Author: Gerard.meijssen
Description:
It would be good when we had captcha phrases in other scripts. Combine this with a script selector and we have much improved usability while maintaining this security feature.
PS We have plenty of words in all scripts.. it is a matter of obfuscating them enough.
Thanks,
GerardM
Version: unspecified
Severity: enhancement
happy.melon.wiki wrote:
I bet 99% of captcha crackers can't even *begin* to analyse non-latin scripts. There's probably a significant increase in security to be had from opening up the character set used in the captchas.
matthew.britton wrote:
(In reply to comment #1)
I bet 99% of captcha crackers can't even *begin* to analyse non-latin scripts.
There's probably a significant increase in security to be had from opening up
the character set used in the captchas.
I don't see how, unless you start giving non-latin captchas to everyone, in which case we will quickly find outselves without any new accounts...
Gerard.meijssen wrote:
OK, let me see... English Wikipedia.. Latin Captcha, Hindi Wikipedia.. Devangari Captcha, Russian Wikipedia.. Cyrillic Wikipedia. That was not so hard? Hmmm suppose I want to start a profile on a Wiki with an "other" script... eh Single User Logon to the rescue !!! YEAH We might even have a drop down box to select the script of the Captcha..
I wonder, how many more people we will gain with this approach... actually nobody who does the Latin script!!
happy.melon.wiki wrote:
(In reply to comment #2)
(In reply to comment #1)
I bet 99% of captcha crackers can't even *begin* to analyse non-latin scripts.
There's probably a significant increase in security to be had from opening up
the character set used in the captchas.I don't see how, unless you start giving non-latin captchas to everyone, in
which case we will quickly find outselves without any new accounts...
If you give a Cyrillic captcha on ruwiki, that means only spambots that can read a cyrillic captcha (or who can navigate the vagarities of CentralAuth) can spam on ruwiki. Ditto for every other wiki on which we can serve a non-latin captcha. No, it doesn't provide increased security on say, enwiki, because we need to continue to serve latin captchas there, but wherever we *can* serve captchas in other scripts, we get improved security.
Gerard.meijssen wrote:
You do not get it. You want a Cyrillic captcha for those languages that are written in Cyrillic. This has nothing at all to do with en.wiki because there we only need to server a Latin captcha. People who use another script are likely to create their user on a wiki with that other script.
Thanks,
GerardM
happy.melon.wiki wrote:
(In reply to comment #5)
You do not get it.
{{fact}}
You want a Cyrillic captcha for those languages that are
written in Cyrillic.
Yup
This has nothing at all to do with en.wiki
Nope. That's why I said in comment 4 that "it doesn't [add anything] on say, enwiki"
because there
we only need to server a Latin captcha.
Yup
People who use another script are
likely to create their user on a wiki with that other script.
Yup. And since most spambots aren't going to be able to read Cyrillic captchas, most spambots can't do that. Ergo, improved security. Yes, the security increase is weakened by CentralAuth, but that doesn't mean there isn't a security increase. We'd be giving captchas that some spambots can't read (and improving accesibility at the same time). How can that be a *bad* thing?
(In reply to comment #7)
I think that this bug can be merged with Bug 5309.
I agree.