Remove the CAPTCHA label hack from ConfirmEmailHooks::onAuthChangeFormField
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Urbanecm_WMF
	Oct 14 2025, 9:33 AM

Description

Background

GrowthExperiments (tries to) manipulate with the default behaviour of the CAPTCHA extension. Specifically, ConfirmEmailHooks::onAuthChangeFormField attempts to adds a "what is this?" link, see the message as an example.

Problem

There are two problems with this hack. Most importantly, changing the label is a highly unusual integration with ConfirmEdit (the extension powering CAPTCHA). Non-standard integrations are error-prone, which brings me to the second problem...

...During several tries, I was actually unable to reproduce this behaviour. The CAPTCHA field in create account looks always the same, regardless of whether GrowthExperiments is enabled. Below, you can find screenshots from enwiki and enwikivoyage (those two projects were picked, as enwiki has GrowthExperiments, and enwikivoyage doesn't).

enwiki screenshot	enwikivoyage screenshot

I'm also unable to trigger the link on other Growth projects.

Solution

Given the link broke and no one complained (likely for months, if not years), I propose to remove the code powering this capability. If we do not want to remove it, I suggest to move it to ConfirmEdit itself (upstreaming it), where it can be done in a sustainable way.

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Remove outdated signup form CAPTCHA customizations	mediawiki/extensions/GrowthExperiments	master	+0 -39

Customize query in gerrit

Related Objects

Mentioned In: T396954: Audit the list of dependencies GrowthExperiments has

Event Timeline

Urbanecm_WMF created this task.Oct 14 2025, 9:33 AM

Restricted Application added a project: Growth-Team. · View Herald TranscriptOct 14 2025, 9:33 AM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Urbanecm_WMF mentioned this in T396954: Audit the list of dependencies GrowthExperiments has.Oct 14 2025, 9:33 AM

@KStoller-WMF Would you be okay with us dropping the (now-broken) feature? Or is that something we should fix by upstreaming? What do you think?

Michael subscribed.Oct 14 2025, 10:12 AM

Urbanecm_WMF moved this task from Inbox to Current Quarter Backlog on the Growth-Team board.Oct 14 2025, 10:39 AM

Personally I think any sort of "What is this?" help message seems like unnecessary noise for any modern web user, and I agree it seems like we should just simplify and remove the broken code.

Side note: Won't this code be totally irrelevant in the future as we shift to a new captcha system anyway? AKA the hCaptcha work the Product Safety and Integrity team is working on.

Feel free to move to Up Next if this is a small fix you think we should consider ASAP.

KStoller-WMF moved this task from Current Quarter Backlog to Backlog on the Growth-Team board.Oct 17 2025, 12:10 AM

KStoller-WMF moved this task from Backlog to Triaged on the Growth-Team board.Oct 27 2025, 5:22 PM

In T407195#11283738, @KStoller-WMF wrote:

Personally I think any sort of "What is this?" help message seems like unnecessary noise for any modern web user, and I agree it seems like we should just simplify and remove the broken code.

Side note: Won't this code be totally irrelevant in the future as we shift to a new captcha system anyway? AKA the hCaptcha work the Product Safety and Integrity team is working on.

Yes, but a full rollout might be some months away, and is not guaranteed. So an interim fix is probably a good idea, assuming it is not a large amount of time.

Change #1199864 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/GrowthExperiments@master] Remove outdated signup form CAPTCHA customizations

https://gerrit.wikimedia.org/r/1199864

gerritbot added a project: Patch-For-Review.Oct 29 2025, 10:11 PM

matmarex claimed this task.Oct 29 2025, 10:17 PM

Urbanecm_WMF edited projects, added Growth-Team (FY2025-26 Q2 Sprint 2); removed Growth-Team.Oct 30 2025, 4:15 PM

Urbanecm_WMF moved this task from Incoming to QA on the Growth-Team (FY2025-26 Q2 Sprint 2) board.

Urbanecm_WMF triaged this task as Low priority.Oct 30 2025, 4:18 PM

Change #1199864 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@master] Remove outdated signup form CAPTCHA customizations

https://gerrit.wikimedia.org/r/1199864

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.1; 2025-11-05).Oct 30 2025, 5:00 PM

Maintenance_bot removed a project: Patch-For-Review.Oct 30 2025, 5:31 PM

DMburugu edited projects, added Growth-Team (FY2025-26 Q2 Sprint 3); removed Growth-Team (FY2025-26 Q2 Sprint 2).Nov 5 2025, 2:03 PM

DMburugu moved this task from Incoming to QA on the Growth-Team (FY2025-26 Q2 Sprint 3) board.

Additional AC: Remove ConfirmEdit from https://www.mediawiki.org/wiki/Extension:GrowthExperiments#Integrations

Urbanecm_WMF edited projects, added Growth-Team (FY2025-26 Q2 Sprint 4); removed Growth-Team (FY2025-26 Q2 Sprint 3).Nov 18 2025, 10:57 PM

Urbanecm_WMF moved this task from Incoming to QA on the Growth-Team (FY2025-26 Q2 Sprint 4) board.

DMburugu moved this task from QA to Test in Production on the Growth-Team (FY2025-26 Q2 Sprint 4) board.Nov 19 2025, 3:05 PM

Urbanecm_WMF edited projects, added Growth-Team (FY2025-26 Q2 Sprint 5); removed Growth-Team (FY2025-26 Q2 Sprint 4).Dec 2 2025, 5:48 PM

Urbanecm_WMF moved this task from Incoming to Test in Production on the Growth-Team (FY2025-26 Q2 Sprint 5) board.

This appears removed.

DMburugu closed this task as Resolved.Dec 3 2025, 1:31 PM

Remove the CAPTCHA label hack from ConfirmEmailHooks::onAuthChangeFormFieldClosed, ResolvedPublicActions