WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: Plug and play alternatives to captcha

for

Number of posts in this thread: 13 (In chronological order)

From: Moore, Michael
Date: Thu, Apr 17 2008 7:40AM
Subject: Plug and play alternatives to captcha
No previous message | Next message →

All,

Captcha is raising its ugly head here again so I am searching for a plug
and play alternative to the usual inaccessible distorted letters that
are available in most modules. I have code examples of alternative ways
of accomplishing this but my customers are looking for an off the shelf
solution that they can just add to the form mail.

Thanks,

Mike

From: Jared Smith
Date: Thu, Apr 17 2008 8:10AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

On Thu, Apr 17, 2008 at 7:38 AM, Moore, Michael
< = EMAIL ADDRESS REMOVED = > wrote:
>
> Captcha is raising its ugly head here again so I am searching for a plug
> and play alternative to the usual inaccessible distorted letters that
> are available in most modules. I have code examples of alternative ways
> of accomplishing this but my customers are looking for an off the shelf
> solution that they can just add to the form mail.

Here are a few options:

http://system-x.info/?pageid=18&;menutree=47

http://green-beast.com/blog/?p=128

http://www.purple-dogfish.co.uk/free-stuff/accessible-captcha

*All* CAPTCHAs can be broken. Even the most complex, inaccessible ones
at Yahoo and Google are being bypassed now. The question you have to
ask is, "would anyone dedicate a lot of time to implement a system for
bypassing my CAPTCHA?" If the answer is "no", then you don't even need
to implement CAPTCHA at all. If the problem is spam from a web form,
CAPTCHA *is not* the best solution.

By implementing just a couple of the simple, back-end techniques I
wrote about at http://www.webaim.org/blog/spam_free_accessible_forms/
you can get rid of probably 99.9% of bot submissions. While someone
could get around all of these techniques (and indeed any CAPTCHA,
particularly the "accessible" ones",) they probably are not likely to
spend the time to do so just to send you a bit of spam. For the many
sites on which I have implemented this approach, the spam has been
reduced to at most a few per year - and those are almost certainly
human spammers.

Jared Smith
WebAIM

From: Carol Wheeler
Date: Thu, Apr 17 2008 8:50AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

And when captcha goes REALLY bad:
http://thedailywtf.com/Articles/Ummm-2V3Xg9MPr0Q.aspx



Carol E. Wheeler
= EMAIL ADDRESS REMOVED =
Web Department
American Institute for Cancer Research
1759 R Street NW
Washington DC 20009
Tel: 202-328-7744
Fax: 202-328-7226
http://aicr.org

From: Jon Gibbins (dotjay)
Date: Thu, Apr 17 2008 9:00AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Moore, Michael wrote:
> All,
>
> Captcha is raising its ugly head here again so I am searching for a plug
> and play alternative to the usual inaccessible distorted letters that
> are available in most modules. I have code examples of alternative ways
> of accomplishing this but my customers are looking for an off the shelf
> solution that they can just add to the form mail.
>
> Thanks,
>
> Mike

Have you looked at reCAPTCHA?
http://recaptcha.net/

Jon


--
dotjay / Jon Gibbins
w: dotjay.co.uk

From: Christophe Strobbe
Date: Thu, Apr 17 2008 9:30AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

At 16:54 17/04/2008, you wrote:
>Moore, Michael wrote:
> > All,
> >
> > Captcha is raising its ugly head here again so I am searching for a plug
> > and play alternative to the usual inaccessible distorted letters that
> > are available in most modules. I have code examples of alternative ways
> > of accomplishing this but my customers are looking for an off the shelf
> > solution that they can just add to the form mail.
> >
> > Thanks,
> >
> > Mike
>
>Have you looked at reCAPTCHA?
>http://recaptcha.net/

Last year, there was a long discussion thread on reCAPTCHA's
accessibility issues on the WAI XTech mailing list (last message:
<http://lists.w3.org/Archives/Public/wai-xtech/2007Aug/0106.html>;)
but I had the impression that it petered out without coming to a real
conclusion. There were keyboard accessibility issues; the example at
<http://recaptcha.net/learnmore.html>; still uses document.write to
insert an iframe element that contains the CAPTCHA. (This script
appears just above another iframe element with the same CAPTCHA.)
I haven't seen any mails, blog posts or articles stating that the
issues have been solved and I have't retested it myself.
reCAPTCHA also has a WordPress plug-in:
<http://recaptcha.net/plugins/wordpress/>;.

