- From: White, Jason J <jjwhite@ets.org>
- Date: Fri, 24 Feb 2017 19:43:14 +0000
- To: David Sloan <dsloan@paciellogroup.com>, RQTF <public-rqtf@w3.org>
Thank you, Dave. On the CAPTCHA topic, I think Judy raised an important question that moves our discussion of alternatives to CAPTCHA in a positive direction. One way of characterizing the issue is: what are the merits of, or trade-offs among, the various alternatives to CAPTCHA that we might recommend Web application developers consider for accessibility reasons? I think there are several broad categories of research findings emerging from our discussion of the CAPTCHA literature so far. These take into account more recent research than that which was available to APA when the original W3C Note was drafted. Auditory and graphical CAPTCHA techniques, and their implications for users with disabilities, have been investigated, so I think we have contributions to make to APA Working Group discussion of the accessibility of CAPTCHA techniques themselves. Researchers from the University of Washington also took the interesting step of investigating how changes to the Web-based user interface presenting the auditory CAPTCHA could improve the success rate for screen reader users. There seems to be more to say about alternatives to CAPTCHA as well, but it isn't yet clear to me what the main themes are in that respect. It is also noteworthy, I think, that recent advances in neural networks are improving the ability of software to solve formerly difficult recognition problems, including, potentially, those used by traditional character-based and auditory CAPTCHA techniques. I haven't yet encountered research that examines what the implications are for the viability of those techniques. It could be argued that people who seek to subvert CAPTCHA are unlikely to have access to neural networks or the expertise to use them. More practical for the attackers, unfortunately, is the option of exploiting human beings by creating incentives to solve CAPTCHAs in real time, enabling scripts to gain unauthorized access to Web sites. It should be noted that what I have provided here are themes and conclusions, not the details. Others are welcome to correct or enhance the above discussion. ________________________________ This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. Thank you for your compliance. ________________________________
Received on Friday, 24 February 2017 19:43:49 UTC