Page MenuHomePhabricator

Implement SliderCaptcha in ConfirmEdit
Open, Needs TriagePublic


Our current CAPTCHA system is broken. It is easy on bots but hard on humans. I proposed ReCaptcha by Google but that would violate WMF privacy policy.

I found another solution called SliderCaptcha. Basically the way this works is that upon saving/creating an account/etc., a popup with an image and a puzzle piece appears on screen. Using the slider, the puzzle piece must be moved in the correct place. Similar to this mockup, except that the CAPTCHA can also be done in English:

SliderCaptcha mockup.png (1×1 px, 386 KB)

The code is Apache/MIT licensed so it should not be too difficult to implement on ConfirmEdit.

Something similar is already used on TikTok and Genshin Impact and appears to be somewhat effective at stopping bots in their tracks. We can do the same, but with images from the Wikimedia Commons (probably images of places or tech or cookies or something like that).

Event Timeline

The code is MIT licensed so it should not be too difficult to implement on ConfirmEdit.

No, but the "server" might be harder for WMF production. Whether Java/Spring or .NET... Could be fun

I also imagine this isn't very helpful for Accessibility issues

Unfortunately, that is a downside. We will still need an audio option. But this may be one step in the right direction, as it is pretty obvious that you need to fill the puzzle piece, which is a lot more accessible than the blurry mess you get from our current CAPTCHAs.

image.png (255×462 px, 17 KB)

Audio captchas are pretty easily broken, so I imagine we're not going to use them No point having a stronger captcha system if you still have an easily broken fallback.

Fine, then maybe just upgrade to slidercaptcha and do nothing else. The text CAPTCHAs are very broken anyway.

And have been for many years. We know.

It's also not as simple as "just upgrade to...".

@Awesome_Aasim: Please also see the many existing tickets and discussions about a better Captcha system, and please consider avoiding "just". Thanks.

Hah, maybe just add this as a feature to confirmedit.

Oh, I used "Just" again xD

And again xD

But out of all seriousness, I think SliderCaptcha would be worth an experiment on Wikimedia projects and something that should be added to ConfirmEdit for other projects.

If someone wants to implement it, pull requests welcome