Best regards,

Christophe


---
Please don't invite me to LinkedIn, Facebook, Quechup or other
"social networks". You may have agreed to their "privacy policy", but
I haven't.

--
Christophe Strobbe
K.U.Leuven - Dept. of Electrical Engineering - SCD
Research Group on Document Architectures
Kasteelpark Arenberg 10 bus 2442
B-3001 Leuven-Heverlee
BELGIUM
tel: +32 16 32 85 51
http://www.docarch.be/


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

From: Jon Gibbins (dotjay)
Date: Thu, Apr 17 2008 10:00AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Christophe Strobbe wrote:
> Last year, there was a long discussion thread on reCAPTCHA's
> accessibility issues on the WAI XTech mailing list (last message:
> <http://lists.w3.org/Archives/Public/wai-xtech/2007Aug/0106.html>;)
> but I had the impression that it petered out without coming to a real
> conclusion. There were keyboard accessibility issues; the example at
> <http://recaptcha.net/learnmore.html>; still uses document.write to
> insert an iframe element that contains the CAPTCHA. (This script
> appears just above another iframe element with the same CAPTCHA.)
> I haven't seen any mails, blog posts or articles stating that the
> issues have been solved and I have't retested it myself.
> reCAPTCHA also has a WordPress plug-in:
> <http://recaptcha.net/plugins/wordpress/>;.
>
> Best regards,
>
> Christophe

Thanks, Christophe. I'd not seen that discussion.

Judging from my reading of Blind Access Journal, I was under the
impression that reCAPTCHA was doing a pretty good job.

http://blog.blindaccessjournal.com/2007/09/visual-verification-twitter-audio.html
http://blog.blindaccessjournal.com/search/label/ReCAPTCHA

Perhaps it warrants some new testing.

Jon



--
dotjay / Jon Gibbins
w: dotjay.co.uk

From: Moore, Michael
Date: Thu, Apr 17 2008 10:20AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Jared,

Thanks for your suggestions, you are preaching to the choir. I would
much prefer that the agency avoids the use of CAPTCHA all together but I
don't think that I am going to win that argument. In the mean time I
will test your suggestions.

I just tested re-captcha and found that though it "works" I still have
some serious concerns.

1. The only options are visual or audio challenges. Deaf/Blind are
excluded.
2. The audio challenge requires the listener to remember 8 numbers which
are announced over a background of conversation noise. In a quick
experiment with two highly proficient JAWS users we recorded a 50%
failure rate with 6 tries per user. Part of the problem was getting JAWS
to shut up at the beginning of the audio file but even after the users
knew what to expect the failures continued. Both users failed on their
first attempt. This method also poses concerns for people who have
cognitive disabilities in addition to blindness. This is not an uncommon
combination, I know two individuals who lost their vision due to head
injuries.

Mike



From: Randall Pope
Date: Thu, Apr 17 2008 12:40PM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Mike,

Thank for the lanais of re-captcha. Being deaf-blind myself, you're quite
right it's very inaccessible. Even the low vision will have problem reading
or listen to any captcha.

Another thought: If the ATMs at the local banks are able to scan and read
the handwriting on the checks being deposit, I would have to assume the
today's scanners will read the captcha writing as well. With that
assumption I would say that Jared's approach would be the best route.

Randy Pope who is deaf-blind

From: Aaron Cannon
Date: Thu, Apr 17 2008 1:50PM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

If I am not mistaken, the ATM does not "read" the hand writing as such. It simply stores a digital image of it for the banks records.

