W3C home > Mailing lists > Public > public-html-a11y@w3.org > March 2010

Re: CAPTCHA alternatives/pitfalls (was Re: keep CAPTCHA out of HTML5)

From: Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no>
Date: Fri, 19 Mar 2010 01:59:40 +0100
To: "Gregory J. Rosmaita" <oedipus@hicom.net>
Cc: Charles McCathieNevile <chaals@opera.com>, public-html-a11y@w3.org, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Steven Faulkner <faulkner.steve@gmail.com>, John Foliot <jfoliot@stanford.edu>
Message-ID: <20100319015940547196.9954c7e7@xn--mlform-iua.no>
Gregory J. Rosmaita, Thu, 18 Mar 2010 18:42:01 +0000:
> however, what is a simple equation to you or me, may not be so simple to 
> users with various forms of cognitive issues...

However: this is also the point. For example, lots in this 
internationalized world happens in the mono-language: English. People 
uses English blog software, and get English captchas.

Like it has been said about Microsoft: Monoculture is a danger.

Simply by providing a Norwegian captcha about Norwegian issues, I could 
reduce the spam alot! (Spam filtering is often much simpler for us 
non-Englishmen, since all those English e-mail subject titles - because 
I don't know many in person that would say "You" in English, to me - if 
you get what I mean. With an Norwegian captcha I could filter out very 
many spammers ... Do you say that there is something bad in that? If so 
then there must be something wrong in the HTTP content-language header 
as well ... - as it is used to filter the language of the audience ... 

Btw: Last year, I switched to using a IDN domain name for my e-mail 
account. And I can tell you: Just by doing that, the spam I receive 
sunk drastically. (I still have the old address, and the spam seem 
99.5% to be sent to that address.) 

> http://norman.walsh.name/
> when i first tried norm's solution i had a screaming migraine at the 
> time, and couldn't figure out a simple multiplication equation -- 
> hence, my comments never made it to norm's blog feedback section, 
> and i became "sensitized" to the cognative issues inherent in a 
> logical/mathematical query...

We all have stories about blogs that we didn't bother to comment 
because we couldn't stand the thought of going through all that it 
demands ... (There is a local newspaper here which requires that you be 
a dollar a month to comment on their pages - a very effective captcha, 
you could say!) 

I understand that barriers can more greater barriers to some than 
others. But if we didn't need barriers, then there wouldn't be any ... 
Of course, I support that we ease the barriers. 

> the other thing that worries me about the use of equations as an 
> alternate to CAPTCHA, is that sooner, rather than later, equations 
> will be expressed as a series of graphics, in order to (a) stop a bot 
> from screen-scraping, and (b) sell graphical equations under the rubric 
> that they provide double protection - protection from a text-readng bot, 
> because the graphical components of the equation will not be ALT texted, 
> as that would make it possible for a bot to obtain the equation, and, if 
> smart enough, solve it...

I think that calculations and stuff like that is a very old idea 

Are there really signs that things become worse?

> i discussed approaches to human-verification tests in 2006 with daniel 
> dardailler, who believes that a simpler solution is to use logical 
> questions that are based on human experience and not on mathematical 
> eequations, which computers are quite able to compute...  for example:
> Q: what happens when you touch a hot stove?
> Q: what do you do when someone tells you a funny joke?

Sounds like good ideas. However, I have to say that what makes people 
stumble really differs a lot. Predicting how humans react is hard. As 
you described yourself above.

> and other human-related quote real world unquote challanges...  these,
> however, are culturally-based queries, and many have more than one 
> correct answer (for example, when i touch a hot stove, i swear a 
> blue streak, whereas the answer the question may simply be a variation
> on "get burnt" "burn hand" "burn myself"; moreover, any natural language
> challange presents an immediate internationalization problem, which is
> why implementors such as norm walsh chose the quote universal unquote
> language of mathematics...

Ha ha. I18N *problem*? Sorry, but I18N is part of the solution. Or, the 
point is: it is neither nor.

> dave poehlman also had an interesting idea -- express the equation in 
> words; for example:
> Q: seven minus five equals:
> a good idea to ward off bots, but there is still the problem of one 
> person's simple equation being another person's nightmare...

Good idea. But again, it would have been more "internationalized" if he 
used numbers! What an evil man. Ho ho.
> for more information on CAPTCHA discussions which have transpired 
> since the publication of the Turing Test note, please refer to the 
> CAPTCHA note update wiki page, located at:
> http://www.w3.org/WAI/PF/wiki/CAPTCHA_v2

Thanks, I am not very much into A11Y issues w.r.t. this subject. I see 
that there is enough reading material there. Smile.
leif halvard silli
Received on Friday, 19 March 2010 01:04:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:55:33 UTC