- From: Tex Texin <tex@i18nguy.com>
- Date: Thu, 24 Nov 2005 21:11:11 -0800
- To: wai-xtech@w3.org, W3C Evangelist <public-evangelist@w3.org>
Karl, thanks for drawing attention to the article on CAPTCHA http://www.w3.org/TR/turingtest/ Speaking for myself: CAPTCHA is also a significant problem for international users (as implemented on many sites). Many users are not that adept with latin script characters and find it difficult to distinguish them. Many captcha systems run lines thru the characters or rotate or deform the characters, to hinder automated recognition of the text which further perplexes users that do not have English as a primary language. Limiting the character set to characters that are not so easily confused isn't adequate. Using non-latin characters is also problematic. Ideographic characters by their nature contain more information and are more recognizable by OCR, or if resolution is reduced, users have difficulty distinguishing. Operations that rotate or deform or add lines across characters need to be adapted to different scripts so that they don't make the characters ambiguous. Separately, I think the article offers a weak justification for its conclusions: 1) "The widespread use of CAPTCHA in low-volume, low-resource sites, on the other hand, is unnecessarily damaging to the experience of users with disabilities." Although I agree CAPTCHA is a problem for both users with disabilities and international users, there is no quantification of the potential cost to having a system without CAPTCHA. So it is difficult to see it is unnecessary. The argument is made that CAPTCHA is not perfect, but it would be good if the article talked about the extent of robotic attacks and the significant cost of their creating numerous logins and misusing the sites resources. The recommended spam filtering and heuristics may not be solutions for some sites, and automated attacks quickly adapt to and overcome these techniques as well. 2) Recommending that techniques like PINGUARD "should be scrapped until a reliable method exists", again does not say what the cost to the site is of remaining unprotected. Personally, I would like to see these approaches eliminated, but I also think the W3C is not well served by recommendations to drop (admittedly weak) defense techniques with handwaving arguments and without offering true solutions. The conclusion of the article should have been that there is a tremendous industry need for a solution that does not deny either international users or users with disabilities access, and a call for greater attention to the problem. tex Karl Dubost wrote: > > A quick mail about CAPTCHA. > > In the blog world, site owners have to managed the spam hitting the > comments form. To avoid it, some services or software have created a > system which gives an image to challenge bots and then avoid spam. > > Unfortunately, this method has more than one problem. The WAI has > published a note about this. > > [[[ > Inaccessibility of Visually-Oriented Anti-Robot Tests > Problems and Alternatives > > Abstract > > A common method of limiting access to services made available over > the Web is visual verification of a bitmapped image. This presents a > major problem to users who are blind, have low vision, or have a > learning disability such as dyslexia. This document examines a number > of potential solutions that allow systems to test for human users > while preserving access by users with disabilities. > ]]] > > -- Inaccessibility of Visually-Oriented Anti-Robot Tests > http://www.w3.org/TR/turingtest/ > Wed, 05 Nov 2003 17:22:02 GMT > > -- > Karl Dubost - http://www.w3.org/People/karl/ > W3C Conformance Manager > *** Be Strict To Be Cool ***
Received on Friday, 25 November 2005 05:12:06 UTC