However, this captcha issue has been bothering me for some time. There _must_ be a way for a computer to tell humans and computers apart, without relying on any of the physical senses of sight or hearing. I just can't for the life of me think of what it could be.

The solutions offered so far all either require the use of hearing, or aren't true captchas. I, for example, would argue that a system that randomly asks simple questions is not a true captcha, because when all is said and done, it is not the computer asking the questions. It is a human asking the questions through the computer. It is my belief that for a system to be a true captcha, the question has to be generated by the computer. Likewise, for the system to be a good captcha, the probability of getting the right answer through random guessing must be very small, and the question pool must be astronomically large. In short, we have to figure out a way for the computer to ask millions of questions that it can't answer but that a human of average to low intelligence and only the ability to read can answer. Obviously, not a small challenge, and potentially impossible, though I tend to doubt the latter.

The other problem with the offered solutions, aside from good audio captcha, is the problem of crackability. Current captchas are by no means perfect, but they are at least difficult to crack. The same, sadly, can not be said for the offered solutions. As has been mentioned, this is not a problem for the smaller sites, but what's a big name site to do? Big name = big target, and some times, some sort of captcha is the only viable option.

Aaron


>>> "Randall Pope" < = EMAIL ADDRESS REMOVED = > 4/17/2008 1:36 PM >>>

Mike,

Thank for the lanais of re-captcha. Being deaf-blind myself, you're quite
right it's very inaccessible. Even the low vision will have problem reading
or listen to any captcha.

Another thought: If the ATMs at the local banks are able to scan and read
the handwriting on the checks being deposit, I would have to assume the
today's scanners will read the captcha writing as well. With that
assumption I would say that Jared's approach would be the best route.

Randy Pope who is deaf-blind

From: Jon Gibbins (dotjay)
Date: Thu, Apr 17 2008 2:40PM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Aaron Cannon wrote:
<snip>
> However, this captcha issue has been bothering me for some time. There _must_ be a way for a computer to tell humans and computers apart, without relying on any of the physical senses of sight or hearing. I just can't for the life of me think of what it could be.
</snip>

It's a tricky area, but I quite liked Gez Lemon's suggestion for
constructing a massive white-list based on social networking services,
which could be extended within OpenID:
http://juicystudio.com/article/accessibility-of-captcha.php

Jon

--
dotjay / Jon Gibbins
w: dotjay.co.uk

From: Randall Pope
Date: Thu, Apr 17 2008 3:10PM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Hi Aaron,

I wish that was true. The ATMs can read the handwriting on the check and
output the scanning result on a different part of the screen, asking if my
deposit amount is correct. It was right about 95 % of the time when I use
it. I have a Bank of America account and I was stunned to see the power of
this ATM scanning capability. No I cannot use the audio feature and depend
on the large print of the screen to use it. For the totally deaf and blind
person, they would not be able to use it.

I agree that this is a tough issue.

Randy

From: Moore, Michael
Date: Thu, Apr 17 2008 3:20PM
Subject: Re: Plug and play alternatives to captcha
← Previous message | Next message →

Interesting concept, I wonder if Gez has started a source forge project
to support it.

mike

From: Vicki
Date: Fri, Apr 18 2008 2:50AM
Subject: Re: Plug and play alternatives to captcha
← Previous message | No next message

> Have you looked at reCAPTCHA?
> http://recaptcha.net/
>
> Jon


Weighing in a bit late here as I realise the thread has moved on, but
as a deaf person, I get stuck with reCAPTCHA. It is definitely *not*
accessible.

There have been a few times when I have not been able to make out the
letters of a CAPTCHA (and there's nothing wrong with my eyesight) and
in those cases no amount of audio is going to help me. reCAPTCHA or
not, I'm locked out of those sites.

There is also the issue that just as there are a lot of people who
can't quite make out the distorted letters who also can't quite make
out the audio...

Just another point of view.

Vicki. :-)