Replies: 1 comment
-
needs from users: I think we heard of the need to not spam them, which is different than allowing validated credentials ("I am not a robot" is a good solution here, and unvalidated e-mails / phones seem an overkill at our stage). However, if we start sending e-mailst/texts to residents, we must validate those, since this, too, can be used to spam innocent bystanders (I can complain 100 times using your phone #), or at least allow unsubscribing from a specific issue / everything to any number/e-mail. Anonymous - by law, most jurisdictions have to allow anonymous submissions. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In #32 we have a description of implementing the most basic form of validation that an entity submitting a request is a real person.
Another approach - verifying email and phone as part of the submission - addresses a large part of the "I'm not a robot" scenario, and additionally, ensure that the admins of the 311 system have verified contact data for people who submit requests.
Implementation
We've already seen some systems have this. I don't think we know how widely used this is. In this case, we implement a classic login/register flow as part of the form to submit a request. The registration gives us at least one communication channel that we verify.
At first glance it seems this is only applicable for web form submissions, but, when we consider the other channels of request inputs we want to support (SMS, Email, social media chat, etc etc), many of those inputs we can already get valid credentials to create a PublicUser entity behind the scenes, as we can trust we have a valid contact method.
When a user does not have an account, we can one of (i) eagerly validate an email or phone that is entered into the form pre submission, or (ii) validate as part of submission and only complete the submission when the user verifies. If the user chooses to submit anonymously, we can bypass validation.
We probably need to think on the following:
References
Some background at #7 and #8 and #6
Beta Was this translation helpful? Give feedback.
All reactions