Topic on Extension talk:ConfirmEdit/Archive 03

Reverts on ConfirmEdit's QuestyCaptcha

6
Nemo bis (talkcontribs)

Hi

I noticed you reverted my edits to the ConfirmEdit Extension and, of course, I don't like it so I'm here to propose other changes.

The first edit removed a Previous Edit I made and added: DO NOT use an exact copy of the dynamic questions from the link -- they've been cracked by spammers. However other dynamic questions in the style of the questions presented are highly effective.(Blue used to high light removed section). Since the new posted questions have not been cracked by spammers it's no longer a true statement. How 'bout we change it to:Do Not use an exact copy of the dynamic questions from the link; it makes it easier for spammers to crack if everyone has the same questions. However other dynamic questions in the style of the questions presented are highly effective. Or something along those lines?

Your other revert was on this add:

QuestyCaptcha as an Alternative to the ConfirmAccount Extension

As an alternative to ConfirmAccount you can use the QuestyCaptcha, in following manner:

DO NOT disclose the answer in the question and ask a question that only you have the answer to. Redirect users to a page to that contains an email form to ask to join your wiki. This would require a contact page be somewhere inside your wiki. You can add an email page with this extension:ContactPage, via the Widgets Extension using the Widget:Google Form, or in several other ways.

Example Questy Confirm Account Alternative:

require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
$wgCaptchaClass = 'QuestyCaptcha';
$arr = array (
'You can only join this wiki by entering the secret code below.To receive the secret code you must register via email on this page:<a href="ContactPage">Contact Page</a> ' => 'YourSecretonlytoldbyemail',
);
foreach ( $arr as $key => $value ) {
        $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
}

Or alternatively if this is a small wiki community, and you do not wish "outside" users, you could only tell the secret answer to your selective community.

Small Community Example:

require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
$wgCaptchaClass = 'QuestyCaptcha';
$arr = array (
'This is a Members Only wiki. If you are a Member please enter the secret code below' => 'YourSecretcode',
);
foreach ( $arr as $key => $value ) {
        $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
}

Now I can understand that maybe that section should not be included in the page about setting up Captcha, but I still think it makes a more effective way of access control then Extension:ConfirmAccount. And since ConfirmEdit is part of the core the ways I listed above are easier for most then ConfirmAccount. What about adding it as a subpage to the extension with one line addition on the front page of the extension?

Something like this:

(sentence above ending).... highly effective.

(Add) Questy Captcha can also be used as an Alternative to the Confirm Account Extension. See: [[Subpage Name]]

Anyways just my thoughts. All the best to you.

This post was posted by Nemo bis, but signed as Christharp.

Nemo bis (talkcontribs)

Hello, I moved your question here so that others can give their opinion too. From your reply it seems you didn't read my edit summary: «Doesn't matter that they've been changed, they mustn't be copied anyway. QuestyCaptcha is part of ConfirmEdit, not an alternative to it. And we don't recommend usage of ConfirmEdit as a password restriction to editing.»

I still don't understand your usage of the word "alternative" and your usage of QuestyCaptcha for unguessable answers is not prevalent across MediaWikis.

Christharp (talkcontribs)

Hi

I did read your edit summary. Points:

  1. my suggested first new edit acknowledged your statement about them not being changed, but also acknowledged the truth that they no longer have been cracked.
  2. the second edit about using Questy as an alternative to ConfirmAccount -- is it can be used instead of the ConfirmAccount extension. The ConfirmAccount is a totally different extension for preventing account creation at will, allowing only sysops the power to confirm an account and add a user. Since, however, that requires downlaoding a new extension, adding a new database, etc., if the same functions can be achieved by other means, especially by using an extension that's part of the core it just makes sense. Basically ConfirmEdit makes the ConfirmAccount extension obsolete.

Sorry for my lack of clarity. All the best to you. I'll check out the talk page.

Nemo bis (talkcontribs)

Ok. But ConfirmEdit is an extension, although it's true that ConfirmAccount is not bundled. Installing ConfirmEdit and then using it just for password protection of account creation (you don't use the password captcha for anything else, right?) might be a bad idea for performance too, if its code is called on every edit.

More importantly, having to ask a password before registration is a bad user experience in general. At that point, why couldn't you create them an account directly when asked? Or use InviteSignup to offer them the possibility?

I do see a use for your idea; but I'd like to understand better why you consider it the best solution for your case. We need its rationale to be explained well in documentation, or we'll mislead users.

Christharp (talkcontribs)

Hi

The assumption that I think the ConfirmAccount is making is that wiki is set up to only allow editing from users (that assumption could be false). That assumption is the assumption I was assuming when I wrote the section -- forgetting some wikis allow editing by anonymous people.

The code would not be called anymore then it's currently called. It would be invoked when someone went to the sign in page to join, which is the same as it is when you Use ConfirmEdit now.

Bad User experience? Anymore then a Captcha? All Captchas are a bad user experience, but without them we would be flooded with spam bots. Recently on a wiki I own the Questy questions were cracked and I was flooded with something on the order of 1000 spam accounts before I stopped it. That wiki, unfortunately, is always open to the public so the answer I gave here doesn't work.Password or Captcha before registration suck, but both answer real world problems.

The problem with InviteSignup is the assumption that the wiki admin will know everyone who wishes to join. A previously unknown person could not join the wiki.

The section I wrote was for a detailed purpose (if not expressed clearly): showing how with ConfirmEdit Questy one could do what the ConfirmAccount does. If one can use a Core extension to get rid of the need of another extension, in this case ConfirmAccount, let's make life easier by showing everyone how. Yes, it's not the purpose that ConfirmEdit was designed for, but that just shows the flexibility of the code. My method takes someone a few minutes to set up, if that, while the alternative is loading another extension, creating tables, etc., which is just a waste of time.

Once again I suggest a very detailed subpage on the method & it's purpose (replacing another extension).

All the best. Hopefully I'm providing some clarity that my earlier writing didn't.

Nahiyan8 (talkcontribs)

I would support keeping the information. Here are my main points:

  1. A user of MediaWiki can do what they want or need, whether it's supported or not.
  2. MediaWiki can choose whether to support a method. (If it is sensible of course)
  3. It depends on a wiki's scope whether to add information, guidelines, etc. on such information.

On (1), a MediaWiki user could use it as described, to use QuestyCaptcha as an editting password. I can think of a use-case for this, such as when a wiki-admin decides it is too cumbersome to create accounts by-hand and can simply distribute the key to a group of people who is supposed to edit. Of course, as User:Christharp said, it can provide ease to the wiki-admin, as a they can do what they want, the task should be to make what is sensible, simple? It's a clever idea, one that a clever wiki-admin could figure out for themselves. Ideas such as these should be told to others who may need such a feature, but haven't thought of using it for the purpose of restricting access.

On (2), MediaWiki (and along with it, the Wikimedia Foundation) has their own incentives, and concepts such as free information, open access, the wiki way etc. However, a wiki may have many uses, perhaps it is a private wiki for company-information, or a "personal" wiki which does not concern the rest of the public and is limited to members of a group. It my opinion that some of these incentives should be encouraged but never mandatory for a MediaWiki user.

On (3), MediaWiki.org's sole task is to document the usage of MediaWiki and related software. As this is a clever use that uses the software, it depends on whether they support it (point (2)), or whether they should distribute this information.

Reply to "Reverts on ConfirmEdit's QuestyCaptcha"