On Fri, Oct 5, 2012 at 12:32 PM, Steven Walling swalling@wikimedia.org wrote:
I don't know how they do that, but would be willing to consider it, contingent on input from Chris Steipp and Ryan Lane.
My knowledge of this is circa 2009-2011 when I designed and implemented it with Arthur so i'm cc'ing Katie to correct anything that I get wrong. The extension has an internal engine that combines rule sets with a weighted threshold over *when* a user should see the captcha. The system is able to keep track of how many people are seeing captchas and it was/is actively monitored to correct any issues that cause it to go up. In a lot ways think of it in a similar vain as Abuse filter.
Case in point for the fundraiser. We *never* want to show a captcha unless were dead certain its fraud. I like this as captchas are horrible beasts of confusion for most people. They suck on a desktop and just require more typing for people that want legitimate accounts. More steps means less accounts.
I'd also still like to consider alternatives to CAPTCHA entirely. Cf. https://www.mediawiki.org/wiki/Requests_for_comment/CAPTCHA
Sure but my point is that we *shouldn't* even show a captcha unless were dead certain that the user in question has done something suspicious. Most cases do not require them.
--tomasz