W3C home > Mailing lists > Public > public-rqtf@w3.org > December 2021

FW: Re: RE: Proposals for secure, user-friendly and private Captcha systems

From: Scott Hollier <scott@hollier.info>
Date: Wed, 22 Dec 2021 06:19:03 +0000
To: "public-rqtf@w3.org" <public-rqtf@w3.org>
Message-ID: <BYAPR01MB5303E8E04BF7685720015F5CDC7D9@BYAPR01MB5303.prod.exchangelabs.com>
To the RQTF

Hope everyone is going well!

I’m touching base as I’ve received the below e-mail after initially being contacted in relation to the CAPTCHA draft. I’ve tried letting the person know about the process to provide comments on the draft but seems to prefer e-mailing me and looks like there may be a language barrier too. There are some CAPTCHA concepts below but not sure how best to action them as I can see accessibility flaws in all the suggestions provided. Would be interested in the thoughts of the group as to how best to proceed as different, yet inaccessible, CAPTCHAs are pretty well documented in the Note currently in my view.  Happy to get back in touch with the person about any conversations.

Hanks everyone,

Scott.


Dr Scott Hollier
CEO & Co-founder

[Centre for Accessibility logo]<http://www.accessibility.org.au/>

Centre For Accessibility Australia Ltd.
Phone +61 (0)430 351 909
Email scott.hollier@accessibility.org.au<mailto:scott.hollier@accessibility.org.au>
Address 92 Adelaide Street, Fremantle WA 6160

accessibility.org.au<http://www.accessibility.org.au/>

[Instagram logo icon]<https://www.instagram.com/centrefora11y/>  [Facebook logo icon] <https://www.facebook.com/centrefora11y/>   [Twitter logo icon] <https://twitter.com/centrefora11y>   [LinkedIn logo icon] <https://www.linkedin.com/company/centreforaccessibility/>


Hello, thank you for your reply. I speak Spanish. Here are the different concepts I developed about security systems Captcha.

1. Indirect words:

In traditional Captcha systems a person is usually asked to identify objects or things that appear in an image, the problem with this system is that they become insecure as machine learning advances.

By using indirect words, the user is not asked to select images with certain objects, but to select words indirectly related to an image. These can be adjectives, verbs, etc.

For example, an image of a woman with a camera on a beach may contain as direct words woman, beach, sun, camera and anything that appears in the image. As indirect words related to the image may appear, taking, summer, taking, capturing, memory, moment, focus, etc.

Around the image should appear indirect words with and without relation to the image. The user must select the correct ones, so that with a minimum margin of error for people it is not difficult to pass the test and it would be possible to eliminate the use of the current automatic learning of the bots in the identification of objects.

The relationship of actions and situations is something relatively easy for people, but currently impossible for computers, perhaps something that can never be achieved by machine learning or artificial intelligence given the complexity and the multiple interpretations and relationships between the parts of an image and words.

Optionally the user can add a phrase or word related to the image in a text field, thus increasing the number of words to display over an image.

The ratio percentage by which the words are displayed is updated as people select the words they think are correct.

In the case of the sound test for the visually impaired, the concept is the same. People are described the most important parts of an image and must choose the corresponding words that relate to it indirectly.

It is important to increase the usability for the user, for that reason it is necessary to save in the browser memory a unique identifier for it, which allows to recognize if a person has already been identified in the system to not do it again, in the case that an identifier is detected as suspicious, it is blocked.

An image must be generated with the person's identifier, for those who delete the data from their browser, being able to identify themselves with it. In this way, the identification system is automated, making the first identification practically unique and reducing the importance of the level of difficulty or time it takes to resolve it.

2. Sentence formulation:

Something that computers cannot do, but people can easily do, is the generation of sentences with certain coherence.

In this sense, the proposed system consists of people having to formulate a coherent sentence from two randomly generated words with a certain number of words in total.

The coherence is determined by an algorithm or by the rating of other people connected to the system at that moment.

In this case there is no difference in the system for visually impaired people.

As above, the virtual identifier generation system should be used to automate the identification of persons.

3. Identification through donations:

Alternatively, in addition to the previous systems, it is offered to people through a donation to receive a unique virtual identifier, so that those who prefer this method do not have to perform the above steps and in turn are making a donation to a cause.

4. Barcode scanning:

By scanning an international barcode present on any type of item that is generally unique to each item, a user can be identified by saving the identifier in the browser and on disk to automate the identification process.

A barcode that is detected as suspicious can be suspended for a period of time or indefinitely. A unique identifier must be used for each user so that this does not affect people using the same code. The scanning of the barcode is only to validate the person and give him/her a unique identifier since it is assumed that a machine would not be able to do it or would have a limit of codes to use. The numerical identifiers of the codes are not used because a bot could easily access them through the Internet. Scanning verifies that a photo is indeed being taken of a real item.

This system is only a concept that has drawbacks to be solved, such as the method to be used for visually impaired people, the implementation on desktop computers that do not have a digital camera, etc. In the first case, the user can be asked to take several photos of one or more items to identify the barcode or use the product photo identification instead. In the second case, the cell phone can be synchronized with the computer, among other alternatives.

This simple set of concepts and systems is called RealHIS (Real Human Identification System) as they test cognitive parts and presence tests that only a human in theory can perform.

I have some image designs on the same if you need it or any consultation on the same. In any case if you consider using some or part of the concepts I mentioned let me know. Greetings.
might be interested in knowing more details about them. In any case you can write to me. Regards.

image001.png
(image/png attachment: image001.png)

image002.png
(image/png attachment: image002.png)

image003.png
(image/png attachment: image003.png)

image004.png
(image/png attachment: image004.png)

image005.png
(image/png attachment: image005.png)

Received on Wednesday, 22 December 2021 06:19:33 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 17 January 2023 20:26:49 UTC