On April 2, 2018, Acquia retired Mollom, a spam fighting tool built by Drupal founder Dries Buytaert. As Dries tells the story, Mollom was both a technical and financial success but was ultimately shut down to enable Acquia to deploy its resources more strategically. At its peak, Mollom served over 60,000 websites, including many of ours!
Many sites are looking for alternatives now that Mollom is shut down. One such service Commerce Guys integrated earlier this year in anticipation of Mollom's closing is Human Presence, a fraud prevention and form protection service that uses multiple overlapping strategies to fight form spam. In the context of Drupal, this includes protecting user registration and login forms, content creation forms, contact forms, and more.
Similar to Mollom, Human Presence evaluates various parameters of a visitor's session to decide if the visitor is a human or a bot. When a protected form is submitted, the Drupal module requests a "human presence" confidence rating from the API (hence the name), and if the response does not meet a configurable confidence threshold, it will block form submission or let you configure additional validation steps if you choose. For example, out of the box, the module integrates the CAPTCHA module to rebuild the submitted form with a CAPTCHA that must be completed before the form will submit.
We believe Human Presence is a great tool to integrate on its own or in conjunction with other standalone modules like Honeypot. Furthermore, they're joining other companies like Authorize.Net, Avalara, and PayPal as Drupal Commerce Technology Partners. Their integration includes support for protecting shopping cart and checkout forms, and we are looking for other ways they can help us combat payment fraud in addition to spam.
Learn more about Human Presence or reach the company's support engineer through their project page on drupal.org.
Good catch Ryan!
Good catch Ryan! Congratulations for catching the opportunity of trying to fill the gap Mollom created.
I wasn't a heavy user of Mollom but I can still find two things that are negative in Human Presence, though, as a replacement for Mollom.
The first one is that Mollom was given for free, whereas Human Presence is a payed alternative. I very well know that for something to stay properly supported, sometimes it has to be payed, but it still is a con if compared with Mollom which had a free version.
Sounds like it's doing
Sounds like it's doing similar things, though bots could still spoof it if they were written to trigger those behaviors. I think the primary advantage of a third party service here, whether it's Human Presence, reCAPTCHA, (Mollom), etc., is the use of a central database to compare IP addresses and behavioral patterns against known bad actors. It's basically an additional layer of protection that improves over time.
I suppose that depending on the level of anonymization applied by Human Presence you will have to provide either an opt-in or an opt-out option to visitors from the EU.
Or at the very least notify visitors that their behaviour is being monitored by a third party so they can make an informed decision on whether to continue using the site or not.
Absolutely @JvE! Human
Absolutely @JvE! Human Presence does provide opt-out links for any consumer of the service (ie the end user visiting the website where HP may be used) in their terms of service. Additionally, though the behavior monitoring collects mainly anonymized timing and movement data, cookies will need to be created to establish user sessions to analyze, track and map the data to and as such it is also recommended that the site owner provide their end users with sufficient notification of cookie usage and the opt-outs available to them on their site.