- From: Gijs Veyfeyken <gijs@anysurfer.be>
- Date: Thu, 2 Feb 2017 10:35:07 +0100
- To: Andrew Kirkpatrick <akirkpat@adobe.com>
- Cc: Karen Lewellen <klewellen@shellworld.net>, W3C WAI Interest Group <w3c-wai-ig@w3.org>
Hi, > Seriously though, reCaptcha does provide alternatives built into the CAPTCHA, so it is possible that they satisfy the WCAG 2.0 requirements directly (I haven’t evaluated it so I can’t say). We've tested Google's reCAPTCHA v2 Wrote a blogpost about it. Sorry, Dutch only. http://anysurfer.be/nl/blog/detail/googles-recaptcha-v2 Conclusions: If Google suspects you're not human, you need to click parts of an image. The alternative is an audiocaptcha that consists of 5 numbers. "Press play and enter the numbers you hear". The interface is available in many languages, the audio is only available in English. 1. Not everybody understands English obviously. 2. The audio starts immediately so a screenreader-user will miss the first number because the screenreader itself is still speaking. 3. Solving one audiocaptcha is not enough, you need to solve several after each other to validate. I'm not kidding. 4. If you got bad eyes and ears, it will be very hard. If you're deaf-blind, it's impossible. Kind regards, Gijs --- Gijs Veyfeyken AnySurfer - towards an accessible internet http://www.anysurfer.be/en Brussels - Belgium > On 2 Feb 2017, at 04:07, Andrew Kirkpatrick <akirkpat@adobe.com> wrote: > > Karen, > >> Based on say your personal professional experience how likely is it that a >> small business owner creating an international e-commerce website that may >> possibly reach millions, will automatically understand this need on their >> own? > > I don’t think that it is high enough, perhaps not high at all. I’m not sure that I would say that many of the WCAG 2.0 success criteria would meet that bar, so it may not be worth picking on 1.1.1 for that concern specific to CAPTCHA... > >> The incident leading to my starting this thread involved, not a small >> business owner, but a very very large Canadian company. >> Said company used recaptcha to create their verification, and it did not >> even manifest in their brain cells that an alternative was >> possible, let alone required. > > Sure, and that is why: > 1) We are looking at requirements for a major overhaul of WCAG 2.0’s structure and approach to guidelines > 2) People need to either educate themselves or hire experts - this is commonplace for compliance with many regulations where specific domain knowledge is needed. > >> Now, if there was a point in installing recaptcha that the user reached >> a message like this. >> "warning! failure to provide an alternative captcha other than the visual >> one chosen may result in human rights violations in your jurisdiction, >> or >> may be just unfriendly! do you wish to proceed?" >> Then I would feel the wording of 2.0 was enough...but it is possible to >> use the program without learning about alternative captcha formats. >> Therein may be the true issue. > > I’m sure that google would appreciate the bug report! :) Seriously though, reCaptcha does provide alternatives built into the CAPTCHA, so it is possible that they satisfy the WCAG 2.0 requirements directly (I haven’t evaluated it so I can’t say). Still, even if a captcha provides an image and provides an audio version of the image, that wouldn’t meet all users needs since a deaf-blind user wouldn’t see the image or hear the audio, so other approaches are worth considering. > >> In the best of all possible universes, automatically respecting the >> diverse ways to use a computer regardless of body uniqueness would flow >> effortlessly. We are not there yet. >> So, why is it not the default to create alternatives to visual captchas in >> programs that produce them? >> Dancing outside of the box...as usual, > > I’d say that it isn’t the default because the demand isn’t sufficient yet. Everyone on this list is a lot of people, but we are a small group relative to the population of developers in general. We need to keep talking to people and educating them on accessibility. We will get to that point I believe, but we aren’t there yet. > > AWK > > >> >> >> On Wed, 1 Feb 2017, Andrew Kirkpatrick wrote: >> >>> It bears pointing out that WCAG 2.0 allows CAPTCHA, but requires accessible CAPTCHA. >>> >>> It seems that some people think that CAPTCHA is always an image-based test, but that is not the case, it is any method that is used to distinguish between an computer and a human. >>> >>> The only reason that CAPTCHA was called out in WCAG 2.0 was that it would cause a failure if there was an image on a web page that didn’t have an equivalent alternative, and that would defeat the purpose of the CAPTCHA image. If you do use an image-based CAPTCHA WCAG 2.0 just requires that you provide alternative CAPTCHA methods for accessibility purposes, which is just like if you need to provide an alternative to other types of inaccessible content. >>> >>> Thanks, >>> AWK >>> >>> Andrew Kirkpatrick >>> Group Product Manager, Standards and Accessibility >>> Adobe >>> >>> akirkpat@adobe.com >>> http://twitter.com/awkawk >>> >>> >>> >>> >>> >>> >>> >>> On 1/31/17, 20:14, "Gian Wild" <gian@accessibilityoz.com> wrote: >>> >>>> You might be interested in these articles: >>>> CAPTCHA: Inaccessible to Everyone: http://www.sitepoint.com/captcha-inaccessible-to-everyone/ >>>> >>>> CAPTCHA: How to do it right (ie. don't use CAPTCHA!): http://www.linkedin.com/pulse/20140831232143-25659818-captcha-how-to-do-it-right-ie-don-t-use-captcha >>>> >>>> -----Original Message----- >>>> From: Karen Lewellen [mailto:klewellen@shellworld.net] >>>> Sent: Wednesday, 1 February 2017 11:59 AM >>>> To: Sean Murphy (seanmmur) <seanmmur@cisco.com> >>>> Cc: w3c-wai-ig@w3.org >>>> Subject: RE: example of accessible captcha? >>>> >>>> Well, at the risk of singing the same song again, a shared label does not a shared experience make. >>>> That you do not find an task difficult is absolutely fantastic...for you. >>>> It does not mean everyone within the same well label has your tools your situations, or choices. >>>> I was frankly stunned that assurance could get away with such a clear problem. I Mean what if the person has another reading challenge? >>>> Kicking them out because they cannot read when providing phones that have no access at all is a tad much. >>>> Kare >>>> >>>> >>>> On Tue, 31 Jan 2017, Sean Murphy (seanmmur) wrote: >>>> >>>>> Interesting, point in relation to text messages. AS I have vision loss myself, I didn't find it difficult. >>>>> >>>>> As there are more and more organisations using this as part of their security mechanism. One example that comes to mind is two step authentication. I suspect the challenge the example you provided is related to the assistive technology they had available on the mobile device. If the technology doesn't permit them to read text messages easily, then the solution will break for that group of users. Thus isn't full proof. >>>>> >>>>> The other ideas promoted I need to check out. As this is really a pain point for accessibility and disable users. >>>>> >>>>> Sean Murphy >>>>> Accessibility Software engineer >>>>> >>>>> -----Original Message----- >>>>> From: Karen Lewellen [mailto:klewellen@shellworld.net] >>>>> Sent: Wednesday, 1 February 2017 10:28 AM >>>>> To: Sean Murphy (seanmmur) <seanmmur@cisco.com> >>>>> Cc: w3c-wai-ig@w3.org >>>>> Subject: RE: example of accessible captcha? >>>>> >>>>> Hi sean, >>>>> I personally dislike the text message idea for two reasons. >>>>> first, you must provide your cell number, which if the site in question becomes compromised creates issues. >>>>> second and most important though that method assumes that both a phone is available, and a phone with easy to access text messaging. >>>>> I knew someone experiencing sight loss who got kicked out of the low cost American cell phone program because their provider called assurance wireless used text messages to contact members. The phone provided in the program had no accessible features so...they lost their service because they could not read the screen. >>>>> I believe Google is behind recaptcha. If they no longer encourage the visual captcha, then recaptcha should not create as much. >>>>> I agree totally with you about the audio editions of the challenges for many reasons. those are a poor solution in my experiences as well. >>>>> Kare >>>>> >>>>> >>>>> On Tue, 31 Jan 2017, Sean Murphy (seanmmur) wrote: >>>>> >>>>>> Karen, >>>>>> >>>>>> I like the concept of sites which use text messages that appear on your phone. Then you enter in the number they provide as the challenge. >>>>>> >>>>>> Audio caption solutions in my book are a negative experience because if you cannot understand the audio output. Then you cannot complete the form. As most audio challenges are distorted audio in the first place. I and quite a lot of others find this method of authentication very poor. This is of course to address the vision impairment community who cannot se the challenge graphic. >>>>>> >>>>>> There was an article I read ages ago where I think google had >>>>>> developed a method of not requiring the graphical challenge at all >>>>>> and used a completely different method. I went looking for the >>>>>> article and cannot find it. :-) >>>>>> >>>>>> Sean Murphy >>>>>> Accessibility Software engineer >>>>>> >>>>>> -----Original Message----- >>>>>> From: Karen Lewellen [mailto:klewellen@shellworld.net] >>>>>> Sent: Wednesday, 1 February 2017 6:12 AM >>>>>> To: w3c-wai-ig@w3.org >>>>>> Subject: example of accessible captcha? >>>>>> >>>>>> Greetings all, >>>>>> I seek a site that uses a captcha which does not involve an image. by which I mean one using a math problem, or some other interaction that differs from the letter number things often used. >>>>>> Ideas? >>>>>> Thanks, >>>>>> Karen >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>
Received on Thursday, 2 February 2017 09:35:44 UTC