E-mail List Archives

Search E-mail List Archives for

Number of posts in this thread: 10 (In chronological order)

From: Harlan, Jane E.
Date: Tue, Mar 06 2007 9:00AM
Subject: Accessible alternative for antispam
No previous message | Next message →

Please advise as to how one can avoid spamming when, for example, a
website user submits their information to acquire a login account. Is
there an alternative to the practice of requiring the user to translate
into text the letters disguised within a graphic image? For a website
that will be used by many people with visual impairments, asking each
such individual to contact the site administrator may be impractical.
Thanks, and please excuse the repetition if this topic has already been
discussed.

Jane Harlan-Simmons
Center on Aging and Community
Indiana Institute on Disability and Community
2853 E. 10th Street
Bloomington, Indiana 47408
812-855-6508

www.iidc.indiana.edu

From: Gareth Dart
Date: Tue, Mar 06 2007 9:10AM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

It is possible to provide an audio equivalent of the secure image of numbers and letters - I did it with a php script that 'stitches' wav files of letters and numbers being read out together into a single .wav or mp3 file and supplied it to the user on demand. A malicious user would have to create a script that interpreted this file - certainly a nontrivial programming task.

G

-----Original Message-----
From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ]On Behalf Of Harlan, Jane
E.
Sent: Tuesday 6 March 2007 15:54
To: = EMAIL ADDRESS REMOVED =
Subject: [WebAIM] Accessible alternative for antispam


Please advise as to how one can avoid spamming when, for example, a
website user submits their information to acquire a login account. Is
there an alternative to the practice of requiring the user to translate
into text the letters disguised within a graphic image? For a website
that will be used by many people with visual impairments, asking each
such individual to contact the site administrator may be impractical.
Thanks, and please excuse the repetition if this topic has already been
discussed.

Jane Harlan-Simmons
Center on Aging and Community
Indiana Institute on Disability and Community
2853 E. 10th Street
Bloomington, Indiana 47408
812-855-6508

www.iidc.indiana.edu

From: Phil Teare
Date: Tue, Mar 06 2007 10:00AM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

>I did it with a php script that 'stitches' wav files of letters and numbers
being read out together into a single .wav or mp3

Sorry to bang on but Talklets <http://www.talklets.com>; would be an option
here too.

Another tack is to ask a simple question. Like very simple arithmatic
involving words. e.g. "If I had five apples and one car, how many items of
fruit would I have?" - kind of thing. This (done accessibly) is more
dyslexia friendly too. IMO.

Best,
Phil

--
Phil Teare,
Technical Director & Lead Developer,
http://www.talklets.com from Textic Ltd.
(44) [0] 77 68479904

From: Emma Duke-Williams
Date: Tue, Mar 06 2007 10:20AM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

How prone to spamming is the method that I like best (as a forum joiner) of
1: I register
2: It sends me an email.
3: I click on the link (possibly entering the password it has sent me
- or the one that I set in the registration stage.
4: I am member.

I certainly don't like captchas, as I can't tell what the letters are
half the time - and most of the time I'm working on PCs with no sound
card, so can't use the alternative version.

Emma

On 3/6/07, Phil Teare < = EMAIL ADDRESS REMOVED = > wrote:
> >I did it with a php script that 'stitches' wav files of letters and numbers
> being read out together into a single .wav or mp3
>

From: Gareth Dart
Date: Tue, Mar 06 2007 10:50AM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

Email based registration is quite secure against spambots as, like decoding a captcha or a sound file, it requires a reasonably sophisticated script to get around it. If someone (maybe as part of a denial of service attack aimed at your organisation) is willing to put the time and resources into attacking your login page, though, then it comes down to a cleverness match between your script and theirs, and they have the advantage in that they don't have to keep valid users happy and serviced.

With regard to not having a sound card: I think we all know the old saw about what happens when one assumes, but I always assume that if users can't read things, they can listen to them, and would appreciate not having to wait for an email. Visually impaired users will most likely ensure that they have a sound card/screenreader etc. If they are hearing impaired, aswell, then, yes, email registration is probably a better bet. One could offer both - but then one opens oneself up to possible spamming via two routes. It's a trade off, basically.

G


-----Original Message-----
From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ]On Behalf Of Emma
Duke-Williams
Sent: Tuesday 6 March 2007 17:11
To: = EMAIL ADDRESS REMOVED = ; WebAIM Discussion List
Subject: Re: [WebAIM] Accessible alternative for antispam


How prone to spamming is the method that I like best (as a forum joiner) of
1: I register
2: It sends me an email.
3: I click on the link (possibly entering the password it has sent me
- or the one that I set in the registration stage.
4: I am member.

