Ricordisamoa wrote:
Il 09/11/2014 18:33, MZMcBride ha scritto:
Marc A. Pelletier wrote:
But there is also a great heap of anecdotal data that shows that having
to provide an email account increases the barrier of entry to users
signing up. So, there's a tradeoff.
Eh, I think the anecdotal
Il 18/03/2015 04:30, MZMcBride ha scritto:
Ricordisamoa wrote:
Il 09/11/2014 18:33, MZMcBride ha scritto:
Marc A. Pelletier wrote:
But there is also a great heap of anecdotal data that shows that having
to provide an email account increases the barrier of entry to users
signing up. So,
Il 09/11/2014 18:33, MZMcBride ha scritto:
Marc A. Pelletier wrote:
But there is also a great heap of anecdotal data that shows that having
to provide an email account increases the barrier of entry to users
signing up. So, there's a tradeoff.
Eh, I think the anecdotal data (such as
Il 10/11/2014 17:23, Chris Steipp ha scritto:
On the general topic, I think either a captcha or verifying an email makes
a small barrier to building a bot, but it's significant enough that it
keeps the amateur bots out. I'd be very interested in seeing an experiment
run to see what the exact
Max Semenik wrote:
I'm pretty sure most users technical enough to use IRC are able to solve
captchas well.
That the backend is irc-based doesn't mean the would use a IRC frontend.
We routinely point to web irc, and plenty of noobs have proven able to
reach there
(sometimes even thinking we
Robert Rohde wrote:
I suspect we could weed out a lot of spammy link behavior by designing an
external link classifier that used knowledge of what external links are
frequently included and what external links are frequently removed to
generate automatic good / suspect / bad ratings for new
20 minutes of test are really not enough. I didn't find a significant
increase in spam: if I see correctly, some more inactive accounts were
created and 2 userpages, which had not been previously created, were
added by two IPs.
Let's collect information on
On Wed, Dec 3, 2014 at 9:15 PM, Chad innocentkil...@gmail.com wrote:
On Wed Dec 03 2014 at 8:18:53 PM MZMcBride z...@mzmcbride.com wrote:
svetlana wrote:
On Thu, 4 Dec 2014, at 15:02, MZMcBride wrote:
We disabled the CAPTCHA entirely on test.wikipedia.org a few weeks ago.
The wiki seems
Steven Walling wrote:
There are about a million IP edits a month on English Wikipedia alone, last
time we checked.[1] If we increased anonymous bot spam by even only 1/10th
of the total number of edits before we managed to put IP blocks in place,
that's still 100k edits worth of spam.
That's
Until they fix captcha or allow Global Filters to become truly global,
there will always be a risk of spambots. For someone who deals with
these on a regular basis and has been doing it for years, making the
Captcha system more friendly to users also means making it more
'friendly' to spam bot
On Thu Dec 04 2014 at 2:45:39 PM Chris Steipp cste...@wikimedia.org wrote:
On Wed, Dec 3, 2014 at 9:15 PM, Chad innocentkil...@gmail.com wrote:
On Wed Dec 03 2014 at 8:18:53 PM MZMcBride z...@mzmcbride.com wrote:
svetlana wrote:
On Thu, 4 Dec 2014, at 15:02, MZMcBride wrote:
We
On Wed, Dec 3, 2014 at 9:27 PM, svetlana svetl...@fastmail.com.au wrote:
I like how my message to try abandoning captcha entirely came up with a
myriad of complaints how we can be smart, enable new captcha which is unique,
etc.
Let's measure the impact.
