W3C home > Mailing lists > Public > public-html-a11y@w3.org > March 2010

RE: keep CAPTCHA out of HTML5

From: John Foliot <jfoliot@stanford.edu>
Date: Wed, 17 Mar 2010 15:38:08 -0700 (PDT)
To: "'Silvia Pfeiffer'" <silviapfeiffer1@gmail.com>, "'Matt May'" <mattmay@adobe.com>
Cc: "'Gregory J. Rosmaita'" <oedipus@hicom.net>, <public-html-a11y@w3.org>
Message-ID: <031501cac622$849893e0$8dc9bba0$@edu>
Silvia Pfeiffer wrote:
> So CAPTCHAs really need to introduce another dimension aside from the
> visual and the aural - the tactile - and provide a braille CAPTCHA of
> some sort. Sounds like a nice research project to me...

Hi Silvia,

This is (IMHO) the wrong path to be following - it's a prescriptive path
with diminishing returns as it assumes that all deaf/blind users will
actually be able to read Braille. It's targeting specific end-users,
rather than targeting the actual problem statement which is, "how do we
determine that any given user is a human and not a machine"?

> I checked the spec and CAPTCHA is used as an example of an img element
> that doesn't have a @alt description. I guess that is a fair enough
> example.
> Maybe we could propose to add a sentence underneath that example to
> state that the use of CAPTCHAs is not encouraged by the W3C for all
> the reasons mentioned here? Namely it's just "security by obscurity",
> people have problems deciphering them and deaf-blind users have no
> means of dealing with them (at least until the introduction of a
> braille dimension to CAPTCHAs).

I note that Laura just posted the related bits and bobs that currently
surround this issue in HTML5. For many of us, "don't use CAPTCHAs - the
end" is the answer rather than trying to repair a broken tool that fails
on its basic premise on many levels; it is going to be inaccessible to
groups of users (what of low-vision users who don't read Braille?), it
fails on real security, it shifts anti-spamming problems onto your users
rather than dealing with it internally, and on, and on, and on. Matt may
wrote a great piece on this a few years back:

If I got 3 wishes to modify anything in HTML5 I wanted, I'd have a hard
time deciding, but if making CAPTCHAs be non-conforming entities was an
option, that would likely make my personal short list.

Received on Wednesday, 17 March 2010 22:38:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:55:33 UTC