I certainly don't like captchas, as I can't tell what the letters are
half the time - and most of the time I'm working on PCs with no sound
card, so can't use the alternative version.

Emma

On 3/6/07, Phil Teare < = EMAIL ADDRESS REMOVED = > wrote:
> >I did it with a php script that 'stitches' wav files of letters and numbers
> being read out together into a single .wav or mp3
>

From: Rich Pedley
Date: Tue, Mar 06 2007 12:00PM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

(first post but I've been reading for a while)

On 06/03/2007 16:58, Phil Teare wrote:
>> I did it with a php script that 'stitches' wav files of letters
>> and numbers being read out together into a single .wav or mp3

Accessibility wise it is a start, but still blocks some users (yes
even as an addition).

> Sorry to bang on but Talklets <http://www.talklets.com>; would be an
> option here too.

So with javascript off this still works?

> Another tack is to ask a simple question. Like very simple
> arithmatic involving words. e.g. "If I had five apples and one car,
> how many items of fruit would I have?" - kind of thing. This (done
> accessibly) is more dyslexia friendly too. IMO.

But dyslexia is not the only 'disability' that needs to be considered.
learning difficulties make these sort of questions next to useless -
and yes even the very simple ones like "what colour is a blue sky?"
could be construed as a barrier.

There are various solutions that might work for a while, until the
spammers think they are worth targeting that is.

I have several techniques that I use, all via php scripts.

A code is added via a hidden input and is changed daily.

Accessing the form itself has to be done via another form, and is only
accessible once the first form 'submit button' has been pressed. If
you reference the form via an inline document reference it also helps.

Or howabout just getting them to confirm that what they entered was
correct? this requires 2 submits and may stop a lot of spam. We
recently realised that a form of ours didn't get any spam - and could
only come up with the reason that it was split over several pages (one
helluva form).

Rich

From: Phil Teare
Date: Tue, Mar 06 2007 1:40PM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

>
> > Sorry to bang on but Talklets <http://www.talklets.com>; would be an
> > option here too.
>
> So with javascript off this still works?


it can be made to read without javascript, yes.


--
Phil Teare,
Technical Director & Lead Developer,
http://www.talklets.com from Textic Ltd.
(44) [0] 77 68479904

From: Phil Teare
Date: Tue, Mar 06 2007 1:50PM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

>
> If you reference the form via an inline document reference it also helps
>
Not re accessability I'd say. But the multi-forms thing could help re spam.

As would any converlution of the process. But none of these defend against
human attac. Which is become the spammers weapon of choice.


> But dyslexia is not the only 'disability' that needs to be considered.
> learning difficulties make these sort of questions next to useless -
> and yes even the very simple ones like "what colour is a blue sky?"
> could be construed as a barrier.



In which case so could multiple forms. Or indeed a single form.

There is no one perfect solution. And as soon as there is, it'll be gamed
successfuly within a week.. So doing your own thing, is about as safe as
you'll get. Invent your own and you most likely stay ahead of the majority
of bad guys.

--
Phil Teare,
Technical Director & Lead Developer,
http://www.talklets.com from Textic Ltd.
(44) [0] 77 68479904

From: Jared Smith
Date: Wed, Mar 07 2007 11:50AM
Subject: Re: Accessible alternative for antispam
← Previous message | Next message →

On 3/6/07, Harlan, Jane E. wrote:
> Please advise as to how one can avoid spamming when, for example, a
> website user submits their information to acquire a login account.

I've been compiling a list of server-side techniques for spam
prevention in web forms. These techniques do not impact accessibility.
This thread finally motivated me to put them all together in one
place. You can check out the list of techniques on our blog at
http://webaim.org/blog/2007/03/07/spam_free_accessible_forms/

Jared Smith
WebAIM.org

From: Penny Roberts
Date: Thu, Mar 08 2007 7:40AM
Subject: Re: Accessible alternative for antispam
← Previous message | No next message

Jared Smith wrote:

> I've been compiling a list of server-side techniques for spam
> prevention in web forms. These techniques do not impact accessibility.
> This thread finally motivated me to put them all together in one
> place. You can check out the list of techniques on our blog at
> http://webaim.org/blog/2007/03/07/spam_free_accessible_forms/

Quote from said blog: "It’s not a perfect technique and you should
ensure that the fields you analyze should always be unique (I guess
there is still a chance that a person could have the same first and last
name, huh?)."

I recall reading, back in the 80s, that some people with the surname
"Smith" thought it was fashionable or clever or
[insert-strange-reasoning-here] to give their kids the first name "Smith"!

Hmm... so... Jared, Mr Smith, what aren't you telling us?

Penny