Could someone kindly please do some
On Fri, Dec 5, 2014 at 7:48 AM, Comet styles cometsty...@gmail.com wrote:
Until they fix captcha or allow Global Filters to become truly global,
there will always be a risk of spambots. For someone who deals with
these on a regular basis and has been doing it for years, making the
Captcha
On Thu, Dec 4, 2014 at 4:48 PM, Comet styles cometsty...@gmail.com wrote:
Until they fix captcha or allow Global Filters to become truly global,
there will always be a risk of spambots. For someone who deals with
these on a regular basis and has been doing it for years, making the
Captcha
Chad wrote:
Well that was a fun experiment for an hour. Turns out captchas do actually
stop a non-zero amount of spam on non-test wikis.
Mediawiki.org logs tell the story pretty clearly.
This has been rolled back.
:-(
https://www.mediawiki.org/wiki/Special:Log/delete
I spent a bit of time
On Thu, Dec 4, 2014 at 8:08 PM, MZMcBride z...@mzmcbride.com wrote:
snip
Robert, let me know if you want access on mediawiki.org to look at the
deleted edits, though they're quite boring.
It wouldn't hurt to take a look. Though I suspect getting feedback from
people who look at these things
On Fri, Dec 5, 2014 at 11:08 AM, MZMcBride z...@mzmcbride.com wrote:
Chad wrote:
Well that was a fun experiment for an hour. Turns out captchas do actually
stop a non-zero amount of spam on non-test wikis.
Mediawiki.org logs tell the story pretty clearly.
This has been rolled back.
:-(
regards
Florian Schmidt
-Original-Nachricht-
Betreff: Re: [Wikitech-l] Our CAPTCHA is very unfriendly
Datum: Mon, 10 Nov 2014 17:23:46 +0100
Von: Chris Steipp cste...@wikimedia.org
An: Wikimedia developers wikitech-l@lists.wikimedia.org
On Sunday, November 9, 2014, Platonides platoni
I like these thoughts:
- https://lists.wikimedia.org/pipermail/wikitech-l/2014-November/079340.html
Literally an anti-captcha. Letting bots in and keeping humans out.
- https://lists.wikimedia.org/pipermail/wikitech-l/2014-November/079346.html
Why not disable the ConfirmEdit extension for a week
On Wed Dec 03 2014 at 1:27:33 PM svetlana svetl...@fastmail.com.au wrote:
I like these thoughts:
- https://lists.wikimedia.org/pipermail/wikitech-l/2014-
November/079340.html Literally an anti-captcha. Letting bots in and
keeping humans out.
-
The main reason our captcha is easy for bots to bypass isn't because it's
easy to read (it's not); it's because it works the same way as 90% of other
captcha's on the internet. So if you're a spam-bot writer, all you have to
do is download one of the dozens of generic captcha-breaking programs on
On 3 December 2014 at 23:08, Ryan Kaldari rkald...@wikimedia.org wrote:
Surely we can come up with a creative idea that is:
* Easy for humans to solve
* Can't be solved by out-of-the-box captcha breakers
* Isn't trivial for programmers to solve
* isn't an abomination for accessibility
-
- Original Message -
From: Ryan Kaldari rkald...@wikimedia.org
spambots. We just have to jump out of the existing captcha design
band-wagon. Here are some ideas:
Surely we can come up with a creative idea that is:
* Easy for humans to solve
* Can't be solved by out-of-the-box
I like how my message to try abandoning captcha entirely came up with a myriad
of complaints how we can be smart, enable new captcha which is unique, etc.
Let's measure the impact.
Could someone kindly please do some metrics on these cases after a user opened
an edit box:
- edit saved without
It's a cool idea. Also not usable by those who are visually impaired, as
best I can tell.
I'm going to be honest, I think svetlana may be on to something.
Risker/Anne
On 3 December 2014 at 18:17, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Ryan Kaldari
On 04/12/14 10:08, Ryan Kaldari wrote:
The main reason our captcha is easy for bots to bypass isn't because it's
easy to read (it's not);
Actually, it's extremely easy to read. As I said in the commit message
on I05b5bb6, I was able to break 66% of FancyCaptcha images with the
open source OCR
svetlana wrote:
I like how my message to try abandoning captcha entirely came up with a
myriad of complaints how we can be smart, enable new captcha which is
unique, etc.
