Wikimedia captchas are a significant accessibility and inclusion problem - they block something like a quarter of registrations, and are especially hard on non-English-speaking users and users with visual disabilities. At the same time they are poor at stopping spambots and can be broken by off-the-shelf OCR software (here's an example of someone doing that). There have been many, many discussions on this issue (see T241921: Fix Wikimedia captchas for a summary); one recommendation that comes up regularly is to just disable the captcha and see if there is any extra spam, and if there is whether it is manageable by other kinds of automation - since breaking the captcha is so easy, it is not unreasonable to assume that whoever cares about it did it already, and the spambots which are dumb enough to be stopped by the captcha are easy to filter in other ways.
This task proposes organizing such an experiment. Ground rules:
- needs community consensus on the wikis where it happens
- needs prior commitment to clean up resulting spam
- needs buy-in from WMF Security team
Rough outline:
- select a sequence of wikis to test on (probably a beta cluster wiki first, then mediawiki.org, then a small or mid-sized Wikipedia)
- agree on success and abort criteria
- make sure there's community support and enough volunteers to monitor, handle abuse filters and other protective mechanisms, and nuke the bots which get true while the filters are being tweaked
- optional: replace FancyCaptcha with a trivial QuestyCaptcha (something like "type 'I am a human'") which probably still keeps out dump spambots
- disable captcha entirely
- assuming spam remains manageable, run the experiment for a week or so, then move to next wiki