abompard
commented
4 years ago We need to think about the best way to do that (while staying privacy concious)
Closed pypingou closed 3 years ago
abompard
commented
4 years ago We need to think about the best way to do that (while staying privacy concious)
nirik
commented
4 years ago Yeah, do note that reCapcha is not at all free. :(
in fas we had a seperate app called 'basset' that did checking on new users, perhaps we want to look at adding in that functionality? It basically looked at spam/nonspam users and tried to 'guess' if a new account is a spam one based on all the info it had.
abompard
commented
4 years ago Yes, integrating with Basset has been our longest running needinfo ticket: #27. If you have any idea on how we could do that, I'm very interested.
pypingou
commented
4 years ago in fas we had a seperate app called 'basset' that did checking on new users, perhaps we want to look at adding in that functionality? It basically looked at spam/nonspam users and tried to 'guess' if a new account is a spam one based on all the info it had.
In FAS basset was ran once the account was created, FAS has its own captcha on the top of it :) (Basset was added because the captcha wasn't enough though)
abompard
commented
4 years ago Possible candidate library: https://github.com/Tethik/flask-session-captcha
bkmgit
commented
4 years ago There are some other options for example:
While not open source, Keycaptcha is fun https://www.keycaptcha.com/ and one could possibly implement something like this.
Overview of captcha advantages and disadvantages: https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts
I believe we may want to add some captcha or equivalent to the registration page to prevent script kitty to automate the process.
Note that email validation is not enough, a number of services on the internet offer throw-away mailbox that are basically only valid for the duration of your browser's session (or a few minutes/hours).