Excessive reCAPTCHA requests on each issue submission
Summary
I am regularly prompted to solve a reCAPTCHA when submitting new issues. By regularly, I mean almost every single time I submit an issue. I suspect this is due to the fact that I am using a commercial VPN provider, and Google (probably rightly) identifies that a lot of spam comes from other uses of the VPN provider.
Steps to reproduce
It may be hard for others to reproduce, as I suspect it is due to the fact I'm using a commercial VPN provider (PIA). However, every time I try to submit a new issue (or MR) on gitlab.com I am prompted to solve a reCAPTCHA.
Even the most basic issue, on my own private fork, causes GitLab.com to challange me to prove I'm a human. Here is an example issue which caused the anti-spam reCAPTCHA to be shown:
Title: Testing reCAPTCHA
Description: Lets see if I can trigger this without any links in here. Does gitlab think it is spam?
When submitting this via my local ISP rather than the VPN then I am not challenged to solve the reCAPTCHA.
Example Project
The projects I observe this on are all hosted on gitlab.com. Specifically I spend a lot of time at https://gitlab.com/fdroid and its various projects (e.g. fdroidclient and fdroid-website). I also observe it on my personal forks of these projects (e.g. pserwylo/fdroidclient)
In addition, the VPN provider I use is PIA. I'm usually connected to a VPN server somewhere in the US. It doesn't seem to matter where with regards to this issue, I get a high volume of reCAPTCHA requests on GitLab regardless of the VPN server being used.
What is the current bug behavior?
Regularly challenged with a reCAPTCHA when submitting issues.
What is the expected correct behavior?
I'd expect to only get challenged once per day, or maybe even only once for my account. Once I've proved I'm a human I shouldn't need to continue to prove this for each issue I submit.
Despite the usage of a VPN though, I'd have hoped that when I verify that I am not a robot, then GitLab is able to remember this and not require a prompt each time. Perhaps this could be solved by some heuristics around whether I'm trustworthy or not (in descending order of proof that a CAPTCHA should not be required):
- A project is owned by me (in which case who cares if I'm submitting spam)
- I have master/developer permissions for a project (I have been granted a level of trust by other team members)
- I am a logged in user who has solved a CAPTCHA before (GitLab has witnessed me prove that my account belongs to a human before)
Relevant logs and/or screenshots
N/A: Just the reCAPTCHA screen from !8846 (merged) regularly showing up.
Output of checks
This bug happens on GitLab.com
Possible fixes
This feature seems to have been introduced in !8846 (merged), with additional discussion in #21518 (closed).