RE: Captcha alternatives from Karen Lewellen on 2021-10-19 (w3c-wai-ig@w3.org from October to December 2021)

From: Karen Lewellen <klewellen@shellworld.net>
Date: Tue, 19 Oct 2021 18:04:35 -0400 (EDT)
To: Jeremy Echols <jechols@uoregon.edu>
cc: "Marc Haunschild (Accessibility Consulting)" <marc.haunschild@accessibility.consulting>, David Woolley <forums@david-woolley.me.uk>, "w3c-wai-ig@w3.org" <w3c-wai-ig@w3.org>
Message-ID: <Pine.LNX.4.64.2110191758210.2271596@server2.shellworld.net>

I absolutely resonate with this idea.
One of the most creative examples of this, was and hopefully is, being 
done  on a forum dedicated to Harry Potter fanfiction writing and reading 
called  dark lord potter.
I hope I remember the link.
www.darklordpotter.net
Anyway, the captchas they use,  are Potter related questions.
I mean one can even  have fun with  it, how about.
If your human and you know it, type you know it.
Karen



On Tue, 19 Oct 2021, Jeremy Echols wrote:

>> ...in reality most of the bots are simple and cheap...
>
> This bit about bots is very true. Unusual / obscure anti-spam protection doesn't only work because it's unusual or obscure. It works because bot authors are looking for easy wins. They don't want to build a custom bot for every site they hit. Your anti-spam strategy can be as simple as "are you a human? Type 'yes' or 'y'." For a small site that doesn't warrant being targeted by bot authors, that exact strategy has worked for me for something like ten years. I used to get hit with a dozen spam submissions a week, but I haven't had a single one since I added that very simple question. Obviously I'm talking about a *really* small site, but that's the point: your anti-spam system must take your site's value into consideration.
>
> I think my point is this: if everybody built a simple, human-friendly CAPTCHA, but each one were a little different, only the biggest (high value) sites would need something stronger.
>
> -----Original Message-----
> From: Marc Haunschild (Accessibility Consulting) <marc.haunschild@accessibility.consulting>
> Sent: Wednesday, October 13, 2021 21:55
> To: David Woolley <forums@david-woolley.me.uk>
> Cc: w3c-wai-ig@w3.org
> Subject: Re: Captcha alternatives
>
> Hi David,
>
>> Am 13.10.2021 um 22:27 schrieb David Woolley <forums@david-woolley.me.uk>:
>>
>> On 13/10/2021 15:13, Marc Haunschild wrote:
>>> Getting spam is a problem that no visitor of a website has.
>>
>> Although, for simple e-commerce sites, spam associated with response forms may be the main issue
>
> More than this: mitigating spam attacks was part of the question I answered to.
>
> Using a CAPTCHA as a security feature is a complete other thing - and I’m not sure, if someone should rely on this.
>
>>> In many cases simple and stupid solutions can help a lot, like putting a confirmation page between the form and the final send button or checking the time between opening a form and sending it.
>>> No human sends a form in less than a second / robots so!
>>
>> These only work whilst they are unusual.
>
> Yes. True.
>
> So why not using them while they still work?
>
> Anyway AFAIK every CAPTCHA we have today can be solved by AI. In theory. But in reality most of the bots are simple and cheap - because even cheap and simple bots still find millions and millions of places to put their messages.
>
> As I said: fighting spam needs a strategy. The strategy surely needs updates every now and then…
>
> My knowledge about this is very limited and maybe outdated.
>
> If you want to solve a problem the right way, you’ll need an expert.
>
> Summary: if it’s just about spam use a quick and dirty solution as long as it works.
> If you have to rely on this solution for security reasons or simple solutions don’t help, you might not want to ask a11y guys for advice.
>
> From an a11y perspective I recommend: get rid of CAPTCHAS. They make things harder for real people and robots don’t care.
>
> Just my 2 Cents
>
> Marc
>
>
>

Received on Tuesday, 19 October 2021 22:05:50 UTC