W3C home > Mailing lists > Public > public-rqtf@w3.org > March 2019

Re: New open issues in response to draft note on CAPTCHA

From: Janina Sajka <janina@rednote.net>
Date: Mon, 11 Mar 2019 09:53:35 -0400
To: "White, Jason J" <jjwhite@ets.org>
Cc: "public-rqtf@w3.org" <public-rqtf@w3.org>
Message-ID: <20190311135335.GN2765@rednote.net>
I think this is correct, Jason.

I have learned a new buzzword from following up on this post:
"behavioral biometrics." I think those are the ones that would gives us
most concern, at least on first blush. Seems IBM is among companies
involved in that:

https://www.finextra.com/pressarticle/66842/ibm-adds-behavioural-biometrics-to-security-suite


The above is dated 2016, so relatively recent.

Janina

White, Jason J writes:
> Thank you, Janina. A further aspect of the biometrics issue is that, to the best of my knowledge, the biometric data are not shared directly with the party requesting authentication. They are, instead, processed locally by the user's device, and the authentication itself takes place via cryptographic protocols.
> 
> I'll readily admit that I am not acquainted with the details.
> 
> ´╗┐On 3/11/19, 09:17, "Janina Sajka" <janina@rednote.net> wrote:
> 
>     Thanks, Jason.
> 
>     As I continue to consider the comment we received, I believe we're being
>     asked to say more about further developments in biometrics. Possible
>     plain language example is that fingerprint sensors could validate not
>     only a pattern match in the ridges and valleys that constitute the
>     traditional fingerprint, but also the presence of a pulse and, blood
>     flow, and body heat. These would not be available should someone create
>     a mold from fingerprints left on objects.
> 
>     I think that's one aspect of the post.
> 
> 
>     Perhaps even more interesting is his pointer to work attempting to
> 
>     enhance privacy while supporting noninteractive authentication. He gives
>     this pointer while suggesting this is just one scheme among several:
> 
>     https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprivacypass.github.io&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=zp2oRRpiFffSNburYtGrzFI5CaPOZOVbmRa9vX3ZGgk%3D&amp;reserved=0
> 
> 
>     I wonder whether we need do much more than note people are working on
>     such things, and that noninteractive mechanisms that also protect
>     individual privacy would be welcome.
> 
> 
>     The mechanism at the above URI seems different from reCAPTCHA V. 2 in
>     that it isn't analyzing how users interact with their devices.
> 
>     That's as far as I've gotten with these latest comments. I welcome
>     further discussion. Perhaps, should we find we need to say more, we
>     might need a consult from W3C privacy or authentication people.
> 
>     Janina
> 
>     White, Jason J writes:
>     > I'll add these issues to our agenda for next week's meeting. All Task Force participants are welcome to review and comment on the list in the meantime.
>     >
>     > On 3/8/19, 19:50, "Janina Sajka" <janina@rednote.net> wrote:
>     >
>     >     Thanks for the heads up, Jason. Yes, I do see three substantive comments
>     >     from the same poster in the past day or so. I find his writing a bit
>     >     hard to grok, but it seems there are some good points. We'll need to
>     >     study these and discuss.
>     >
>     >     You may be correct about another publication round.
>     >
>     >     Janina
>     >
>     >     White, Jason J writes:
>     >     > Dear colleagues,
>     >     >
>     >     > Please note that new issues have been opened on GitHub containing public comments on our "CAPTCHA" draft.
>     >     >
>     >     > All of the issues can be reviewed here:
>     >     > https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fapa%2Fissues&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=QUNVCNGArUmavWsV4S8t1W2HW2M9swnHYiTkkyS7bFE%3D&amp;reserved=0
>     >     >
>     >     >
>     >     > ________________________________
>     >     >
>     >     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
>     >     >
>     >     >
>     >     > Thank you for your compliance.
>     >     >
>     >     > ________________________________
>     >
>     >     --
>     >
>     >     Janina Sajka
>     >
>     >     Linux Foundation Fellow
>     >     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7Cc0ad0d4027d44575d02908d6a429447f%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636876894492439672&amp;sdata=YH2YalHc9NB7v9dCpw4v3li%2FjLMnNsosdydjrxgZ%2Bs4%3D&amp;reserved=0
>     >
>     >     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
>     >     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7Cc0ad0d4027d44575d02908d6a429447f%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636876894492439672&amp;sdata=uvt%2BD2YXgp0qDm0Pn4xreJwdSKI16QtMcSr9RnZNrRk%3D&amp;reserved=0
>     >
>     >
>     >
>     >
>     >
>     > ________________________________
>     >
>     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
>     >
>     >
>     > Thank you for your compliance.
>     >
>     > ________________________________
> 
>     --
> 
>     Janina Sajka
> 
>     Linux Foundation Fellow
>     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=zeqBIzZCDyPe%2FZ4Kxh2tvenq5O9OWxaB6yrPw9HwpRs%3D&amp;reserved=0
> 
>     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
>     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=bXbOMlqBA3PpWWHOmUYVWHCnU5Mgzpa4o2rBFk7rsrY%3D&amp;reserved=0
> 
> 
> 
> 
> ________________________________
> 
> This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
> 
> 
> Thank you for your compliance.
> 
> ________________________________

-- 

Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa
Received on Monday, 11 March 2019 13:54:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 11 March 2019 13:54:04 UTC