- From: Matthew Smith <matt@smiffytech.com>
- Date: Sat, 19 Nov 2011 06:14:56 +1030
- To: "w3c-wai-ig@w3.org" <w3c-wai-ig@w3.org>
Quoth Ramón Corominas at 18/11/11 20:14... > For high-loaded websites such as Facebook, etc. any CAPTCHA that > includes the answer in the question itself is useless as a security > control. The spambot can simply try a "bruteforce" attack with every > word or number in the question, so at least one of each 3 or 6 times it > will succeed. Looking at this the other way, "solving" the puzzle also requires a degree of comprehension on the part of the user, who could quite conceivably have learning difficulties, not be familiar with the site language and not understand ordinal numbers, etcetera. Even ignoring this possibility, I am becoming increasingly of the opinion that this is wrong because what is a problem for the site owner is being shifted onto the user. Or should I say customer. Maybe it is time that we stopped using the word 'user' entirely and started saying 'customer' instead because, from a business perspective, the shocking way in which we are treating these customers would scarcely be tolerated in the "normal" business world. In response to an off-list comment yesterday, I blogged the following, for reference: http://smiffy.posterous.com/captcha-there-for-a-reason Cheers M -- Matthew Smith Business: http://www.smiffytech.com Blog: http://www.smiffysplace.com Linkedin: http://www.linkedin.com/in/smiffy Flickr: http://www.flickr.com/photos/msmiffy Twitter: http://twitter.com/smiffy
Received on Friday, 18 November 2011 19:45:32 UTC