W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2011

Re: Antw: Re: Example of accessible CAPTCHAS that work well

From: Denis Boudreau <dboudreau@accessibiliteweb.com>
Date: Thu, 17 Nov 2011 16:29:12 -0500
Cc: Karl Groves <karl@karlgroves.com>, Phill Jenkins <pjenkins@us.ibm.com>, "Patrick H. Lauke" <redux@splintered.co.uk>, w3c-wai-ig@w3.org
Message-id: <201643CE-D1CB-4FD0-949F-D6ECF82D7149@accessibiliteweb.com>
To: Mario Batusic <Mario.Batusic@jku.at>
Hi Mario,

This is all very well for small sites (we've been using the very same technique on our website since 2007 and I don't recall ever getting a single sap mail on it), but such strategy on big important websites wouldn't even last long enough for you to measure how effective it could prove to be. 

Those sites (think Facebook for instance) are under constant surveillance to find weak spots and such things (called honeypots) are very easy to detect. Therefore,  spammers do what they'Re good at and soon enough the bots keep coming back and know how to avoid the traps and go right through.

/Denis




On 2011-11-17, at 4:22 PM, Mario Batusic wrote:

> Hi!
> Short time ago I found a CMS Drupal module with a very nice captcha implementation. This one lets the users unbothered. The idea is simple: in the form there is an additional field for this fake captcha. The field is hidden from the user in the CSS. The normal bots ignore CSS and fill all fields with some garbage. If the submitted form check finds the hidden field filled with data, the form is discarded.
>  
> Ciao     Mario
> 
> >>> Karl Groves <karl@karlgroves.com> schrieb am 17.11.11 um 21:52 in Nachricht <CABScKPAcc26E5rsdZ+FpTLyLrMX4Z-9FkwUVPhYg5wPvTMrbrg@mail.gmail.com>:
> The Smashing Magazine article cited by Phil and Jennifer is a good one
> and one which should be shared among those who advocate for CAPTCHA.
> I question whether many of the so-called alternatives are truly
> alternative in security.  I think the article is honest regarding each
> method's strength and weaknesses.
> 
> As a developer myself, fighting spam and abuse is an ongoing battle
> that most people (even most web designers) really know little about.
> I've worked with clients whose sites get 10,000 pageviews per second.
> Companies like that are under constant barrage from people trying to
> gain illegitimate access to their resources.  We need to keep this in
> mind when discussing potential alternatives to CAPTCHA.
> 
> I'm by no means an advocate for CAPTCHA. I don't use it and never
> have.  But we need to keep in mind that some so-called "alternatives"
> really are not alternative in terms of security, and any proposed
> alternative should offer an equivalent level of security while also
> being accessible.
> 
> Karl
> 
> 
> On Thu, Nov 17, 2011 at 2:24 PM, Phill Jenkins <pjenkins@us.ibm.com> wrote:
> > This March 2011 article is worth reading
> > http://coding.smashingmagazine.com/2011/03/04/in-search-of-the-perfect-captcha/
> >
> > several alternatives to CAPTCHAS discussed.
> >
> > Regards,
> > Phill Jenkins,
> >
> >
> >
> >
> >
> > From:        Denis Boudreau <dboudreau@accessibiliteweb.com>
> > To:        "Patrick H. Lauke" <redux@splintered.co.uk>
> > Cc:        w3c-wai-ig@w3.org
> > Date:        11/17/2011 12:39 PM
> > Subject:        Re: Example of accessible CAPTCHAS that work well
> > ________________________________
> >
> >
> > Hello all,
> >
> > On 2011-11-17, at 12:24 PM, Patrick H. Lauke wrote:
> >
> >> On 17/11/2011 16:12, Ginger Claassen wrote:
> >>> Regarding accessible CAPTCHAS I found a very few so far where one has to
> >>> solve a very simple mathmatical question e.g. How much is 3 + 4?
> >>> In my opinion that is quite accessible or do I oversee something here?
> >>
> >> Could it pose problems for users with cognitive disabilities? And
> >> generally just weird out users ("why is this website asking me this?") and
> >> require lengthy explanation? My mum would be left wondering, anyway...
> >
> > Not only that, but the easier those equations are, the easier bots can crack
> > them too. So we're rapidly back to square one.
> >
> > /Denis
> >
> >
> >
> >
> 
Received on Thursday, 17 November 2011 21:29:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 November 2011 21:29:46 GMT