W3C home > Mailing lists > Public > public-rqtf@w3.org > March 2019

RE: Feedback on in-browser CAPTCHA research

From: Scott Hollier <scott@hollier.info>
Date: Thu, 7 Mar 2019 23:59:57 +0000
To: Janina Sajka <janina@rednote.net>, "public-rqtf@w3.org" <public-rqtf@w3.org>
Message-ID: <SN6PR01MB4349E3BF693ABBEF3CC86426DC4C0@SN6PR01MB4349.prod.exchangelabs.com>
To Janina

Yes based on my reading of the tools' website and some forum posts I found, that's an accurate description. My reading of 'in-browser' is that it happens without user interaction as it's a server-side security tool. 

Happy to leave the door open from in the response should the person that raised the issue provide additional information. 

Scott. 

Dr Scott Hollier 
Digital Access Specialist 
Mobile: +61 (0)430 351 909
Web: www.hollier.info
 
Technology for everyone
 
Looking to upskill your staff with digital access training? Fill the room for one flat fee. 
 
Keep up with digital access news by following @scotthollier on Twitter and subscribing to Scott's newsletter. 

-----Original Message-----
From: Janina Sajka <janina@rednote.net> 
Sent: Thursday, 7 March 2019 10:29 PM
To: public-rqtf@w3.org
Subject: Re: Feedback on in-browser CAPTCHA research

Looking at Scott's analysis, I'm thinking we may want to respond to this poster sooner rather than later.

I believe our out of scope response, as discussed at yesterday's telecon, is based on our understanding that the tool is not attempting to distinguish human from robotic users, but rather DOS attacks. There are, of course, many types of malicious actors on the web. Our focus is specifically the reverse Teuring test as opposed to the general proposition that bot attacks should be blocked wherever possible.

There's probably a more elegant way to state this, but I thought it best to respond on list with a first cut.

Janina

Scott Hollier writes:
> To the RQTF
> 
> Following up on my action item, I've had a look at the product discussed in the GitHub feedback. The product is outlined by the website as "a highly available cluster of reverse proxies, filtering traffic to your origin server." While it does focus on stopping bots, its seems to be more of an automated packet sniffer / analytical server-side security tool that focuses on denial-of-service attacks rather than user interaction. I've done a bit of digging in online discussion forums and to date haven't found anything that specifically suggests it has any elements that interac as a public turing testt with the user, so in my opinion it falls outside the scope of our CAPTCHA accessibity discussion.
> 
> Also it looks like I've been accidentally assigned to the wrong response in GitHub - not sure how to reassign it!
> 
> Thanks everyone, look forward to the call later today.
> 
> Scott.
> 
> 
> [Scott Hollier logo]Dr Scott Hollier
> Digital Access Specialist
> Mobile: +61 (0)430 351 909
> Web: www.hollier.info<http://www.hollier.info>
> 
> Technology for everyone
> 
> Looking to upskill your staff with digital access training<http://www.hollier.info/consultancy/>? Fill the room for one flat fee.
> 
> Keep up with digital access news by following @scotthollier on Twitter<https://twitter.com/scotthollier> and subscribing to Scott's newsletter<mailto:newsletter@hollier.info?subject=subscribe>.
> 



-- 

Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa
Received on Friday, 8 March 2019 00:00:26 UTC

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2019 00:00:27 UTC