Re: CAPTCHA - Problems and Alternatives - blog Comments and Spam

Karl, thanks for drawing attention to the article on CAPTCHA
http://www.w3.org/TR/turingtest/

Speaking for myself:

CAPTCHA is also a significant problem for international users (as
implemented on many sites). Many users are not that adept with latin script
characters and find it difficult to distinguish them. Many captcha systems
run lines thru the characters or rotate or deform the characters, to hinder
automated recognition of the text which further perplexes users that do not
have English as a primary language.

Limiting the character set to characters that are not so easily confused
isn't adequate. Using non-latin characters is also problematic. Ideographic
characters by their nature contain more information and are more
recognizable by OCR, or if resolution is reduced, users have difficulty
distinguishing. Operations that rotate or deform or add lines across
characters need to be adapted to different scripts so that they don't make
the characters ambiguous.

Separately, I think the article offers a weak justification for its
conclusions:

1) "The widespread use of CAPTCHA in low-volume, low-resource sites, on the
other hand, is unnecessarily damaging to the experience of users with
disabilities."

Although I agree CAPTCHA is a problem for both users with disabilities and
international users, there is no quantification of the potential cost to
having a system without CAPTCHA. So it is difficult to see it is
unnecessary.

The argument is made that CAPTCHA is not perfect, but it would be good if
the article talked about the extent of robotic attacks and the significant
cost of their creating numerous logins and misusing the sites resources. The
recommended spam filtering and heuristics may not be solutions for some
sites, and automated attacks quickly adapt to and overcome these techniques
as well.

2) Recommending that techniques like PINGUARD "should be scrapped until a
reliable method exists", again does not say what the cost to the site is of
remaining unprotected.

Personally, I would like to see these approaches eliminated, but I also
think the W3C is not well served by recommendations to drop (admittedly
weak) defense techniques with handwaving arguments and without offering true
solutions.


The conclusion of the article should have been that there is a tremendous
industry need for a solution that does not deny either international users
or users with disabilities access, and a call for greater attention to the
problem. 

tex

Karl Dubost wrote:
> 
> A quick mail about CAPTCHA.
> 
> In the blog world, site owners have to managed the spam hitting the
> comments form. To avoid it, some services or software have created a
> system which gives an image to challenge bots and then avoid spam.
> 
> Unfortunately, this method has more than one problem. The WAI has
> published a note about this.
> 
> [[[
> Inaccessibility of Visually-Oriented Anti-Robot Tests
> Problems and Alternatives
> 
> Abstract
> 
> A common method of limiting access to services made available over
> the Web is visual verification of a bitmapped image. This presents a
> major problem to users who are blind, have low vision, or have a
> learning disability such as dyslexia. This document examines a number
> of potential solutions that allow systems to test for human users
> while preserving access by users with disabilities.
> ]]]
> 
> -- Inaccessibility of Visually-Oriented Anti-Robot Tests
> http://www.w3.org/TR/turingtest/
> Wed, 05 Nov 2003 17:22:02 GMT
> 
> --
> Karl Dubost - http://www.w3.org/People/karl/
> W3C Conformance Manager
> *** Be Strict To Be Cool ***

Received on Friday, 25 November 2005 05:12:06 UTC