- From: Robert Yonaitis <ryonaitis@gmail.com>
- Date: Thu, 17 Nov 2011 16:05:35 -0500
- To: Denis Boudreau <dboudreau@accessibiliteweb.com>
- Cc: wai-eo-editors@w3.org
- Message-ID: <CAD_6MyNj4LVucH_m=a_CT63-QpUiC+Fb3Q5W0HSQq1TN6tWGVQ@mail.gmail.com>
Denis, I just want to address security a bit, but not to deep to try to point out what you are missing. A story of sorts is sometimes a good example. If you are at a conference tonight when you return to your hotel room open the door and put your laptop bag down, go take a shower - do not close the door to the room or bath as any good thief could break it down- or close it but do not lock it because anyone can pick a lock, and forget the dead bolt because someone of sufficient strength can break it down. Security is multi pronged. If someone wants to break into your room they will. Now, if we say a user should not have to take part in their own security that is fine, we can all just throw our bank statements in the trash. Back to Accessibility now. It appears there is discussion as to if there is or is not accessible captcha. If there is it should be reviewed and supported and /or (as smiffy did) describe an alternative and why this is the best practice for human detection that should be put in place. However - this group needs to get out of the weeds of usability and stick to accessibility (IMHO ) as from and education and outreach place you sound unreasonable about something that both can be accessible and can be a valued part of a security regiment. So this is my final two cents on it as I have a short break before a flight and a cold diet coke awaits! Very Respectfully, Rob Yonaitis On Nov 17, 2011 1:52 PM, "Denis Boudreau" <dboudreau@accessibiliteweb.com> wrote: > Hi again, > > OK, let's take security out for the moment, though I still think that > without it, even the most accessible captcha is useless. > > Let's focus on accessibility instead. Better yet, requirements. > > WCAG 2.0 SC 1.1.1 says the following on Captchas: > > "CAPTCHA: If the purpose of non-text content is to confirm that content is > being accessed by a person rather than a computer, then text alternatives > that identify and describe the purpose of the non-text content are > provided, and alternative forms of CAPTCHA using output modes for different > types of sensory perception are provided to accommodate different > disabilities." > > The related sufficient techniques are pretty straight forward in theory: > > G143: Providing a text alternative that describes the purpose of the > CAPTCHA > G144: Ensuring that the Web Page contains another CAPTCHA serving the same > purpose using a different modality > > Both need to be met in order for WCAG 2.0 conformance to be a success. On > paper, that sounds like a really easy thing to do. > > However, I have yet to see a working example of this. Of all the possible > alternatives that have been thought of in the past 10 years, none truly > come close. Images are harder and harder to make out, sound files are > harder and harder to hear, and I'm not even talking about ridiculous > options like rotating 3d content in video and color based recognition of > characters. A lot of creativity is put into making a new alternative hoping > it would catch on, but every time, it's another accessibility nightmare. > When every other alternatives still leaves people out, what is your option? > Provide a phone number people can use? Hardly a satisfactory option as far > as I'm concerned. > > I'm not saying we dump WCAG2. I'm only saying that SC 1.1.1 alone is > insufficient to solve the captcha problem. > > I fail to see how this can be simple and obviously, quite a fe of us do > too, otherwise this problem would have been solved a long time ago. > > From an engineer's stand point then, if it's easy and not complex, what > would you suggest? > > /Denis > > > > > > On 2011-11-17, at 1:36 PM, Robert Yonaitis wrote: > > if we want to talk security and percentages - both I am qualified to do it > is a different list and nothing to do with accessibility. > > An accessibility reasoning for a value judgement is short sighted and > misplaced when something is accessible according to the guidelines. > > Denis - I think you made a odd statement - dump wcag 2 as it does not mean > something is accessible. We all want a perfect world but denis as an > engineer i deal with realities and guidlines matter - captchas are > accessible and meet guidelines. if you remove this what can i code to? > > this is very simple and not complex. > > cheers, > rob > On Nov 17, 2011 1:27 PM, "Denis Boudreau" <dboudreau@accessibiliteweb.com> > wrote: > >> Rob, >> >> I see your point, but I feel it's a little more complicated than that. >> >> An accessible captcha is useless if it's not secure. Organizations >> wouldn't go for it and those who would be