Picking Nits (was Re: CAPTCHA Status and Next Steps) from John Foliot on 2018-06-01 (public-rqtf@w3.org from June 2018)

From: John Foliot <john.foliot@deque.com>
Date: Fri, 1 Jun 2018 13:57:47 -0500
To: Janina Sajka <janina@rednote.net>
Cc: RQTF <public-rqtf@w3.org>
Message-ID: <CAKdCpxz3+EBKJoS8TUCnEAo6wgCP6PEAy_PNTOUiNPLzSXZuHw@mail.gmail.com>
Hi Janina,

I have gone over this with my red pencil. A few minor style, editorial, and
grammatical observations (and a wee bit of bike-shedding) follows. I hope
you will not be offended by these (OCD-like) thoughts.

From the "
Abstract
" section:

1:

"...
other mechanisms such as multi-device authentication and the Google
reCAPTCHA are gaining in prominence.
"


Editorially, either remove the word "the" from before Google, or add an
object after the word reCAPTCHA (as reCAPTCHA is a name of a thing, but
what is the thing?):


"...
other mechanisms such as multi-device authentication and Google reCAPTCHA
are gaining in prominence.
"

OR

"...
other mechanisms such as multi-device authentication and the Google
reCAPTCHA solution are gaining in prominence.
"


2: 


"...For people with disabilities, however, it often remains the case that
the challenge employed determines
..."

Too many comma's. Remove the comma after "disabilities"

:



"...For people with disabilities however, it often remains the case that
the challenge employed determines
..."


**********

>From the "The Problem" Section:

3:

"...Web sites with resources that are attractive to aggregators such as
sign-up Web pages, travel and event ticket sites, Web-based email
accounts<ins>,</ins> and social media portals have taken measures to ensure
that they can offer their service to individual users without exposing
their data and content to Web robots.


Edit shown inline. [JF: Oxford comma fan since the 1970's...]

4:

"...While Accessibility best practices require, and assistive technologies
expect<ins>,</ins> substantive graphical images to be authored with text
equivalents, alternative text on CAPTCHA images would clearly be
self-defeating."

Edit shown inline. (Reference: https://pugss.wordpress.com/20
09/09/25/just-an-aside/) 

5:

"...makes it impossible for users with certain disabilities to create
accounts, write comments, or make purchases on such sites—in essence, such
CAPTCHAs fail to properly recognize users with disabilities as human,
obstructing their participation in contemporary society."

Bike-shedding. I question the use of em-dash here (suggests semi-colon
instead). If we stick with em-dash, recommend some white-space before and
after: "...on such sites — in essence..." Proposed Edit shown inline.

(ref: AP Style guide. See also:
https://apvschicago.com/2011/05/em-dashes-and-ellipses-closed-or-spaced.html
)

Question, does W3C favor one style guide over the other? AP? Chicago?
Oxford? Other?


6:

"...Such issues also extend to situational disabilities whereby a user may
not be able to effectively view a traditional CAPTCHA on a mobile device
due to the small screen size<ins>,</ins> or hear an audio-based CAPTCHA in
a noisy environment.


Bit of a run-on sentence <http://grammar.ccc.commnet.edu/grammar/runons.htm>
there. Propose adding a comma as indicated.


**********

>From the
"
Security Effectiveness" section:

7.

"...It is highly recommended, therefore, that alternative security methods
such as two-step or multi-device verification are considered in preference
to traditional image-based CAPTCHA methods for both security and
accessibility reasons."

Proposed re-write:

"Therefore it is highly recommended that alternative security methods, such
as two-step or multi-device verification, are considered in preference to
traditional image-based CAPTCHA methods for both security and accessibility
reasons."


Mostly bike-shedding here: moved the "Therefore" adverb
<http://grammarist.com/grammar/therefore/> to the beginning of the
sentence, and used commas (again) for the aside content. (See previous
reference).


**********

From the 3.1 Traditional character-based CAPTCHA section:

8.

"...The use of a traditional CAPTCHA is particularly problematic for people
who are blind<ins>,</ins>

as the screen readers they rely on to use web content cannot process the
image, thus preventing them from from uncovering the information required
by the form.
"


The aside problem (again). Proposed
Edit shown inline.

9.

"...
Because the characters embedded in a captcha are often distorted or have
other characters in close proximity <ins>to each other</ins> in order to
foil technological solution by robots, they are also very difficult for
users with other visual disabilities."

Thought fragment: in close proximity to what? (Answer: to each other).
Proposed Edit shown inline.

10.

"...Native and literate Arabic or Thai speakers, for example, should not be
assumed to possess proficiency with the ISO8859-1 character
set—demonstrating the barriers associated with CAPTCHAs..."

Bike-shedding. See previous comment regarding em-dash and white-space.
(Recommend adding white-space).


**********

>From the "3.2 Logic puzzles" section:

11.

