Donation interface is fairly vulnerable to form stuffing. Consider Captcha #7

echarlie · 2021-02-26T21:56:28Z

No description provided.

mutantmonkey · 2021-02-27T23:01:01Z

Do you have a CAPTCHA to suggest that doesn't compromise user privacy? I would like to stay far away from reCAPTCHA.

If possible, I think I would also like to hint on things like User-Agent rather than adding invasive and user-visible measures like a CAPTCHA.

echarlie · 2021-03-01T18:28:20Z

If I had my way, we would not allow online donations of less than 20USD or something substantial enough to deter card testing.

Also, since we're already sending data to stripe, I don't think it further compromises user privacy to adopt a captcha solution or somesuch.

We need to evalutate options here.

mutantmonkey · 2021-03-02T02:50:40Z

I believe that we get a lot of donations less than $20 unfortunately.

Right now we don't send any donation user data to Google. If we adopt reCAPTCHA, then we start doing so.

echarlie transferred this issue from wuvt/wuvt-site May 28, 2021

echarlie mentioned this issue Dec 23, 2021

upgrade stripe checkout version #57

Open

Provide feedback