WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: I hate CAPTCHA(s)

for

Number of posts in this thread: 7 (In chronological order)

From: Hoffman, Allen
Date: Tue, Mar 13 2007 12:40PM
Subject: I hate CAPTCHA(s)
No previous message | Next message →

One nice method to catch automated link crawlers is to prepare a .cgi
(for the lack of a newer word) that only sends a few bytes per minute.
Put such a program behind a link that has no visible text, no letters
between the <a> and </a> tags. This is an invisible link for people but
not to a link crawler. Once activated the program sends a few bites a
minute to the other end so it stays active but gets nowhere.

Alternately you can just insert the ip of the requestor into a firewall
at that point.

Other ways to keep .bots out is to simply rotate the easy to read and
respond to items an awful lot so the programmer on the other end has to
really work at keeping up.

Text-based CAPTCHA(s) are easily doable.

What would be nice is that someone would start including such text based
CAPTCHA(s) into some of the most regularly employed web libraries.
people use what they have, its common sense.


Allen Hoffman
DHS : CRCL & OCIO;
DHS Office On Accessible Systems and Technology

From: zara
Date: Wed, Mar 14 2007 9:40AM
Subject:
← Previous message | Next message →

Hi,

I have been away for a while so I do not know if this information has circulated or been discussed on any other accessibility lists (my apologies if that is the case) but since there have been a few messages about CAPTCHAs...

A message concerning Microsoft's experimenting with CAPTCHAs has been posted today on the French list accessibilité-numérique hosted by Braillenet that might interest members of this list.

The original message follows my signature and the source article (both in French) can be found at the following URL :

http://www.01net.com/article/343538.html.

Very briefly, in English :

In light of the increasing capacity of machines to deal with current CAPTCHAs, researchers at Microsoft have imagined a new method of authentification. Rather than asking the user to recognise images of letters and numbers, the system would ask him or her to distinguish photos of cats and dogs. A test version, called Asirra, is available at :

http://research.microsoft.com/asirra/


Best regards,


Catherine


--
Catherine Roy

www.catherine-roy.net




> -----Original Message-----
> From: accessibilite-numerique-
> = EMAIL ADDRESS REMOVED = [mailto:accessibilite-
> = EMAIL ADDRESS REMOVED = ] On Behalf Of
> Nicolas Fortin
> Sent: March 14, 2007 10:30 AM
> To: Accessibilité-numérique
> Subject: [accessibilite-numerique] inquiétude pour
> l'accessibilité
>
> Bonjour,
> Nous avions comme frein à l’accessiblilité le clavier
> virtuel avec des chiffres s'affichant de façon
> aléatoire. Le clavier sonore en a été je pense une
> alternative acceptable.
>
> Mais maintenant voilà que tout ce complique car ce
> fameux clavier virtuel comme prévu ne protège que
> partiellement…
>
> Donc, les informaticiens compliquent le procédé…
>
> Comment trouver une alternative à ce type de mot de
> passe ! ! !
>
> Lisez plutôt.
>
> Amicalement
>
> Nicolas
>
>
>
> 01net.,
> le 13/03/2007 à 17h20
>
> Sur la plupart des sites Web proposant des services
> aux internautes (adresses emails, comptes clients,
> espaces de stockage, etc.), mettre en place des
> outils de sécurité capables de distinguer l'homme de
> la machine est devenu indispensable. Pas question en
> effet de laisser des hackers créer des milliers
> de comptes mails avec l'aide d'un logiciel pour mener
> une gigantesque campagne de spams ou saturer les
> serveurs d'un fournisseur.
>
> Aujourd'hui, le dispositif le plus répandu pour
> éviter ce genre de déconvenue consiste à demander aux
> utilisateurs de reconnaître une suite de caractères
> et de chiffres imprimés dans un pictogramme peu
> lisible, spécialement conçu pour déjouer les
> logiciels de reconnaissance de caractères. Hélas, les
> logiciels
> capables de déchiffrer de tels pictogrammes sont de
> plus en plus performants. Les éditeurs doivent donc
> compliquer leurs pictogrammes, quitte à les rendre
> peu lisibles... pour l'être humain !
>
> Douze photos tirées au hasard
>
> Pour sortir de cette impasse, les chercheurs de
> Microsoft ont imaginé une nouvelle méthode
> d'authentification. Plutôt que de demander à
> l'internaute de
> reconnaître des lettres ou des chiffres, le système
> lui demande de discerner les chats et les chiens !
> Une version de test du dispositif baptisé Asirra
> est accessible sur le
> site de recherche de Microsoft
> .
>
> Douze photos de chiens ou de chats s'affichent,
> tirées au hasard parmi une base de données en
> contenant deux millions. L'internaute doit
> sélectionner les
> chats puis soumettre sa réponse en cliquant sur un
> bouton de validation. L'opération est anodine pour un
> être humain mais se révèle extrêmement complexe
> pour une machine : à l'heure actuelle, les
> algorithmes de reconnaissance de forme échouent
> environ une fois sur 2. Avec 12 photos, un logiciel
> qui répondrait
> au hasard a une chance sur 4 096 (2 puissance 12) de
> trouver la bonne combinaison. Evidemment, la grille
> de photos proposée par le système change à chaque
> essai.
>
> Pour obtenir une base d'images de chats et de chiens
> suffisamment importante, Microsoft s'est associé au
> site Petfinder qui propose aux internautes d'adopter
> des animaux abandonnés et entend bien profiter de la
> publicité générée par le système. Renseignée par des
> êtres humains, cette photothèque gigantesque
> est en constante évolution ce qui renforce encore le
> niveau de sécurité du système.
>


