W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2011

Re: Antw: Re: Example of accessible CAPTCHAS that work well

From: Devarshi Pant <devarshipant@gmail.com>
Date: Fri, 18 Nov 2011 16:38:16 -0500
Message-ID: <CAJGQbjtW8OL_GNwtFtVphF8pTCb5ujLkHyNGSiwWvqXSSUsnBA@mail.gmail.com>
To: Matthew Smith <matt@smiffytech.com>
Cc: "w3c-wai-ig@w3.org" <w3c-wai-ig@w3.org>
Could it be something else but CAPTCHAS? Or would it just be wishful
thinking on my part.
The most glowing implementations of CAPTCHAS still exclude user
groups. Some of you may have experienced it—the curvy characters in
images are hard to read, audio alternatives aren’t good, etc. Any
other flavor will be beaten sooner or later. So, could a simple
solution be the answer?
I think so –
Matthew put it elegantly in his previous post, “my underlying message
is that screening of form submissions should NOT involve user
interaction,”  and some of his suggestions are worth reading.
Mario mentioned the technique that uses CSS, which should be checked
out for screen reader support. Simplicity is the key.
If we really want to make BAD look *good* , to set an example,
accommodate more user groups, etc., we should start thinking about
everything else but CAPTCHA.
By the way, it is quite clear that the big organizations are
penalizing humans / customers. Why are we supposed to take *their*
test—or do their job? Shouldn’t this be dealt at the application
level?
Wikipedia says:
<Spammers pay about $0.80 to $1.20 for each 1,000 solved CAPTCHAs to
companies employing human solvers in Bangladesh, China, India, and
many other developing nations. Other sources cite a price tag of as
low as $0.50 for each 1,000 solved.>
Basically, it is an industry out there with spammers working as hard
as people who are promoting CAPTCHAS / accessible CAPTCHAS.
Bottom-line, say no to CAPTCHAS. There should be other ways to tell
humans apart, not this one.

Thanks,
Devarshi

On 11/18/11, Matthew Smith <matt@smiffytech.com> wrote:
> Quoth Ramón Corominas at 18/11/11 20:14...
>> For high-loaded websites such as Facebook, etc. any CAPTCHA that
>> includes the answer in the question itself is useless as a security
>> control. The spambot can simply try a "bruteforce" attack with every
>> word or number in the question, so at least one of each 3 or 6 times it
>> will succeed.
>
> Looking at this the other way, "solving" the puzzle also requires a
> degree of comprehension on the part of the user, who could quite
> conceivably have learning difficulties, not be familiar with the site
> language and not understand ordinal numbers, etcetera.
>
> Even ignoring this possibility, I am becoming increasingly of the
> opinion that this is wrong because what is a problem for the site owner
> is being shifted onto the user. Or should I say customer. Maybe it is
> time that we stopped using the word 'user' entirely and started saying
> 'customer' instead because, from a business perspective, the shocking
> way in which we are treating these customers would scarcely be tolerated
> in the "normal" business world.
>
> In response to an off-list comment yesterday, I blogged the following,
> for reference: http://smiffy.posterous.com/captcha-there-for-a-reason
>
> Cheers
>
> M
>
> --
> Matthew Smith
>
> Business: http://www.smiffytech.com
> Blog:     http://www.smiffysplace.com
> Linkedin: http://www.linkedin.com/in/smiffy
> Flickr:   http://www.flickr.com/photos/msmiffy
> Twitter:  http://twitter.com/smiffy
>
>
Received on Friday, 18 November 2011 21:38:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 November 2011 21:38:46 GMT