Closed zekroTJA closed 2 years ago
I personally hate these systems, I often have privacy concerns when loging in into dashboards of unknown bots and know other users who have similar issues. Because of this, I would suggest either using a similar system to OTA (for example a personalized link, so users don't need to log in and can solve the captcha immediately) or sending the user one of these fancy captcha-images and they have to reply with the characters on it (see attached image)
I personally hate these systems, I often have privacy concerns when loging in into dashboards of unknown bots and know other users who have similar issues. Because of this, I would suggest either using a similar system to OTA (for example a personalized link, so users don't need to log in and can solve the captcha immediately) or sending the user one of these fancy captcha-images and they have to reply with the characters on it (see attached image)
Yeah, I understand the concern, especially because shinpuru is not a really well-known bot. I don't really like to use OTA tokens to do that, because they are kinda insecure. I might change the OTA login system in a way that you can only use the token for verification. But this way and also the way sending the verification captcha via DM requires that the user has DMs enabled and would require alternative fallbacks if this requirement is not met, which would make things more complicated.
But yeah, I will think through this concern. Thank you for the contribution. :)
Type
A new feature
Description
When enabled, new users which join a Discord are getting sent a DM (or being shown a message in a specified channel only visible to new members) with a link to the shinpuru web panel where they first need to log in and then need to verify a captcha to verify their account.
hCaptcha could be used for the captcha verification, for example. https://www.hcaptcha.com
Attachments
No response