- From: Denis Boudreau <dboudreau@accessibiliteweb.com>
- Date: Thu, 17 Nov 2011 13:52:05 -0500
- To: Robert Yonaitis <ryonaitis@gmail.com>
- Cc: wai-eo-editors@w3.org
- Message-id: <5FBF27D7-9446-4DC3-85C1-17FAC1F4665A@accessibiliteweb.com>
Hi again, OK, let's take security out for the moment, though I still think that without it, even the most accessible captcha is useless. Let's focus on accessibility instead. Better yet, requirements. WCAG 2.0 SC 1.1.1 says the following on Captchas: "CAPTCHA: If the purpose of non-text content is to confirm that content is being accessed by a person rather than a computer, then text alternatives that identify and describe the purpose of the non-text content are provided, and alternative forms of CAPTCHA using output modes for different types of sensory perception are provided to accommodate different disabilities." The related sufficient techniques are pretty straight forward in theory: G143: Providing a text alternative that describes the purpose of the CAPTCHA G144: Ensuring that the Web Page contains another CAPTCHA serving the same purpose using a different modality Both need to be met in order for WCAG 2.0 conformance to be a success. On paper, that sounds like a really easy thing to do. However, I have yet to see a working example of this. Of all the possible alternatives that have been thought of in the past 10 years, none truly come close. Images are harder and harder to make out, sound files are harder and harder to hear, and I'm not even talking about ridiculous options like rotating 3d content in video and color based recognition of characters. A lot of creativity is put into making a new alternative hoping it would catch on, but every time, it's another accessibility nightmare. When every other alternatives still leaves people out, what is your option? Provide a phone number people can use? Hardly a satisfactory option as far as I'm concerned. I'm not saying we dump WCAG2. I'm only saying that SC 1.1.1 alone is insufficient to solve the captcha problem. I fail to see how this can be simple and obviously, quite a fe of us do too, otherwise this problem would have been solved a long time ago. >From an engineer's stand point then, if it's easy and not complex, what would you suggest? /Denis On 2011-11-17, at 1:36 PM, Robert Yonaitis wrote: > if we want to talk security and percentages - both I am qualified to do it is a different list and nothing to do with accessibility. > > An accessibility reasoning for a value judgement is short sighted and misplaced when something is accessible according to the guidelines. > > Denis - I think you made a odd statement - dump wcag 2 as it does not mean something is accessible. We all want a perfect world but denis as an engineer i deal with realities and guidlines matter - captchas are accessible and meet guidelines. if you remove this what can i code to? > > this is very simple and not complex. > > cheers, > rob > > On Nov 17, 2011 1:27 PM, "Denis Boudreau" <dboudreau@accessibiliteweb.com> wrote: > Rob, > > I see your point, but I feel it's a little more complicated than that. > > An accessible captcha is useless if it's not secure. Organizations wouldn't go for it and those who would be quickly be flooded with spam. Security and accessibility have to go hand in hand here. > > Also, your focus seems to be on conformance to wcag2. My focus is conformance AND accessibility. So I couldn't care less about a compliant solution, if it's still unusable by a significant portion of the population. > > /Denis > > > > > On 2011-11-17, at 1:15 PM, Robert Yonaitis wrote: > >> Denis, >> >> First I would say drop security please and deal with accessibilty alone. You would be making a false statement to say that if you follow wcag 2 your site will be accessible to every one - correct? Is captcha accessible within the guidelines. yes. >> >> Does anything else matter. If yes we are talking politics right. Let us leave this to politicians. Captchas are accessible according to wcag 2 - i will not address usable and they do serve a valuable real world purpose. >> >> V/R >> Rob Yonaitis >> >> On Nov 17, 2011 1:04 PM, "Denis Boudreau" <dboudreau@accessibiliteweb.com> wrote: >> Hi Rob, >> >> On 2011-11-17, at 11:38 AM, Robert Yonaitis wrote: >> >> > Personally, I have sat on the fence between technology, privacy, >> > security and usability for a couple decades. I believe that when >> > discussing accessibility (A11y) we need to be inclusive. If we are >> > saying that Captchas are not usable that is one thing. There are >> > plenty of things that are not usable. If we are discussing if captchas >> > can be made accessible than the answer has to be yes. >> >> Of course, I stand by you when it comes to inclusion. I totally agree. However, I have yet to see one captcha example that actually is accessible to everyone and secure enough to be a viable option. In all modesty, the closest I've seen so far is our attempt at creating a device independent captcha slider last year - distcha [1] - with the canadian government and even that still fails a few requirements in terms of robustness... >> >> [1] http://tbs-sct.ircan-rican.gc.ca/projects/gcwwwcaptcha/roadmap >> >> Until I see one (or we come up with a solution that works perfectly), I just cannot admit to it. >> >> >> > The W3C Accessibility Initiatives should not be in the business of >> > promoting or excluding individual technologies because they do not >> > approve of their usability or features, in fact if the W3C wants a >> > broader acceptance for their efforts they should help all technologies >> > be accessible a great example would be ARIA. >> >> I disagree. I believe it IS the responsibility of the WAI to raise awareness about the limitations of "solutions" like captcha and they have done so in the past (refer to Matt May's note from 2005: http://www.w3.org/TR/turingtest/). If not on the WAI level, then at least in EOWG. >> >> The idea is not necessarily to say flat out that captchas are evil (though they are, we're amongst ourselves, let's call a cat a cat), but at the very least, not to promote it's use by suggesting a "viable solution" in the GOOD/BAD demo that in fact, wouldn't necessarily be viable or accessible. >> >> As you very well know, it's not just a matter of invoking Aria, the mighty Viking goddess of opera (as depicted in WebAIM's presentations), for captchas to magically work out. Aria is great, but it requires technologies that support it and users who can access those technologies, two situations that are far from perfect today. >> >> I'm all for looking into or building solutions using aria that will work tomorrow (distcha again was an example of this), but in the meantime, we all need a solution that actually works today, with yesterday's technologies. >> >> And none does. So I stand my ground. ;p >> >> >> > In the end captchas like >> > them em or not can be made accessible and do serve a purpose isn't the >> > rest simply opinion. >> >> Please provide me with one working example that would make me change my mind. Just one. A lot of us really need it. >> >> >> > I believe if the W3C started looking at things this way there would be >> > a wider buy in amongst engineers. In the end the best document will be >> > the inclusive document IMHO. >> >> I believe the W3C already does it's job. Of course, more can always be done. But it's not entirely up to them to solve all the world's problems too. >> >> If there were just a few private interests looking into captcha that actually understood accessibility, we wouldn't have so many crappy alternatives to captchas out there that are ust as bad (if not worse) and that just keep pushing the boundaries of exclusion further and further back for people with disabilities. >> >> Regards, >> >> /Denis >> >> >
Received on Thursday, 17 November 2011 18:52:30 UTC