quickly be flooded with spam. >> Security and accessibility have to go hand in hand here. >> >> Also, your focus seems to be on conformance to wcag2. My focus is >> conformance AND accessibility. So I couldn't care less about a compliant >> solution, if it's still unusable by a significant portion of the population. >> >> /Denis >> >> >> >> >> On 2011-11-17, at 1:15 PM, Robert Yonaitis wrote: >> >> Denis, >> >> First I would say drop security please and deal with accessibilty alone. >> You would be making a false statement to say that if you follow wcag 2 your >> site will be accessible to every one - correct? Is captcha accessible >> within the guidelines. yes. >> >> Does anything else matter. If yes we are talking politics right. Let us >> leave this to politicians. Captchas are accessible according to wcag 2 - i >> will not address usable and they do serve a valuable real world purpose. >> >> V/R >> Rob Yonaitis >> On Nov 17, 2011 1:04 PM, "Denis Boudreau" <dboudreau@accessibiliteweb.com> >> wrote: >> >>> Hi Rob, >>> >>> On 2011-11-17, at 11:38 AM, Robert Yonaitis wrote: >>> >>> > Personally, I have sat on the fence between technology, privacy, >>> > security and usability for a couple decades. I believe that when >>> > discussing accessibility (A11y) we need to be inclusive. If we are >>> > saying that Captchas are not usable that is one thing. There are >>> > plenty of things that are not usable. If we are discussing if captchas >>> > can be made accessible than the answer has to be yes. >>> >>> Of course, I stand by you when it comes to inclusion. I totally agree. >>> However, I have yet to see one captcha example that actually is accessible >>> to everyone and secure enough to be a viable option. In all modesty, the >>> closest I've seen so far is our attempt at creating a device independent >>> captcha slider last year - distcha [1] - with the canadian government and >>> even that still fails a few requirements in terms of robustness... >>> >>> [1] http://tbs-sct.ircan-rican.gc.ca/projects/gcwwwcaptcha/roadmap >>> >>> Until I see one (or we come up with a solution that works perfectly), I >>> just cannot admit to it. >>> >>> >>> > The W3C Accessibility Initiatives should not be in the business of >>> > promoting or excluding individual technologies because they do not >>> > approve of their usability or features, in fact if the W3C wants a >>> > broader acceptance for their efforts they should help all technologies >>> > be accessible a great example would be ARIA. >>> >>> I disagree. I believe it IS the responsibility of the WAI to raise >>> awareness about the limitations of "solutions" like captcha and they have >>> done so in the past (refer to Matt May's note from 2005: >>> http://www.w3.org/TR/turingtest/). If not on the WAI level, then at >>> least in EOWG. >>> >>> The idea is not necessarily to say flat out that captchas are evil >>> (though they are, we're amongst ourselves, let's call a cat a cat), but at >>> the very least, not to promote it's use by suggesting a "viable solution" >>> in the GOOD/BAD demo that in fact, wouldn't necessarily be viable or >>> accessible. >>> >>> As you very well know, it's not just a matter of invoking Aria, the >>> mighty Viking goddess of opera (as depicted in WebAIM's presentations), for >>> captchas to magically work out. Aria is great, but it requires technologies >>> that support it and users who can access those technologies, two situations >>> that are far from perfect today. >>> >>> I'm all for looking into or building solutions using aria that will work >>> tomorrow (distcha again was an example of this), but in the meantime, we >>> all need a solution that actually works today, with yesterday's >>> technologies. >>> >>> And none does. So I stand my ground. ;p >>> >>> >>> > In the end captchas like >>> > them em or not can be made accessible and do serve a purpose isn't the >>> > rest simply opinion. >>> >>> Please provide me with one working example that would make me change my >>> mind. Just one. A lot of us really need it. >>> >>> >>> > I believe if the W3C started looking at things this way there would be >>> > a wider buy in amongst engineers. In the end the best document will be >>> > the inclusive document IMHO. >>> >>> I believe the W3C already does it's job. Of course, more can always be >>> done. But it's not entirely up to them to solve all the world's problems >>> too. >>> >>> If there were just a few private interests looking into captcha that >>> actually understood accessibility, we wouldn't have so many crappy >>> alternatives to captchas out there that are ust as bad (if not worse) and >>> that just keep pushing the boundaries of exclusion further and further back >>> for people with disabilities. >>> >>> Regards, >>> >>> /Denis >>> >>> >>> >> >
Received on Thursday, 17 November 2011 21:06:06 UTC