- From: Scott Hollier <scott@hollier.info>
- Date: Thu, 7 Mar 2019 23:59:57 +0000
- To: Janina Sajka <janina@rednote.net>, "public-rqtf@w3.org" <public-rqtf@w3.org>
To Janina Yes based on my reading of the tools' website and some forum posts I found, that's an accurate description. My reading of 'in-browser' is that it happens without user interaction as it's a server-side security tool. Happy to leave the door open from in the response should the person that raised the issue provide additional information. Scott. Dr Scott Hollier Digital Access Specialist Mobile: +61 (0)430 351 909 Web: www.hollier.info Technology for everyone Looking to upskill your staff with digital access training? Fill the room for one flat fee. Keep up with digital access news by following @scotthollier on Twitter and subscribing to Scott's newsletter. -----Original Message----- From: Janina Sajka <janina@rednote.net> Sent: Thursday, 7 March 2019 10:29 PM To: public-rqtf@w3.org Subject: Re: Feedback on in-browser CAPTCHA research Looking at Scott's analysis, I'm thinking we may want to respond to this poster sooner rather than later. I believe our out of scope response, as discussed at yesterday's telecon, is based on our understanding that the tool is not attempting to distinguish human from robotic users, but rather DOS attacks. There are, of course, many types of malicious actors on the web. Our focus is specifically the reverse Teuring test as opposed to the general proposition that bot attacks should be blocked wherever possible. There's probably a more elegant way to state this, but I thought it best to respond on list with a first cut. Janina Scott Hollier writes: > To the RQTF > > Following up on my action item, I've had a look at the product discussed in the GitHub feedback. The product is outlined by the website as "a highly available cluster of reverse proxies, filtering traffic to your origin server." While it does focus on stopping bots, its seems to be more of an automated packet sniffer / analytical server-side security tool that focuses on denial-of-service attacks rather than user interaction. I've done a bit of digging in online discussion forums and to date haven't found anything that specifically suggests it has any elements that interac as a public turing testt with the user, so in my opinion it falls outside the scope of our CAPTCHA accessibity discussion. > > Also it looks like I've been accidentally assigned to the wrong response in GitHub - not sure how to reassign it! > > Thanks everyone, look forward to the call later today. > > Scott. > > > [Scott Hollier logo]Dr Scott Hollier > Digital Access Specialist > Mobile: +61 (0)430 351 909 > Web: www.hollier.info<http://www.hollier.info> > > Technology for everyone > > Looking to upskill your staff with digital access training<http://www.hollier.info/consultancy/>? Fill the room for one flat fee. > > Keep up with digital access news by following @scotthollier on Twitter<https://twitter.com/scotthollier> and subscribing to Scott's newsletter<mailto:newsletter@hollier.info?subject=subscribe>. > -- Janina Sajka Linux Foundation Fellow Executive Chair, Accessibility Workgroup: http://a11y.org The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) Chair, Accessible Platform Architectures http://www.w3.org/wai/apa
Received on Friday, 8 March 2019 00:00:26 UTC