securedrop.org icon indicating copy to clipboard operation
securedrop.org copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

Implement spam prevention techniques on instance submission form and contact form

Open msheiny opened this issue 6 years ago • 4 comments

Issue first came up in #441 and #451 is the PR that begins implementation details. Sounds like we have a decision to make regarding prevention of spam to an internet facing form here.

To summarize current debate:

  • The old securedrop.org has some local plugin handling captcha validation logic to prevent spam
  • Should we do something like that or use something like Google ReCaptcha on the new form? Big privacy implications here if we use Google's which I'm not sure we want to take.
  • Throttling via cloudflare has been brought up . Which technically is problematic for two reasons:
  • it will not work if someone accesses the site via tor hidden service.
  • if a nefarious tor user that is hitting the public URL and spamming the form gets throttled/blocked - this will likely block exit nodes for x amount of time.

msheiny avatar Apr 20 '18 16:04 msheiny

Agree a basic Captcha that's not Google would be great here. We do get some unwanted non-Tor traffic from landing pages, and while it doesn't go directly to the forms, sending traffic to Google on any SDO views is still not ideal. If necessary, I would be comfortable launching with a CF throttle only -- I think the initial risk is acceptable -- but let's look at alternatives.

eloquence avatar Apr 20 '18 16:04 eloquence

The old securedrop.org has some local plugin handling captcha validation logic

Good distinction: we should definitely strive for a no-third-parties approach here. This one looks like it'd fit the bill: https://django-simple-captcha.readthedocs.io/en/latest/usage.html, but I defer to @harrislapiroff on applicability.

As for the THS bypass, I'm ok with that for launch. Tor is generally a poor vector for sending high volumes of traffic, and our monitoring is getting strong enough that we should be able to react quickly if we're letting in too much spam.

conorsch avatar Apr 20 '18 16:04 conorsch

So, it turns out that Wagtail actually has Recaptcha enabled for all forms on SDO, they're just blocked from appearing outside the admin UI due to our recently implemented CSP. So right now forms are broken.

Recapping suggested actions:

  • Disable Recaptcha for privacy reasons (and to unbreak site)
  • Handle form throttling via Cloudflare rules for now
  • Post-launch, investigate other captcha options (unless Harris pulls a captcha-shaped rabbit out of his hat)

eloquence avatar Apr 20 '18 19:04 eloquence

[Backlog pruning 5/10] @eloquence This is an old issue. Is spam still an issue the securedrop team is struggling with or can we close?

harrislapiroff avatar May 10 '23 17:05 harrislapiroff