search

responsible-ai-collaborative / aiid

The AI Incident Database seeks to identify, define, and catalog artificial intelligence incidents.
https://incidentdatabase.ai
Other
170 stars 35 forks source link

Prevent abuse usage of the confirmation email #2418

Open pdcp1 opened 10 months ago

pdcp1 commented 10 months ago 
          We should add captchas and take some abuse prevention measures but it is another issue.

Originally posted by @cesarvarela in https://github.com/responsible-ai-collaborative/aiid/issues/2397#issuecomment-1815031829

pdcp1 commented 7 months ago

@kepae Should we use an open-source captcha solution? Or is it OK to implement a solution using reCaptcha?

kepae commented 7 months ago

An alternative would be Cloudflare Turnstile: https://www.cloudflare.com/products/turnstile/ The only open-source alternative I know of at the moment would require self-hosting a service – mCaptcha: https://github.com/mCaptcha/mCaptcha

I think generally it's okay to include optional dependencies web traffic tools. As long as it's easy to disable the functionality/check in the configuration at build time.

Are we seeing any abuse of email flows? If we implement this, it would also make sense to protect the account creation, as well.