Description
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | Universal_Omega | T8335 Investigate issues with ReCaptcha v3 | ||
| Declined | Reception123 | T8375 Migrate to ReCaptcha Enterprise |
Event Timeline
The only solution seems to be for someone to use their personal card as there is no other company card other than the one I currently have.
Please co-ordinate with @Reception123 to share a code you should see when a very small (1 cent to 1 dollar) payment goes through in next few days.
It now says Mandate pending. I'm not sure if anything shows as pending on your side @Owen or if it's just slow to fully clear.
@Reception123 authorised their personal email and not @miraheze.org so we have to start again.
We enabled account creation on beta and it gives "http" as the error code for the new code that actually has the benefits.
The key has been upgraded today allowing 3,333 Assesments/day. I would suggest we leave 48-72 hours from when the key was upgraded before pushing it to production assuming the issues get fixed to ensure it's fully synced and new data from enterprise is in the dashboards.
I have updated the AC request form to ask for the full error in preparation and we now have a column on the tracking sheet for marking captchas as good when forms come through.
I will look into this further next week. I'll be out of town tomorrow through Tuesday.
This needs consensus. Adding ReCaptcha is a terrible idea for multiple reasons and needs consensus onwiki, not just add it behind the scenes
First of all, regarding consensus, captcha is a technical aspect and as such is maintained by SRE. You are free to open a discussion on Meta for the community to propose a change in approach to SRE which will then be considered.
Second, we have had ReCaptcha since the start of Miraheze and the community has not yet discussed changing it, so SRE cannot simply assume that the community is against minor changes/upgrades to ReCaptcha, it would almost be as if we had to ask every time an extension was being upgraded.
Third, ReCaptcha Enterprise vs. ReCaptcha v3 is not different when it comes to user aspects. (If you mean ReCaptcha v2 and v3 then yes)
Fourth, "Adding ReCaptcha is a terrible idea" suggests that we do not already have ReCaptcha, which we do. And not having ReCaptcha would in my opinion be a really bad idea and would mean we would get a very large amount of spambots every day and have CVT and local administrators dedicating large portions of their time handling that. But as I say, if that is your view you are free to host a discussion on Meta for SRE to be able to determine if there is a change in the community's view regarding ReCapthca.
How did you somehow turn "Adding ReCaptcha is a terrible idea" into "having a captcha is a terrible idea"?
??????
I never suggested adding ReCaptcha!
Do you think ReCaptcha is the only captcha? I was pretty clear: don't use ReCaptcha, no objection to any other type of captcha
I understand. My point was that ReCaptcha has been used since Miraheze was created and so no extra 'consensus' is needed in support of it. If you want us to change captcha, you are free to open a consultation on Meta for the community to express their views, but as I say we assume that if the community was not expressed a few on the matter they agree with ReCaptcha and until they do that will be the assumption.
There is no user facing change as a result of this task. Its aim is to provide better logging to us so we can debug when it stops working.
During the past few weeks, there has been a decrease of requests (discounting requests that didn't need actioning because the users managed to create the accounts after retrying + requests from China). On average, these would be less than 1 user per week (from 18 April to now there have only been 7 'successful' requests). Therefore, because it is less of an issue and inevitably some users will be caught by captcha, I think the best option for now is lowering the priority for this task to low. If requests were to increase again, this can be moved back to normal.
The main issue now is users from China and there haven't really been many issues with regular users at all, so this is likely not needed anymore.