Let's measure the impact.
We disabled the CAPTCHA entirely on test.wikipedia.org a few weeks ago.
The wiki seems to be about
Hi,
On Thu, 4 Dec 2014, at 15:02, MZMcBride wrote:
svetlana wrote:
I like how my message to try abandoning captcha entirely came up with a
myriad of complaints how we can be smart, enable new captcha which is
unique, etc.
Let's measure the impact.
We disabled the CAPTCHA entirely on
MZ: you mean removing just for account creation right? There is also a
CAPTCHA delivered on external link addition for some editors–I think IPs
and users not autoconfirmed. This is probably a lot more important for
combating spam.
(Sorry for top posting. On my phone.)
On Wed, Dec 3, 2014 at 8:03
svetlana wrote:
On Thu, 4 Dec 2014, at 15:02, MZMcBride wrote:
We disabled the CAPTCHA entirely on test.wikipedia.org a few weeks ago.
The wiki seems to be about the same. It probably makes sense to continue
slowly disabling the CAPTCHA on wikis until users start to shout.
Perhaps we'll
We have many smart people, and undoubtedly we could design a better captcha.
However, no matter how smart the mousetrap, as long as you leave it strewn
around the doors and hallways, well-meaning people are going to trip over
it.
I would support removing the captcha from generic entry points,
On 2014-12-03 8:35 PM, Robert Rohde wrote:
However, captchas might be useful if used in conjunction with simple
behavioral analysis, such as rate limiters. For example, if an IP is
creating a lot of accounts or editing at a high rate of speed, those are
bad signs.
Don't we already do rate
Hi Robert,
With accounts it is no problem, we can just make them enter a captcha when
registering and assume they're human from now on.
However where an IP contributor enters a captcha, we can't assume it's human
because IPs are often shared. There is lots of past discussion on
On Wed, Dec 3, 2014 at 8:47 PM, Daniel Friesen dan...@nadir-seen-fire.com
wrote:
On 2014-12-03 8:35 PM, Robert Rohde wrote:
However, captchas might be useful if used in conjunction with simple
behavioral analysis, such as rate limiters. For example, if an IP is
creating a lot of accounts
Steven Walling wrote:
MZ: you mean removing just for account creation right? There is also a
CAPTCHA delivered on external link addition for some editors–I think IPs
and users not autoconfirmed. This is probably a lot more important for
combating spam.
For testwiki, we actually set
On Wed Dec 03 2014 at 8:18:53 PM MZMcBride z...@mzmcbride.com wrote:
svetlana wrote:
On Thu, 4 Dec 2014, at 15:02, MZMcBride wrote:
We disabled the CAPTCHA entirely on test.wikipedia.org a few weeks ago.
The wiki seems to be about the same. It probably makes sense to continue
slowly
On Wed Dec 03 2014 at 8:57:38 PM MZMcBride z...@mzmcbride.com wrote:
Steven Walling wrote:
MZ: you mean removing just for account creation right? There is also a
CAPTCHA delivered on external link addition for some editors–I think IPs
and users not autoconfirmed. This is probably a lot more
On Sunday, November 9, 2014, Platonides platoni...@gmail.com wrote:
On 07/11/14 02:52, Jon Harald Søby wrote:
The main concern is obviously that it is really hard to read, but there
are
also some other issues, namely that all the fields in the user
registration
form (except for the
On Sun, Nov 9, 2014 at 8:51 AM, Pine W wiki.p...@gmail.com wrote:
We're talking about a test, not a broad rollout (:
I'm curious, Risker: if you don't mind my asking, what about being required
to supply a throwaway email address would have discouraged you from opening
a Wikimedia account?
