WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: Alternatives for the CAPTCHA

for

Number of posts in this thread: 10 (In chronological order)

From: Randi
Date: Mon, Mar 23 2009 4:50PM
Subject: Alternatives for the CAPTCHA
No previous message | Next message →

I've been thinking about this, and I understand the point of these
things as keeping spammers from using computers to log in to things
and do havoc. Since I am not versed in how these computers do things,
I'm not sure how my idea would work.

At first I thought of the question idea. Asking, What color is grass?
And having the user type the answer. But could a computer figure this
out?

Then I thought, ok, ask the question, What color is grass? And then
have a pop up menu with "no selection" being the default setting, and
then having "green" to select. Could a computer get around that?

Then I thought, why not make this a hidden option for screenreader
users? You could hide the content and put it right before the captcha.
Have it ask the question and either provide a text field, or a pop up
window. Now, can computers read hidden content? I mean the computers
used for spam purposes?

If something like this could work, you could even have an option for
"new question" just in case someone didn't know the color of grass.
They could even be fun questions, like, What sound does a cat make?
And they'd select "meow" or "hiss".

If nothing was selected in the pop up, the account would not be
processed. Would something like this work? I like the hidden content
idea for screenreader users to use, but it wouldn't clutter the site.
Or heck, sighted people hate captchas too.

Just a thought.
Randi

--
I'm not disabled, my eyes are. ;)

From: Keith Parks
Date: Mon, Mar 23 2009 5:50PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

On Mar 23, 2009, at 3:47 PM, Randi wrote:

> If something like this could work, you could even have an option for
> "new question" just in case someone didn't know the color of grass.
> They could even be fun questions, like, What sound does a cat make?
> And they'd select "meow" or "hiss".


Not to drag this out too much, but a difficulty with the "common
knowledge" type of question is the cultural/language bias.

I would agree that most people with a rudimentary knowledge of English
would answer that grass is "green"

But if you ask a variety of people what sound a cat makes, I suspect
you'll get quite a variety of answers, or at least spellings. And
someone who's first language is Japanese might be frustrated because
"nyaa" isn't on the list.

See Derek Abbott's animal noise page:

<http://www.eleceng.adelaide.edu.au/personal/dabbott/animal.html>;

I always thought a simple math question was a good idea.

"Enter the answer to this question: What does two plus three equal?"
Then accept either "five" or "5".

******************************
Keith Parks
Graphic Designer/Web Designer
Student Affairs Communications Services
San Diego State University
San Diego, CA 92182-7444
(619) 594-1046
mailto: = EMAIL ADDRESS REMOVED =
http://www.sa.sdsu.edu/communications

http://kparks.deviantart.com/gallery
----------------------------------------------------------

(Objects on your screen may be closer than they appear)

From: Benjamin Hawkes-Lewis
Date: Mon, Mar 23 2009 5:55PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

On 23/3/09 23:47, Keith Parks wrote:
> I always thought a simple math question was a good idea.
>
> "Enter the answer to this question: What does two plus three equal?"
> Then accept either "five" or "5".

Sadly, building a bot to solve such questions would be reasonably easy,
assuming the site in question was worth writing any dedicated code to spam.

Conversely, almost any Turing Test is likely to be good enough for tiny
sites.

--
Benjamin Hawkes-Lewis

From: Webb, KerryA
Date: Mon, Mar 23 2009 6:00PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

>
> I've been thinking about this, and I understand the point of these
> things as keeping spammers from using computers to log in to things
> and do havoc. Since I am not versed in how these computers do things,
> I'm not sure how my idea would work.
>
> At first I thought of the question idea. Asking, What color is grass?
> And having the user type the answer. But could a computer figure this
> out?
>

And we're told that the bad guys are already a step ahead, and are using
humans (some wittingly and some not) to solve captchas of all sorts.