"...Simple mathematical <ins>or</ins> word puzzles, trivia, <del>and the
like</del><ins> or similar logic tests</del> may raise the bar for robots,
at least to the point where using them is more attractive elsewhere."


Proposed Edits shown inline.


**********

>From the "3.3 Sound output" section:

12.

"...So, one logical solution to this problem is to offer another
non-textual method of using the same content. "

Bike-shedding. The use of "So," feels superfluous; I would either remove
it entirely, or at a minimum remove the comma. 

13.

"...To achieve this, audio is played that contains a series of characters,
words<ins>,</ins> or phrases being read out which the user then needs to
enter into a form.. "


Bike-shedding. Oxford comma. (Caution: this sentence currently ends with
two periods.)

14.

"...As with visual CAPTCHA<del>,</del> however, robots are also capable of
recognizing spoken content—as Amazon's Alexa has so successfully
demonstrated."


Proposed Edit inline (remove a comma). Also comment regarding em-dash here
as well.

Question: do we only want to call out one such voice-input system? (Alexa)
Perhaps also reference Siri and Cortana to preserve vendor neutral
appearance:

"...as Amazon's Alexa, Apple's Siri, Microsoft's Cortana, and other such
platforms have so successfully demonstrated."


15.

"...Consequently, the characters, words<ins>,</ins> or phrases the user is
to uncover and transcribe


Proposed Edit inline. Another Oxford comma.

16.

"...can render the CAPTCHA difficult to hear, There can also be confusion
in understanding whether a number is to be entered as a numerical value or
as a word, e.g. ‘7’ or ‘seven’."

Comma after "hear" should actually be a semi-colon
<https://www.grammarly.com/blog/semicolon/> (independent but related
thought). The word "There" immediately after that should not be
capitalized.

Proposed re-write:

"...can render the CAPTCHA difficult to hear; there can also be confusion
in understanding whether a number is to be entered as a numerical value or
as a word, e.g. ‘7’ or ‘seven’."


17.

"...There are also temporal issues in that if it any portion of an audio
CAPTCHA is not understood, the entire CAPTCHA must be replayed generally
several times."

Struggling with the use of "generally" here. A couple of possible
different options:

"...There are also temporal issues in that if it any portion of an audio
CAPTCHA is not understood, generally the entire CAPTCHA must be replayed
several times."

(Moves the adverb to the front of the sentence-fragment. Could also replace
"generally" with the term "often" or "usually", which is more accurate and
precise.)

"...There are also temporal issues in that if it any portion of an audio
CAPTCHA is not understood; the entire CAPTCHA must be replayed, generally
several times."

(Changed first comma to semi-colon, added comma to re-enforce the
conditional term "generally")


More bike-shedding.

18.

"...Users who are deaf-blind, don't have or use a sound card, find
themselves in noisy environments, or don't have required sound plugins
properly configured and functioning<ins>,</ins> are thus also prevented
from proceeding.

Proposed Edit inline. More bike-shedding.

19.

"...and play it again and again, wwriting down the text to be entered in
the form before entering it in the browser, which is very inconvenient and
subject to web site time outs.


Typo: two "W"s used in "writing"


**********

>From the "3.5.1 Spam filtering" section:

20.

"...More advanced systems can control attacks based on posting frequency,
filter content sent using the TRACKBACK]] protocol, and ban users by IP
address range..."

Presuming an issue with "Trackback" (ends with two right square-brackets,
no beginning left square bracket - is this also supposed to be a link?)


21.

"...An example of a CAPTCHA base don this approach is the Google ReCAPTCHA
which features a checkbox labelled ‘I am not a robot’ or similar phrasing."

Spelling: "...base don..." should be "...based on..."


**********

>From the "3.6 Federated identity systems" section:

22.

"...As a result, many Web sites and Web Services<del>,</del> allow a
portable form of identification across the Web.


Proposed Edit inline. Inappropriate use of a comma here.


**********

>From the "3.6.2 Public-key infrastructure solutions" section:

23.

"...
The certificate can be issued in such a way as to ensure something close to
a one-person-one-vote system by for example issuing these identifiers in
person and enabling users to develop distributed trust networks, or having
the certificates issued by highly trusted authorities such as governments
"


Punctuation issues make this sentence hard to parse. Proposed re-write:


"...
The certificate can be issued in such a way as to ensure something close to
a one-person-one-vote system; for example


by

issuing these identifiers in person and enabling users to develop
distributed trust networks, or

by having the certificates issued
 
from

highly trusted authorities such as governments
."


24.

"...A subset of this concept, in which only people with disabilities who
are affected by other verification systems would register, raises a privacy
concern in that the user would necessarily inform every site that she has a
disability. The stigma of users with disabilities having to register
themselves to receive the same services should be avoided."


This is really hard to parse - the sentence feels incomplete. Is this
saying that it would be a "specialty service" that the PwD would have to
register with?

