- From: Marc Haunschild (Accessibility Consulting) <marc.haunschild@accessibility.consulting>
- Date: Thu, 14 Oct 2021 06:54:58 +0200
- To: David Woolley <forums@david-woolley.me.uk>
- Cc: w3c-wai-ig@w3.org
Hi David, > Am 13.10.2021 um 22:27 schrieb David Woolley <forums@david-woolley.me.uk>: > > On 13/10/2021 15:13, Marc Haunschild wrote: >> Getting spam is a problem that no visitor of a website has. > > Although, for simple e-commerce sites, spam associated with response forms may be the main issue More than this: mitigating spam attacks was part of the question I answered to. Using a CAPTCHA as a security feature is a complete other thing - and I’m not sure, if someone should rely on this. >> In many cases simple and stupid solutions can help a lot, like putting a confirmation page between the form and the final send button or checking the time between opening a form and sending it. >> No human sends a form in less than a second / robots so! > > These only work whilst they are unusual. Yes. True. So why not using them while they still work? Anyway AFAIK every CAPTCHA we have today can be solved by AI. In theory. But in reality most of the bots are simple and cheap - because even cheap and simple bots still find millions and millions of places to put their messages. As I said: fighting spam needs a strategy. The strategy surely needs updates every now and then… My knowledge about this is very limited and maybe outdated. If you want to solve a problem the right way, you’ll need an expert. Summary: if it’s just about spam use a quick and dirty solution as long as it works. If you have to rely on this solution for security reasons or simple solutions don’t help, you might not want to ask a11y guys for advice. From an a11y perspective I recommend: get rid of CAPTCHAS. They make things harder for real people and robots don’t care. Just my 2 Cents Marc
Received on Thursday, 14 October 2021 17:42:10 UTC