Maccessibility: Why blind users can't register at Slashdot

Originally posted on the Maccessibility web site:
http://www.maccessibility.com/archive/000535.php

See the URL above for the complete story, including graphics and
links.


Why blind users can't register at Slashdot

    Ever wonder why you don't hear a whole lot from blind people on
    Slashdot?

An Email Query

    I recently forwarded the URL for a Slashdot thread about talking 
books
    to the W3C's Web Accessibility Interest Group mailing list. I got a
    message back from a user who seemed to be confused about the
    registration process:

      I'm sorry to do this but seem to be having an awful hard time
      finding the image asked before creating an account on the slash.
      web site. I somehow got an instruction to provide a three letter
      image to be typed in an edit box on the site but can't find the
      image. Help if you can or please try to instruct me. Thanks in
      advance.

    It's been years, literally, since I signed up for Slashdot, so I had
    no idea what he was talking about. I went to the Slashdot new user
    page to see what was up.

Registering at Slashdot

    In order to sign up as a Slashdot user -- and lose the "anonymous
    coward" tag as well as to be able to set your preferences -- you need
    to go through the registration process, which includes something like
    this:

      To confirm you're not a script,
      please type the text shown in this image
      (random letters)

    I've left the alt attribute as Slashdot provides it -- literally, the
    string "(random letters)". If you can't see this graphic -- and 
anyone
    using Lynx or a screenreader won't be able to -- the graphic has 
three
    letters: zth. There is also an input box in which the user is 
supposed
    to type those letters, to prove she's a real person.

    This is a supposed security measure designed to prevent automatic
    signups. The problem is that it excludes users with disabilities,
    specifically users who can't see the images.

Randal Schwartz Explains the Technique

    The technique has become pretty widespread in the last few years --
    meaning that increasingly more blind users are shut off from using 
Web
    services. In December of 2001, Randal Schwartz, a Perl guru who 
should
    know better, endorsed the technique in an issue of WebTechniques
    magazine (now New Architect magazine). He gave a good description of
    this exclusionary security strategy in his article, Ravaged by 
Robots!
    which also provided Perl code for easy implementation:

      In last month's column, I talked about implementing one type of
      survey form for customer feedback. Other types of forms often have
      ratings systems or multiple-choice values, which are then
      summarized into an average score to determine the most frequent
      responses.

      Of course, such forms are meant to be used only once per person.
      But what if some of your responses are coming from Web robots? A
      clever Perl hacker could write a ballot stuffing program with just
      a few lines of code.

      I was actually thinking about this problem the other day. As a
      human, it's trivial for me to see an image, extract the text
      content, and type it back into a form element. On the other hand,
      that has to be reasonably difficult for an automated form
      submission robot! That got me scurrying off to figure out how to
      validate a form using an image. After a couple of false starts, I
      came up with the program presented in Listing 1, as a demonstration
      of this technique's basics.

A Recipe for Inaccessibility

    Randal's technique was presented as a way to make Web polls more
    secure, but the strategy is currently in use on a number of sites as
    an integral part of the registration process, including Slashdot,
    Hotmail, PayPal, and Yahoo. A recent thread on the Usability for
    Visually Impaired People mailing list pointed out a similar serious
    accessibility barrier at Hotmail. An older thread on the WAI interest
    group discussed the same thing.

    In December 2001, I wrote Randal a letter to call his attention to 
the
    irresponsibility of promoting a security solution which shuts out
    users with disabilities:

      I just read your "Ravaged by Robots!" article in the December 2001
      issue of WebTechniques. You've come up with a clever and original
      way of dealing with the problem of robots hitting online polls, but
      unfortunately your solution cuts out an important group of
      legitimate users: web users with visual disabilities who are unable
      to see images.

      These users won't be able to see the image with the security code,
      and thus will never be able to pass the test. A dedicated blind
      user might be able to run an optical character recognition on your
      program, but you've already said you'd use low-contrast letters if
      you were worried about that -- which cuts out yet more users who
      may be able to see, but need high contrast!

      Randal, in your article you say, "but we've raised the bar to a
      point at which most people won't bother trying to get around it" --
      and that's exactly the problem, as your bar is now far above the
      heads of many legitimate users, in violation of commonly accepted
      accessibility principles (www.w3.org/WAI). In her "14 Ways to Talk
      Clients out of Ruining their Sites" in the same issue, Molly
      Holzschlag reminds us that one sure path to ruin is "ignoring
      accessibility" -- I think you may want to review that article.

      Regards,

      Kynn Bartlett kynn@idyllmtn.com

Solving the Problem

    So what's the solution?

    Well, PayPal offers an interesting workaround. Instead of viewing an
    image, you can also choose to listen to a sound file (wav) and type
    the letters you hear. When you fill out the PayPal registration form,
    there's a link labeled "Help" next to the security test, which brings
    you to the link above where you can play the sound file. This offers
    the possibility of access to the blind user with a sound-enable
    computer, and PayPal should be applauded for being noe of the few
    sites to add this relatively simple adaptation.

    On the other hand, PayPal's solution doesn't help Lynx users, Braille
    terminal users, and deaf-blind users. It's better than nothing -- and
    it's certainly better than what Yahoo currently provides. If you're
    signing up for a Yahoo, there's a link which says "If you can not see
    this image, click here" -- and the link takes you to a page which
    basically says, just guess, and if you guess wrong, keep guessing
    until you get it right! Gee, thanks, Yahoo.

    You can read more about this kind of "security" involving low
    resolution images of text at the CAPTCHA Project, run by Carnegie
    Mellon's school of Computer Science.

What Should Slashdot Do?

    There may be a need for this kind of security with the prevalence of
    bots on the Web which are up to nefarious purposes. However, any
    solution which excludes users with disabilities -- as Slashdot's does
    -- must be classified as a very poor way to solve this problem.
    Widespread use of these techniques can render large sections of the
    Web, from Hotmail addresses to Yahoogroups, unusable by some of the
    audience who can benefit most from them.

    At the very least, Slashdot should provide the same option as PayPal,
    with an audio version as well as a visual representation. Until they
    do that, it will be very hard for many blind users -- who can
    otherwise operate their computers and use the Web -- to make
    meaningful contributions to the Slashdot community.

--
Kynn Bartlett <kynn@idyllmtn.com>                     http://kynn.com
Chief Technologist, Idyll Mountain                http://idyllmtn.com
Author, CSS in 24 Hours                       http://cssin24hours.com
Inland Anti-Empire Blog                      http://blog.kynn.com/iae
Shock & Awe Blog                           http://blog.kynn.com/shock

Received on Friday, 2 May 2003 22:02:43 UTC