W3C home > Mailing lists > Public > public-rqtf@w3.org > January 2019

RE: Redraft of CAPTCHA Conclusion Section

From: Scott Hollier <scott@hollier.info>
Date: Thu, 17 Jan 2019 00:20:57 +0000
To: Janina Sajka <janina@rednote.net>, "public-rqtf@w3.org" <public-rqtf@w3.org>
Message-ID: <SN6PR01MB43490195472E8D247100D9C9DC830@SN6PR01MB4349.prod.exchangelabs.com>
To Janina

This looks great! Only one suggested change. 

Change: 

" Furthermore, it must be acknowledged by anyone who deploys such a solution that they are also participating in exposing their..."

To: 

" Furthermore, deployers of such solutions should be aware that they are participating in exposing their..." 

Just a slight tweak to make it less personal and argumentative. 

Otherwise +1 from me. 

Scott. 

Dr Scott Hollier 
Digital Access Specialist 
Mobile: +61 (0)430 351 909
Web: www.hollier.info
 
Technology for everyone
 
Looking to upskill your staff with digital access training? Fill the room for one flat fee. 
 
Keep up with digital access news by following @scotthollier on Twitter and subscribing to Scott's newsletter. 

-----Original Message-----
From: Janina Sajka <janina@rednote.net> 
Sent: Wednesday, 16 January 2019 10:49 PM
To: public-rqtf@w3.org
Subject: Redraft of CAPTCHA Conclusion Section

As discussed in the call today ...

Conclusion


CAPTCHA has evolved over time. This has included the development of several alternatives to text-based characters contained in bitmapped images, some of which can serve to support access for persons with disabilities. However, it has also been demonstrated not only that traditional CAPTCHA continues to be challenging for people with disabilities, but also increasingly insecure and arguably now ill suited to the purpose of distinguishing human individuals from their robotic impersonators.

Yet the need for a solution persists and will continue to persist.  It is therefore highly recommended that the purpose and effectiveness of any deployed solution be carefully considered before adoption, and then closely monitored for effective performance. As with all good software and on line content provisioning, analysis should begin with a careful consideration of system requirements and a thorough profiling of user needs.

Clearly, some solutions such as Google's reCAPTCHA, Facebook Connect, two-step or multi-device verification can be easily and affordably deployed. Yet problems persist even in these systems, especially for non English speakers.  Furthermore, it must be acknowledged by anyone who deploys such a solution that they are also participating in exposing their users to a massive collection of personal data across multiple trans-national big data systems and quite apart from any regulatory governance.

It is important, therefore, also to consider available stand-alone solutions such as honeypots and heuristics, along with current image and aural CAPTCHA libraries that support multiple languages. As always, testing and system monitoring for effectiveness should supply the ultimate determination, even as we recognize that an effective system today may prove ineffective a few years from now.

In other words, while some CAPTCHA solutions are better than others, there is currently no ideal solution. It is important to exercise care that any implemented CAPTCHA technology correctly identify people with disabilities as human.

-- 

Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa
Received on Thursday, 17 January 2019 00:21:25 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 17 January 2023 20:26:45 UTC