On 9 November 2014 09:27, aude aude.w...@gmail.com wrote:
On Sun, Nov 9, 2014 at 8:51 AM, Pine W wiki.p...@gmail.com wrote:
I'm curious, Risker: if you don't mind my asking, what about being required
to supply a throwaway email address would have discouraged you from opening
a Wikimedia
On Nov 9, 2014 5:39 AM, David Gerard dger...@gmail.com wrote:
On 9 November 2014 09:27, aude aude.w...@gmail.com wrote:
On Sun, Nov 9, 2014 at 8:51 AM, Pine W wiki.p...@gmail.com wrote:
I'm curious, Risker: if you don't mind my asking, what about being
required
to supply a throwaway email
On 11/09/2014 10:20 AM, Brian Wolff wrote:
Does anyone have any attack scenario that is remotely plausible which
requiring a verified email would prevent?
Spambots (of which there are multitude, and that hammer any mediawiki
site constantly) have gotten pretty good at bypassing captchas but
Marc A. Pelletier wrote:
But there is also a great heap of anecdotal data that shows that having
to provide an email account increases the barrier of entry to users
signing up. So, there's a tradeoff.
Eh, I think the anecdotal data (such as Facebook's and Google's hundreds
of millions account
On 11/09/2014 12:33 PM, MZMcBride wrote:
Hmmm, I imagine many spambots have already made this investment if they're
dealing with popular systems that require e-mail address confirmation.
No doubt there are some that do; but it's a very different technical
hurdle and the management tradeoff
On 09/11/14 06:21, Pine W wrote:
Discussing an option with the community to test replacing registration
CAPTCHAs with an email requirement makes sense to me. I would support a
small, carefully designed test. If someone is motivated to create a
Wikimedia account and they don't want to register an
On Nov 9, 2014 10:40 AM, David Gerard dger...@gmail.com wrote:
On 9 November 2014 09:27, aude aude.w...@gmail.com wrote:
On Sun, Nov 9, 2014 at 8:51 AM, Pine W wiki.p...@gmail.com wrote:
I'm curious, Risker: if you don't mind my asking, what about being
required
to supply a throwaway
On 07/11/14 02:52, Jon Harald Søby wrote:
The main concern is obviously that it is really hard to read, but there are
also some other issues, namely that all the fields in the user registration
form (except for the username) are wiped if you enter the CAPTCHA
incorrectly. So when you make a
On 09/11/14 17:19, Marc A. Pelletier wrote:
On 11/09/2014 10:20 AM, Brian Wolff wrote:
Does anyone have any attack scenario that is remotely plausible which
requiring a verified email would prevent?
Spambots (of which there are multitude, and that hammer any mediawiki
site constantly) have
For purposes of account creation, I think of spambots and vandalbots as
being in the same.
If our CAPTCHAs are deterring a significant percentage of humans while
allowing a significant percentage of bots through, we should change
something.
Pine
On Nov 9, 2014 4:38 PM, Platonides
I'm pretty sure most users technical enough to use IRC are able to solve
captchas well.
On Sun, Nov 9, 2014 at 3:45 PM, Platonides platoni...@gmail.com wrote:
On 09/11/14 06:21, Pine W wrote:
Discussing an option with the community to test replacing registration
CAPTCHAs with an email
On 9 November 2014 02:51, Pine W wiki.p...@gmail.com wrote:
We're talking about a test, not a broad rollout (:
I'm curious, Risker: if you don't mind my asking, what about being
required to supply a throwaway email address would have discouraged you
from opening a Wikimedia account?
Pine
+1 for disabling CAPTCHs (at least in signup form).
Anyway, sysops already have enougth tools for treating abuse by spam bots
using AbuseFilter (e.g with rate filter).
On Sat, Nov 8, 2014 at 12:19 AM, MZMcBride z...@mzmcbride.com wrote:
Tim Starling wrote:
On 07/11/14 19:17, svetlana wrote:
On Fri, Nov 7, 2014 at 2:19 PM, MZMcBride z...@mzmcbride.com wrote:
I think that's unfair.
