeFormFields hook to add a hidden field to the form which can be used to pass data from the client to the server. (That hook could also be used to add the logging module in a little more targeted manner than it is being done currently.)
  • Have the Javascript code write the data into the hidden field on submission, instead of directly sending it to EventLogging.
  • Log registration attempts to EventLogging on the backend (presumably in CaptchaPreAuthenticationProvider::testForAuthentication), with the input dynamics data if present. Also add in some useful fields like whether the registration was on the mobile site, and whether it was done via API.
  • Maybe send some high-level info to Graphite to make it easy to track the ratio of human / bot signups (for some very simple approximation of who is a bot) - see T152219: Statistics on Captcha success/failure rate.