W3C home > Mailing lists > Public > public-rqtf@w3.org > May 2019

CAPTCHA Additions Finished -- Multi-Device section rewritten

From: Janina Sajka <janina@rednote.net>
Date: Fri, 17 May 2019 15:21:17 -0400
To: public-rqtf@w3.org
Cc: Ángel <angel@w3.16bits.net>
Message-ID: <20190517192117.GA3417@rednote.net>
Colleagues:

Per our conversations on Wednesday's RQTF teleconference, I've edited
our Multi Device section to include discussion of voice telephone and
SMS text message approaches .

https://w3c.github.io/apa/captcha/#leveraging-the-multi-device-environment

I will now move toward issueing a Call for Consensus to APA as we also
discussed. If the CfC is approved, we will move to publish our second
wide review draft on May 28 or 29.

Note I'm again copying Angel who provided the following relevant comment:

Ángel writes:
> On 2019-05-14 at 15:13 -0400, Janina Sajka wrote:
>  ...
> 
> Additionally, I miss a section about phone validation captchas. -it
> considered. Looking in the archives, it seems to have been briefly
> mentioned on January, but I'm confused about how it concluded.
> For a while now, it has been a trend to request a phone number as a
> captcha. None of the three big email providers (Gmail, Yahoo and
> Outlook) allow you to create an email account without providing a mobile
> phone number.¹
> 
> 
> ¹ Being strict, outlook _allows_ the creation of the account, but it
> requires phone validation as soon as the user tries to send their first
> email.
> 
> As another example, a few weeks ago, I created a twitter account not
> providing a phone number. About 5-10 minutes after that, it considered
> that the behavior was suspicious and required passing a Google recaptcha
> *and* a phone verification in order to unlock the account. Despite it
> had been a normal use, having only manual interaction with the website
> from a mainstream browser.
> 
> 
> 
> The usage of phone numbers for validation has both privacy and
> accessibility implications. I don't think the first needs much
> explanation, and some people is quite reluctant about sharing their
> phone number with websites that want it "just for validation".
> 
> Amongst the potential drawbacks:
> It assumes that all users have a phone number they can use for their
> validation. Some people, while they could make calls through shared
> services if needed, don't have a line on their own.
> Often validation is only provided as SMS. But some people only have a
> landline number, which is not capable of sms reception (even if their
> terminal do, the network doesn't).
> There are people that do have a mobile phone, but is only able to
> perform very basic functions, and does not know how to read received
> SMS. (Depending on the resource that is being protected, it is possible
> that it too would be too complex, and thus may consider this not to be a
> concern, though)
> 


Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa
Received on Friday, 17 May 2019 19:21:46 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 17 January 2023 20:26:46 UTC