search

responsible-ai-collaborative / aiid

The AI Incident Database seeks to identify, define, and catalog artificial intelligence incidents.
https://incidentdatabase.ai
Other
172 stars 35 forks source link

Prevent abuse usage of the confirmation email #2418

Open pdcp1 opened 1 year ago

pdcp1 commented 1 year ago 
          We should add captchas and take some abuse prevention measures but it is another issue.

Originally posted by @cesarvarela in https://github.com/responsible-ai-collaborative/aiid/issues/2397#issuecomment-1815031829

pdcp1 commented 9 months ago

@kepae Should we use an open-source captcha solution? Or is it OK to implement a solution using reCaptcha?

kepae commented 9 months ago

An alternative would be Cloudflare Turnstile: https://www.cloudflare.com/products/turnstile/ The only open-source alternative I know of at the moment would require self-hosting a service – mCaptcha: https://github.com/mCaptcha/mCaptcha

I think generally it's okay to include optional dependencies web traffic tools. As long as it's easy to disable the functionality/check in the configuration at build time.

Are we seeing any abuse of email flows? If we implement this, it would also make sense to protect the account creation, as well.