I would be really strongly opposed to the introduction of any kind of third-party browser fingerprinting technology into Wikimedia sites (which seems to be effectively what Cloudflare Turnstile is). Their marketing gumpf about "not harvesting information" does not really track with their technical definition which seems to indicate that this technology would use an invasive unique Javascript-based browser fingerprint to determine if the user is a bot.
Wikimedia sites are often afforded a lot more trust than most other random sites on the internet, which in turn means that for a lot of users, a small amount of information about their activity on Wikimedia would be sufficient to uniquely identify them. Allowing third-party sites to abuse this implicit trust that many people have on Wikimedia sites and profile and track our users is a step in the wrong direction in my honest opinion.
Sohom Datta
---
Open-source contributor @Wikimedia, @Chromium
Hello all,
I would like to draw your attention to task
T333770 I created several months ago, for evaluating Cloudflare Turnstile as an alternative to Wikimedia's Fancy Captcha which is broken in
multiple ways.
This is just my suggestion from a volunteer's perspective. I can see growing adoption of Turnstile in the wild (like Bing AI) in the past months, and it looks like a good balance between accessibility and bot-stopping ability. Consequently, it may better fit us than hCaptcha.
I have described the pros and cons in the task. Hope somebody responsible for this area could take a look at this alternative. It will be much appreciated!
Best,
Diskdance
_______________________________________________
Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org
To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/