W3C home > Mailing lists > Public > public-html-a11y@w3.org > March 2010

Re: keep CAPTCHA out of HTML5

From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Thu, 18 Mar 2010 09:24:36 +1100
Message-ID: <2c0e02831003171524o106c9b7dg79d7b7aec7fee04e@mail.gmail.com>
To: John Foliot <jfoliot@stanford.edu>
Cc: "Gregory J. Rosmaita" <oedipus@hicom.net>, public-html-a11y@w3.org
On Thu, Mar 18, 2010 at 8:34 AM, John Foliot <jfoliot@stanford.edu> wrote:
> Silvia Pfeiffer [mailto:silviapfeiffer1@gmail.com]
>> Very interesting indeed. It seems to indeed be a big accessibility
>> challenge.
>> Do images get transferred onto braille at all? Could it be done
>> pixel-wise? I'm wondering if there could be a technical solution, even
>> if it doesn't exist yet.
> I've seen some interesting experiments with tactile processing of maps,
> etc., but the detail is also limited in some ways due to the amount of
> visual data required to be conveyed. Most of those experiments relied on
> some basic form outline's over-laid with image-map like area data. In
> situations such as where we normally see CAPTCHA's used that additional
> data would likely not be provided by the author.
> The problem with any kind of OCR-like solution here is that it is a race
> to the bottom - if OCR does get better, CAPTCHA's will continue to get
> increasingly complex to frustrate that improvement - a vicious circle with
> no end in sight. At some point, the CAPTCHAs also become increasingly
> difficult for sighted users to negotiate, further frustrating your user
> base.  The foundation of the solution is flawed, thus any implementation
> of that solution will also be flawed: being able to discern what a series
> of glyphs represent does not represent cognition, which is what CAPTCHAs
> are trying to determine (man vs. machine).
> I personally hold out more help for distributed authentication schemes
> such as OAuth, etc. which requires a one-time determination of
> 'authenticity' of your human-ness, after which you have a social key that
> can be used inter-changingly. We are already starting to see solutions
> like this emerge, where you can 'log-in' to locations using your FaceBook
> account, G-Mail account, your twitter username etc.
> Establishing disabled-user support groups as CA like entities could help
> here (for example, the RNIB could assist non-sighted users in the UK by
> confirming them with an OAuth profile, which they then could use) -
> ultimately what we have here (I believe) is a social issue, which will
> require a social solution

I understand Gregory's concerns now.

I checked the spec and CAPTCHA is used as an example of an img element
that doesn't have a @alt description. I guess that is a fair enough

Maybe we could propose to add a sentence underneath that example to
state that the use of CAPTCHAs is not encouraged by the W3C for all
the reasons mentioned here? Namely it's just "security by obscurity",
people have problems deciphering them and deaf-blind users have no
means of dealing with them (at least until the introduction of a
braille dimension to CAPTCHAs).

Received on Wednesday, 17 March 2010 22:25:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:55:33 UTC