_______________________________________________
To manage your subscription, visit http://list.webaim.org/
Address list messages to = EMAIL ADDRESS REMOVED =

From: Christian Heilmann
Date: Wed, Mar 14 2007 10:00AM
Subject: Re:
← Previous message | Next message →

> In light of the increasing capacity of machines to deal with current CAPTCHAs, researchers at Microsoft have imagined a new method of authentification. Rather than asking the user to recognise images of letters and numbers, the system would ask him or her to distinguish photos of cats and dogs. A test version, called Asirra, is available at :
>
> http://research.microsoft.com/asirra/

This is - as they mention - the same as kittenauth or hotcaptcha and
as inaccessible for genuinely blind people.


--
Chris Heilmann
Book: http://www.beginningjavascript.com
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/

From: Emma Duke-Williams
Date: Wed, Mar 14 2007 10:10AM
Subject: Re:
← Previous message | Next message →

On 3/14/07, zara < = EMAIL ADDRESS REMOVED = > wrote:
> Hi,
<snipped>
>
> Very briefly, in English :
>
> In light of the increasing capacity of machines to deal with current CAPTCHAs, researchers at Microsoft have imagined a new method of authentification. Rather than asking the user to recognise images of letters and numbers, the system would ask him or her to distinguish photos of cats and dogs. A test version, called Asirra, is available at :
>
> http://research.microsoft.com/asirra/
>
>
> Best regards,
>
>
> Catherine

It was definitely easier for me than most captchas ... I tried it
three times & got it right twice!
Some images were quite difficult, and, thinking about users with
cognitive difficulties, it would be hard. I suspect, however, that
depending on the images selected, for many with cognitive
disabilities, distinguishing between a cat & a dog would be much
easier than z/2, 1/I/l (see ... that was an upper case "i" and a lower
case "L" - and they look the same to me & I wrote them!), and all the
other letters/numbers that it's so easy to muddle when trying to work
out a captcha.

Emma
--
Blog: http://www.tech.port.ac.uk/staffweb/duke-wie/blog/

From: Christian Heilmann
Date: Wed, Mar 14 2007 10:20AM
Subject: Re:
← Previous message | Next message →

On 3/14/07, Christian Heilmann < = EMAIL ADDRESS REMOVED = > wrote:
> > In light of the increasing capacity of machines to deal with current CAPTCHAs, researchers at Microsoft have imagined a new method of authentification. Rather than asking the user to recognise images of letters and numbers, the system would ask him or her to distinguish photos of cats and dogs. A test version, called Asirra, is available at :
> >
> > http://research.microsoft.com/asirra/
>
> This is - as they mention - the same as kittenauth or hotcaptcha and
> as inaccessible for genuinely blind people.

Even worse - they tell you to hook your submit button to the
JavaScript and not the form's submit event thus making your whole form
submission dependent on JavaScript!
http://research.microsoft.com/asirra/installation.aspx

--
Chris Heilmann
Book: http://www.beginningjavascript.com
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/

From: tedd
Date: Wed, Mar 14 2007 2:30PM
Subject: Re:
← Previous message | Next message →

At 5:07 PM +0000 3/14/07, Emma Duke-Williams wrote:
>On 3/14/07, zara < = EMAIL ADDRESS REMOVED = > wrote:
> In light of the increasing capacity of machines to deal with
>current CAPTCHAs, researchers at Microsoft have imagined a new
>method of authentification. Rather than asking the user to recognise
>images of letters and numbers, the system would ask him or her to
>distinguish photos of cats and dogs. A test version, called Asirra,
>is available at :
> >
> > http://research.microsoft.com/asirra/
> > Catherine
>
>It was definitely easier for me than most captchas ... I tried it
>three times & got it right twice!
>-snip-

Emma:

I would be interested in your opinion, and others, of this captcha.

http://sperling.com/examples/captcha/index.php

Cheers,

tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

From: John E. Brandt
Date: Wed, Mar 14 2007 4:30PM
Subject: Re:
← Previous message | No next message

The immediate problem was having to click on the button to activate it, then
having to click again to run the script. I tried to use the tab to activate
and it did, but could not "click." Seems to be mouse/pointer dependent.

~j


John E. Brandt
Augusta, Maine USA
www.jebswebs.com



-----Original Message-----
From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of tedd
Sent: Wednesday, March 14, 2007 5:24 PM
To: WebAIM Discussion List
Subject: Re: [WebAIM] Microsoft experimenting with CAPTCHAs [was Re: I hate
captchas]

At 5:07 PM +0000 3/14/07, Emma Duke-Williams wrote:
>On 3/14/07, zara < = EMAIL ADDRESS REMOVED = > wrote:
> In light of the increasing capacity of machines to deal with current
>CAPTCHAs, researchers at Microsoft have imagined a new method of
>authentification. Rather than asking the user to recognise images of
>letters and numbers, the system would ask him or her to distinguish
>photos of cats and dogs. A test version, called Asirra, is available at
>:
> >
> > http://research.microsoft.com/asirra/
> > Catherine
>
>It was definitely easier for me than most captchas ... I tried it three
>times & got it right twice!
>-snip-

Emma:

I would be interested in your opinion, and others, of this captcha.

http://sperling.com/examples/captcha/index.php

Cheers,

tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com