Mailing List Archive: Cloudflare Turnstile as a CAPTCHA alternative?

Hello all,

I would like to draw your attention to task [T333770](https://phabricator.wikimedia.org/T333770) I created several months ago, for evaluating Cloudflare Turnstile as an alternative to Wikimedia's Fancy Captcha which is broken in [multiple](https://phabricator.wikimedia.org/T289607) [ways](https://phabricator.wikimedia.org/T6845).

This is just my suggestion from a volunteer's perspective. I can see growing adoption of Turnstile in the wild (like Bing AI) in the past months, and it looks like a good balance between accessibility and bot-stopping ability. Consequently, it may better fit us than hCaptcha.

I have described the pros and cons in the task. Hope somebody responsible for this area could take a look at this alternative. It will be much appreciated!

Best,
Diskdance

I would be really strongly opposed to the introduction of any kind of
third-party browser fingerprinting technology into Wikimedia sites
(which seems to be effectively what Cloudflare Turnstile is). Their
marketing gumpf about "not harvesting information" does not really track
with their technical definition which seems to indicate that this
technology would use an invasive unique Javascript-based browser
fingerprint to determine if the user is a bot.

Wikimedia sites are often afforded a lot more trust than most other random
sites on the internet, which in turn means that for a lot of users, a small
amount of information about their activity on Wikimedia would be sufficient
to uniquely identify them. Allowing third-party sites to abuse this
implicit trust that many people have on Wikimedia sites and profile and
track our users is a step in the wrong direction in my honest opinion.

Sohom Datta
---
Open-source contributor @Wikimedia, @Chromium

On Sat, Dec 16, 2023 at 10:55?AM psnbaotg via Wikitech-l <
wikitech-l@lists.wikimedia.org> wrote:

> Hello all,
>
> I would like to draw your attention to task T333770
> <https://phabricator.wikimedia.org/T333770> I created several months ago,
> for evaluating Cloudflare Turnstile as an alternative to Wikimedia's Fancy
> Captcha which is broken in multiple
> <https://phabricator.wikimedia.org/T289607> ways
> <https://phabricator.wikimedia.org/T6845>.
>
> This is just my suggestion from a volunteer's perspective. I can see
> growing adoption of Turnstile in the wild (like Bing AI) in the past
> months, and it looks like a good balance between accessibility and
> bot-stopping ability. Consequently, it may better fit us than hCaptcha.
>
> I have described the pros and cons in the task. Hope somebody responsible
> for this area could take a look at this alternative. It will be much
> appreciated!
>
> Best,
> Diskdance
> _______________________________________________
> Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org
> To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org
> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/