W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2011

Re: Antw: Re: Example of accessible CAPTCHAS that work well

From: Matthew Smith <matt@smiffytech.com>
Date: Sat, 19 Nov 2011 06:14:56 +1030
Message-ID: <4EC6B5B8.3030305@smiffytech.com>
To: "w3c-wai-ig@w3.org" <w3c-wai-ig@w3.org>
Quoth Ramón Corominas at 18/11/11 20:14...
> For high-loaded websites such as Facebook, etc. any CAPTCHA that
> includes the answer in the question itself is useless as a security
> control. The spambot can simply try a "bruteforce" attack with every
> word or number in the question, so at least one of each 3 or 6 times it
> will succeed.

Looking at this the other way, "solving" the puzzle also requires a 
degree of comprehension on the part of the user, who could quite 
conceivably have learning difficulties, not be familiar with the site 
language and not understand ordinal numbers, etcetera.

Even ignoring this possibility, I am becoming increasingly of the 
opinion that this is wrong because what is a problem for the site owner 
is being shifted onto the user. Or should I say customer. Maybe it is 
time that we stopped using the word 'user' entirely and started saying 
'customer' instead because, from a business perspective, the shocking 
way in which we are treating these customers would scarcely be tolerated 
in the "normal" business world.

In response to an off-list comment yesterday, I blogged the following, 
for reference: http://smiffy.posterous.com/captcha-there-for-a-reason

Cheers

M

-- 
Matthew Smith

Business: http://www.smiffytech.com
Blog:     http://www.smiffysplace.com
Linkedin: http://www.linkedin.com/in/smiffy
Flickr:   http://www.flickr.com/photos/msmiffy
Twitter:  http://twitter.com/smiffy
Received on Friday, 18 November 2011 19:45:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 November 2011 19:45:34 GMT