- From: Kynn Bartlett <kynn@idyllmtn.com>
- Date: Fri, 2 May 2003 19:01:28 -0700
- To: WAI-IG <w3c-wai-ig@w3.org>
Originally posted on the Maccessibility web site:
http://www.maccessibility.com/archive/000535.php
See the URL above for the complete story, including graphics and
links.
Why blind users can't register at Slashdot
Ever wonder why you don't hear a whole lot from blind people on
Slashdot?
An Email Query
I recently forwarded the URL for a Slashdot thread about talking
books
to the W3C's Web Accessibility Interest Group mailing list. I got a
message back from a user who seemed to be confused about the
registration process:
I'm sorry to do this but seem to be having an awful hard time
finding the image asked before creating an account on the slash.
web site. I somehow got an instruction to provide a three letter
image to be typed in an edit box on the site but can't find the
image. Help if you can or please try to instruct me. Thanks in
advance.
It's been years, literally, since I signed up for Slashdot, so I had
no idea what he was talking about. I went to the Slashdot new user
page to see what was up.
Registering at Slashdot
In order to sign up as a Slashdot user -- and lose the "anonymous
coward" tag as well as to be able to set your preferences -- you need
to go through the registration process, which includes something like
this:
To confirm you're not a script,
please type the text shown in this image
(random letters)
I've left the alt attribute as Slashdot provides it -- literally, the
string "(random letters)". If you can't see this graphic -- and
anyone
using Lynx or a screenreader won't be able to -- the graphic has
three
letters: zth. There is also an input box in which the user is
supposed
to type those letters, to prove she's a real person.
This is a supposed security measure designed to prevent automatic
signups. The problem is that it excludes users with disabilities,
specifically users who can't see the images.
Randal Schwartz Explains the Technique
The technique has become pretty widespread in the last few years --
meaning that increasingly more blind users are shut off from using
Web
services. In December of 2001, Randal Schwartz, a Perl guru who
should
know better, endorsed the technique in an issue of WebTechniques
magazine (now New Architect magazine). He gave a good description of
this exclusionary security strategy in his article, Ravaged by
Robots!
which also provided Perl code for easy implementation:
In last month's column, I talked about implementing one type of
survey form for customer feedback. Other types of forms often have
ratings systems or multiple-choice values, which are then
summarized into an average score to determine the most frequent
responses.
Of course, such forms are meant to be used only once per person.
But what if some of your responses are coming from Web robots? A
clever Perl hacker could write a ballot stuffing program with just
a few lines of code.
I was actually thinking about this problem the other day. As a
human, it's trivial for me to see an image, extract the text
content, and type it back into a form element. On the other hand,
that has to be reasonably difficult for an automated form
submission robot! That got me scurrying off to figure out how to
validate a form using an image. After a couple of false starts, I
came up with the program presented in Listing 1, as a demonstration
of this technique's basics.
A Recipe for Inaccessibility
Randal's technique was presented as a way to make Web polls more
secure, but the strategy is currently in use on a number of sites as
an integral part of the registration process, including Slashdot,
Hotmail, PayPal, and Yahoo. A recent thread on the Usability for
Visually Impaired People mailing list pointed out a similar serious
accessibility barrier at Hotmail. An older thread on the WAI interest
group discussed the same thing.
In December 2001, I wrote Randal a letter to call his attention to
the
irresponsibility of promoting a security solution which shuts out
users with disabilities:
I just read your "Ravaged by Robots!" article in the December 2001
issue of WebTechniques. You've come up with a clever and original
way of dealing with the problem of robots hitting online polls, but
unfortunately your solution cuts out an important group of
legitimate users: web users with visual disabilities who are unable
to see images.
These users won't be able to see the image with the security code,
and thus will never be able to pass the test. A dedicated blind
user might be able to run an optical character recognition on your
program, but you've already said you'd use low-contrast letters if
you were worried about that -- which cuts out yet more users who
may be able to see, but need high contrast!
Randal, in your article you say, "but we've raised the bar to a
point at which most people won't bother trying to get around it" --
and that's exactly the problem, as your bar is now far above the
heads of many legitimate users, in violation of commonly accepted
accessibility principles (www.w3.org/WAI). In her "14 Ways to Talk
Clients out of Ruining their Sites" in the same issue, Molly
Holzschlag reminds us that one sure path to ruin is "ignoring
accessibility" -- I think you may want to review that article.
Regards,
Kynn Bartlett kynn@idyllmtn.com
Solving the Problem
So what's the solution?
Well, PayPal offers an interesting workaround. Instead of viewing an
image, you can also choose to listen to a sound file (wav) and type
the letters you hear. When you fill out the PayPal registration form,
there's a link labeled "Help" next to the security test, which brings
you to the link above where you can play the sound file. This offers
the possibility of access to the blind user with a sound-enable
computer, and PayPal should be applauded for being noe of the few
sites to add this relatively simple adaptation.
On the other hand, PayPal's solution doesn't help Lynx users, Braille
terminal users, and deaf-blind users. It's better than nothing -- and
it's certainly better than what Yahoo currently provides. If you're
signing up for a Yahoo, there's a link which says "If you can not see
this image, click here" -- and the link takes you to a page which
basically says, just guess, and if you guess wrong, keep guessing
until you get it right! Gee, thanks, Yahoo.
You can read more about this kind of "security" involving low
resolution images of text at the CAPTCHA Project, run by Carnegie
Mellon's school of Computer Science.
What Should Slashdot Do?
There may be a need for this kind of security with the prevalence of
bots on the Web which are up to nefarious purposes. However, any
solution which excludes users with disabilities -- as Slashdot's does
-- must be classified as a very poor way to solve this problem.
Widespread use of these techniques can render large sections of the
Web, from Hotmail addresses to Yahoogroups, unusable by some of the
audience who can benefit most from them.
At the very least, Slashdot should provide the same option as PayPal,
with an audio version as well as a visual representation. Until they
do that, it will be very hard for many blind users -- who can
otherwise operate their computers and use the Web -- to make
meaningful contributions to the Slashdot community.
--
Kynn Bartlett <kynn@idyllmtn.com> http://kynn.com
Chief Technologist, Idyll Mountain http://idyllmtn.com
Author, CSS in 24 Hours http://cssin24hours.com
Inland Anti-Empire Blog http://blog.kynn.com/iae
Shock & Awe Blog http://blog.kynn.com/shock
Received on Friday, 2 May 2003 22:02:43 UTC