Page MenuHomePhabricator

<Security Initiative> Improving Captcha
Open, Stalled, MediumPublic10 Estimated Story Points

Description

Request Status: Discovery Phase by Platform PM
Request Type: research

Request Title: Improve Captchas

  • Request Description: For several years, we have discussed improvements or alternatives to Fancy Captcha in order to decrease bots getting past the captcha and to also have a more inclusive captcha experience for users (ex: captcha being in all capital letters for those not familiar with English alphabet in lower case). This ticket is to review what are realistic solutions that address both our inclusivity and security needs.
  • Indicate Priority Level: Medium
  • Main Requestors: Security
  • Ideal Delivery Date: N/A
  • Stakeholders: Trust & Safety, community, front-end teams, PET

Request Documentation

Document TypeRequired?Document/Link
Related PHAB TicketsYesT250227: Investigate and evaluate hCaptcha to replace Wikimedia's Fancy Captcha ]]
Product One PagerYes<add link here>
Product Requirements Document (PRD)Yeshttps://docs.google.com/document/d/12vl4vCZivUvZWJ0yW_OWAh_AwxjrLfKzGu-RjOtRllE/edit#heading=h.5i20fdfevq7o
Product RoadmapYes<add link here>
Product Planning/Business CaseNo<add link here>
Product BriefNo<add link here>
Other LinksNo<add links here>

Event Timeline

DAbad triaged this task as Medium priority.Aug 24 2021, 6:05 PM
DAbad set the point value for this task to 10.
DAbad changed the task status from Open to Stalled.Oct 14 2021, 3:13 PM
DAbad raised the priority of this task from Medium to High.
DAbad moved this task from Investigate to Ready/Groomed on the Foundational Technology Requests board.

Currently the Product teams are taking the following steps:

  • Discovery to scope the problem statement from a product perspective and drafting high level product requirements
  • Determining how to better instrument data from current captchas, to help inform decisions around what to do with captcha generally

@DAbad: Would T250227: Investigate and evaluate hCaptcha to replace Wikimedia's Fancy Captcha be a parent or subtask of this task? If it is, feel free to set that semantic connection via Edit Related Tasks.... Thanks!

John B. to send aggregated report from security perspective

More documentation

John B. to send aggregated report from security perspective

Looks like it's already referenced at the bottom of the PRD.

DAbad lowered the priority of this task from High to Medium.Tue, Nov 30, 8:23 PM

Technology Steering Committee Meeting on November 10, 2021:

  • Recapped our discussion with Legal and Security on next steps for Captcha where we agreed that we need to have a dedicated team supporting this type of work.
  • As agreed during steering committee, we will move this to the Parking lot for now and focus on what resources we need to support this and similar work for security.
DAbad renamed this task from <Research> Improving Captcha to <Security Initiative> Improving Captcha.Wed, Dec 8, 9:29 PM