Proposed re-write:

"...A subset of this concept, in which only people with disabilities (who
are negatively affected by other verification systems) would be required to
register with a "specialty service" for authentication, raises a privacy
concern in that the user would necessarily inform every site that she has a
disability. The stigma of users with disabilities having to register
themselves to receive the same services should be avoided."

25.

"...sites such as Bookshare [BOOKSHARE] require evidence of a print
disability in order to provide users access to printed
materials<ins>,</ins> which are often otherwise unavailable in accessible
alternative formats such as audio or Braille form.


Proposed Edit inline. More bike-shedding.


**********

>From the "3.6.3 Biometrics" section:

26.  Question: do we not traditionally link out to external references?
Speaking here of the legal standards being noted (EN 301 549, section 5.3;
 section 255 of the Communications Act in the United States - 36 CFR 1194,
Appendix C, section 403)

**********

>From the "4. Conclusion
" section:

27.

"...
While a majority of CAPTCHAs in use remain challenging for people with
disabilities to complete, recent additions including the Google reCAPTCHA,
multi-device authentication<ins>,</ins>
 
and the increased prevalence of Federated identity systems currently
provide the most accessible and flexible options in separating humans from
robots.
"


Proposed Edit inline. Another Oxford comma.

28.

"However, while some CAPTCHA solutions are better than others, there is
currently no ideal solution. It is important, therefore, to exercise care
that any implemented CAPTCHA technology correctly identify people with
disabilities as human."


Improper use of "therefore". Proposed re-write:

"However, while some CAPTCHA solutions are better than others, there is
currently no ideal solution. It is important then to exercise care that any
implemented CAPTCHA technology correctly identify people with disabilities
as human."


...and... that's all I could spot.

JF


On Fri, Jun 1, 2018 at 9:54 AM, Janina Sajka <janina@rednote.net> wrote:

> Colleagues:
>
> I have concluded editing our draft CAPTCHA document for the time being.
> Yes, I have made significant and numerous edits since our call.  So, at
> your convenience, please review:
>
> https://rawgit.com/w3c/apa/captcha-janina/captcha/index.html
>
> In addition to any further edits we may want to make, we still have
> broken links to resolve.
>
> I now have a working URI for the Cnet article reference--and it's an
> even more meaningful reference in the current draft, imo.
>
> While the specific Anti-Phishing PDF document the 2004 CAPTCHA note
> references now yields a 404, the site itself is still functioning. Is
> there some specific document there we would choose to point to in our
> current note?
>
> http://antiphishing.org/
>
>
> Lastly, I have collect terms we may want to include in a glossary. Your
> opinions on which to keep, and where to point to in reference to them
> are solicited. Here's my current list:
>
> CAPTCHA
> https://en.wikipedia.org/wiki/CAPTCHA
> http://www.dictionary.com/browse/captcha
>
> Turing Test
> https://en.wikipedia.org/wiki/Turing_test
>
> assistive technology
> https://en.wikipedia.org/wiki/Assistive_technology
> https://www.w3.org/WAI/people-use-web/tools-techniques/
>
> alternative text
> https://www.w3.org/WAI/alt/
> Should probably now point to WCAG 2.1 ...
>
> screen reader
> http://www.afb.org/ProdBrowseCatResults.aspx?CatID=49
> https://en.wikipedia.org/wiki/Screen_reader
> https://www.w3.org/WAI/people-use-web/tools-techniques/
>
> web robot
> https://en.wikipedia.org/wiki/Internet_bot
>
> Google Recaptcha
> https://www.google.com/recaptcha/intro/index.html
>
> iso8859-1
> https://en.wikipedia.org/wiki/ISO/IEC_8859-1
>
> spider
> https://en.wikipedia.org/wiki/Web_crawler
>
> spam filtering
> https://en.wikipedia.org/wiki/Email_filtering
>
> heuristics
> https://en.wikipedia.org/wiki/Heuristic
>
> continuous authentication
> https://www.networkworld.com/article/3121240/security/contin
> uous-authentication-the-future-of-identity-and-access-management-iam.html
>
> hot words
> I've not found a useful pointer for this one yet.
>
> Bayesian filtering
> Too many choices! No winner yet.
>
> Public-key infrastructure
> https://en.wikipedia.org/wiki/Public_key_infrastructure
>
> polymorphism
> https://www.britannica.com/science/polymorphism-biology
> Good source for the term, but not applied to computing!
>
> Chafee Amendment
> https://www.loc.gov/nls/about/organization/laws-regulations/
> copyright-law-amendment-1996-pl-104-197/
>
> --
>
> Janina Sajka
>
> Linux Foundation Fellow
> Executive Chair, Accessibility Workgroup:       http://a11y.org
>
> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> Chair, Accessible Platform Architectures        http://www.w3.org/wai/apa
>
>
>


-- 
John Foliot
Principal Accessibility Strategist
Deque Systems Inc.
john.foliot@deque.com

Advancing the mission of digital accessibility and inclusion
Received on Friday, 1 June 2018 18:58:18 UTC