Re: [xwiki-devs] CAPTCHA module investigation

Hi Edy, Thanks for starting this investigation. However I think it’s the wrong one :) IMO we should investigate various CAPTCHA solutions but take a larger view at what the problem is. And, as you mentioned below, the problem is that of fighting SPAM, especially in comments. CAPTCHA is only one solution to solve this problem. And not a very effective one apparently.

I haven’t thought that much about it but I can imagine at least 4 other solutions that would be interesting to investigate: 1) When a user is not logged in and wants to post a comment, ask him for his name and email address in the comment. After he submits his comment, a mail is sent to him for validation and he has to click a link to confirm posting the message. 2) When a user is not logged in and after he clicks submit on a new comment, don’t make it active right away, but instead put it on a moderation queue. Once his message is approved he’ll then be able to post all further messages without approval. At some point I think it would be great to gamify xwiki.org and we could imagine giving points to users when they perform interesting actions and the more points they get the more authorizations they unlock: - registering: 1 point - posting the first comment: 1 point. Points required to post a comment: 1 (otherwise the comment is moderated) - first edition of a page: 1 point - first page created: 1 point - page deleted because not correct: -2 points (page moved: 0 point) - every 10 pages edited: 1 point - 100 points: permission to create a wiki on myxwiki.org - etc 3) Create an Admin UI screen to list all the comments in a livetable, sorted by the latest comment by default with action buttons to delete a the revision where the comment was addded + mass revision deletion action so that we can filter on the comment content and then delete all matching comments at once. This is more wiki-like than the other options 1) and 2) above but requires a higher amount of maintenance than 1 and 2. 4) Add the ability to integrate a 3rd-party comment system like intensedebate and disqus. FTR I have done that on my blog at myxwiki.org and I almost never get spam since they filter it for me: see http://massol.myxwiki.org/xwiki/bin/view/Blog/AnonymousComments (wow, time flies, this was in 2009 :)) Similar strategies can be applied for registration (at least for 1) - which is already supported! and 2). WDYT? I think it’s worth expanding the discussion/investigation to ways of reducing spam rather than focusing just on captcha which are far from enough IMO. BTW solution 2) will fix human spam too, something captcha will never be able to do by definition! :) Thanks -Vincent On 26 Jan 2015 at 19:10:59, Eduard Moraru (enygma2002@gmail.com(mailto:enygma2002@gmail.com)) wrote: _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs