- From: Charles McCathieNevile <chaals@opera.com>
- Date: Thu, 18 Mar 2010 17:44:34 +0100
- To: "Silvia Pfeiffer" <silviapfeiffer1@gmail.com>, "Steven Faulkner" <faulkner.steve@gmail.com>
- Cc: "John Foliot" <jfoliot@stanford.edu>, "Gregory J. Rosmaita" <oedipus@hicom.net>, public-html-a11y@w3.org
On Wed, 17 Mar 2010 23:28:17 +0100, Steven Faulkner
<faulkner.steve@gmail.com> wrote:
> Hi laura, I am happy to modify the example to include warnings about the
> essential inaccessibility of captcha and recommend it not be used, but
> think that for cases when it is used, advice on how to make it accessible
> as possible is still a good thing.
Agreed. CAPTCHAs are bad. But they also solve a real problem, and working
out an alternative solution is important. Rather than removing the example
(which I think will lead to people assuming that you can just leave alt
off CAPTCHA images) it should explain what sort of alt can improve the
accessibility of the CAPTCHA. http://cssquirrel.com shows one example
technique - making the question one based on processing a question. A
related example is mathematical questions.
(More detailed thoughts:
Although they are not foolproof, we find that CAPTCHAs are, in certain
important cases (generally the ones involving broad exposure to the
public, like commenting on blogs) actually reasonably succesful in
reducing spam. (I.e. they don't stop it, but they reduce it by orders of
magnitude, which allows the human filtering processes we add to have a
chance of keeping up with the work).
There are some CAPTCHAs which are tests of cognition - asking questions.
We have used simple mathematical questions. Kyle Weems' CSSquirrel
cartoons ask readers to identify a certain image from a set - they do
contain alt text explaining what they are, but increase the cognitive leap
and required background knowledge. All of these schemes are vulnerable to
eventual cracking, and authentication solutions are great - but it turns
out that a lot of authentication solutions, in order to allow scalability,
need a shortcut to determine whether someone is a human - so they use a
CAPTCHA.
cheers
Chaals
> regards
> steve
> On 17 March 2010 18:24, Silvia Pfeiffer <silviapfeiffer1@gmail.com>
> wrote:
>
>> On Thu, Mar 18, 2010 at 8:34 AM, John Foliot <jfoliot@stanford.edu>
>> wrote:
>> > Silvia Pfeiffer [mailto:silviapfeiffer1@gmail.com]
>> >>
>> >> Very interesting indeed. It seems to indeed be a big accessibility
>> >> challenge.
>> >>
>> >> Do images get transferred onto braille at all? Could it be done
>> >> pixel-wise? I'm wondering if there could be a technical solution,
>> even
>> >> if it doesn't exist yet.
>> >
>> > I've seen some interesting experiments with tactile processing of
>> maps,
>> > etc., but the detail is also limited in some ways due to the amount of
>> > visual data required to be conveyed. Most of those experiments relied
>> on
>> > some basic form outline's over-laid with image-map like area data. In
>> > situations such as where we normally see CAPTCHA's used that
>> additional
>> > data would likely not be provided by the author.
>> >
>> > The problem with any kind of OCR-like solution here is that it is a
>> race
>> > to the bottom - if OCR does get better, CAPTCHA's will continue to get
>> > increasingly complex to frustrate that improvement - a vicious circle
>> with
>> > no end in sight. At some point, the CAPTCHAs also become increasingly
>> > difficult for sighted users to negotiate, further frustrating your
>> user
>> > base. The foundation of the solution is flawed, thus any
>> implementation
>> > of that solution will also be flawed: being able to discern what a
>> series
>> > of glyphs represent does not represent cognition, which is what
>> CAPTCHAs
>> > are trying to determine (man vs. machine).
>> >
>> > I personally hold out more help for distributed authentication schemes
>> > such as OAuth, etc. which requires a one-time determination of
>> > 'authenticity' of your human-ness, after which you have a social key
>> that
>> > can be used inter-changingly. We are already starting to see solutions
>> > like this emerge, where you can 'log-in' to locations using your
>> FaceBook
>> > account, G-Mail account, your twitter username etc.
>> >
>> > Establishing disabled-user support groups as CA like entities could
>> help
>> > here (for example, the RNIB could assist non-sighted users in the UK
>> by
>> > confirming them with an OAuth profile, which they then could use) -
>> > ultimately what we have here (I believe) is a social issue, which will
>> > require a social solution
>>
>>
>> I understand Gregory's concerns now.
>>
>> I checked the spec and CAPTCHA is used as an example of an img element
>> that doesn't have a @alt description. I guess that is a fair enough
>> example.
>>
>> Maybe we could propose to add a sentence underneath that example to
>> state that the use of CAPTCHAs is not encouraged by the W3C for all
>> the reasons mentioned here? Namely it's just "security by obscurity",
>> people have problems deciphering them and deaf-blind users have no
>> means of dealing with them (at least until the introduction of a
>> braille dimension to CAPTCHAs).
>>
>> Cheers,
>> Silvia.
>>
>>
>
>
--
Charles McCathieNevile Opera Software, Standards Group
je parle français -- hablo español -- jeg lærer norsk
http://my.opera.com/chaals Try Opera: http://www.opera.com
Received on Thursday, 18 March 2010 16:45:38 UTC