Wikis have a serious spam problem. People associate CAPTCHAs with spam
prevention. On the English Wikipedia, one of the actions that results in
the user being required to successfully enter a CAPTCHA
For some more background, when we proposed something like that to Chris
Steipp he was pretty iffy about it, and he's not wrong. At other sites
that
don't have a CAPTCHA on signup (like Facebook, Quora, others) they avoid a
spam problem in part because they require an email address and
Umm. No. If ever you want major pushback from the broad international
community, requiring any kind of documentation to open an account will
probably work very well. I certainly would never have signed up for an
account on Wikipedia if I'd had to supply an email address.
Risker/Anne
On 9
We're talking about a test, not a broad rollout (:
I'm curious, Risker: if you don't mind my asking, what about being required
to supply a throwaway email address would have discouraged you from opening
a Wikimedia account?
Pine
___
Wikitech-l mailing
On Fri, 7 Nov 2014, at 16:33, Dan Garry wrote:
On 6 November 2014 21:06, Tim Starling tstarl...@wikimedia.org wrote:
I think it would be best if we just removed the captcha, rather than
deploying a new engine.
I'd absolutely love that.
On the mobile app, almost everyone who tries to
On 07/11/14 19:17, svetlana wrote:
I would suggest to ask on a village pump and alter the configuration per
local consencus.
We tried that before and the answer was OMG no, even though nobody
bothered to look at the logs. It turns out that the captcha we were
using was broken from the outset
+1 on Tim. FancyCaptcha is worse than useless.
Nemo
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 11/7/14, Federico Leva (Nemo) nemow...@gmail.com wrote:
+1 on Tim. FancyCaptcha is worse than useless.
Nemo
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Literally an
Tim Starling wrote:
On 07/11/14 19:17, svetlana wrote:
I would suggest to ask on a village pump and alter the configuration
per local consencus.
We tried that before and the answer was OMG no, even though nobody
bothered to look at the logs. It turns out that the captcha we were
using was broken
Hi all,
My apologies if this is the wrong place to start a discussion on this, but
it's a better place than nowhere. I recently took part in two very
different Wikipedia workshops -- one in Uganda for schoolchildren aged
14-17, and one Bodø, Norway, for GLAM people aged 35-55. One glaringly
Wasn't a new CAPTCHA engine merged a couple weeks ago? What's the status of
that? If I remember, the goal of the new engine was to make the CAPTCHA more
difficult for bots, so it may (or may not) make things worse for humans. Have
we ever done any research to find out how likely humans are to
I think it would be best if we just removed the captcha, rather than
deploying a new engine.
-- Tim Starling
On 07/11/14 13:13, Ryan Kaldari wrote:
Wasn't a new CAPTCHA engine merged a couple weeks ago? What's the
status of that? If I remember, the goal of the new engine was to
make the
On 6 November 2014 21:06, Tim Starling tstarl...@wikimedia.org wrote:
I think it would be best if we just removed the captcha, rather than
deploying a new engine.
I'd absolutely love that.
On the mobile app, almost everyone who tries to create an account is shown
a captcha. Of those people,
I'm interested both in improving our user stats and stamping out spambots.
Dan, how do we know that those 17 percent were predominantly humans?
I've heard that automated captcha cracking is common. Perhaps so, but if
taking away captchas increases the workload of stewards and admins, that
On 6 November 2014 22:39, Pine W wiki.p...@gmail.com wrote:
I'm interested both in improving our user stats and stamping out spambots.
Dan, how do we know that those 17 percent were predominantly humans?
We don't know for certain that they're human. That said, why would a
spambot try to use
Good point. Perhaps there is a case to be made for a small-scale experiment
of removing the CAPTCHA. I suggest consulting the stewards for their
thoughts. We have at least one steward who is supposedly an expert on
spambots, and his input may be valuable. You might also consult the admins
of
68 matches
Mail list logo