Kerry

-----------------------------------------------------------------------
This email, and any attachments, may be confidential and also privileged. If you are not the intended recipient, please notify the sender and delete all copies of this transmission along with any attachments immediately. You should not copy or use it for any purpose, nor disclose its contents to any other person.
-----------------------------------------------------------------------

From: Chris Hoffman
Date: Mon, Mar 23 2009 7:50PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

Why not flip the problem on its head, and ask, "What are people really
bad at that computers are good at?"

Then provide a problem that a computer algorithm would get _right_,
but that a human being would get _wrong_. Exploit the cognitive biases
that we have but computers don't.

Yet another approach would be to use natural language parsing
problems, which are very difficult for computers. For example, ask
"Which of the following is a valid English sentence: 'The dress Mom
bought Dad's sister fits' or 'The dress Mom bought myself fits' ?"

--Chris

From: Randi
Date: Mon, Mar 23 2009 8:50PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

So basically the consensus is the a pop up menu, hidden, with only two
responses, "none selected" or "green" would not work because the
hacker computers could figure it out? Like I said, I have no idea how
these things are programmed so I just thought I'd throw the hidden
stuff in there for screenreaders since the other options, ie: listen
to this, don't work.

On 3/23/09, Chris Hoffman < = EMAIL ADDRESS REMOVED = > wrote:
> Why not flip the problem on its head, and ask, "What are people really
> bad at that computers are good at?"
>
> Then provide a problem that a computer algorithm would get _right_,
> but that a human being would get _wrong_. Exploit the cognitive biases
> that we have but computers don't.
>
> Yet another approach would be to use natural language parsing
> problems, which are very difficult for computers. For example, ask
> "Which of the following is a valid English sentence: 'The dress Mom
> bought Dad's sister fits' or 'The dress Mom bought myself fits' ?"
>
> --Chris
>

From: Dean Hamack
Date: Mon, Mar 23 2009 11:20PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

I don't know if anyone has tried to buy tickets from Ticketmaster lately,
but their captchas are really hard to decipher. I get them wrong half the
time, and I have good vision. Presumably, bots figured out a way to
interpret them, so they had to make them tougher.

Somebody really needs to come up with a better method.

From: Stephan Wehner
Date: Mon, Mar 23 2009 11:40PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

On Mon, Mar 23, 2009 at 6:47 PM, Chris Hoffman < = EMAIL ADDRESS REMOVED = > wrote:
> Why not flip the problem on its head, and ask, "What are people really
> bad at that computers are good at?"
>
> Then provide a problem that a computer algorithm would get _right_,
> but that a human being would get _wrong_. Exploit the cognitive biases
> that we have but computers don't.
>
> Yet another approach would be to use natural language parsing
> problems, which are very difficult for computers. For example, ask
> "Which of the following is a valid English sentence: 'The dress Mom
> bought Dad's sister fits' or 'The dress Mom bought myself fits' ?"

The spammers would try three times instead of once, guess the valid
sentence, and get through every three times
on average: still far too often. This is the usual reason not to
implement such a system.

Stephan

> --Chris
>

From: Randi
Date: Wed, Apr 01 2009 6:05PM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | Next message →

This is a little off topic, but I'm wondering if there's a Department
of Internet Security or anything? I mean people who are dedicated to
trying to destroy spam bots? If there was just some way of actually
making it impossible for them to even work, captchas wouldn't even be
needed. I mean, if Apple figured out how to never get viruses, can't
someone figure out how to destroy the bots before they can be
destructive? Am I just really naive?

On 3/23/09, Stephan Wehner < = EMAIL ADDRESS REMOVED = > wrote:
> On Mon, Mar 23, 2009 at 6:47 PM, Chris Hoffman < = EMAIL ADDRESS REMOVED = >
> wrote:
>> Why not flip the problem on its head, and ask, "What are people really
>> bad at that computers are good at?"
>>
>> Then provide a problem that a computer algorithm would get _right_,
>> but that a human being would get _wrong_. Exploit the cognitive biases
>> that we have but computers don't.
>>
>> Yet another approach would be to use natural language parsing
>> problems, which are very difficult for computers. For example, ask
>> "Which of the following is a valid English sentence: 'The dress Mom
>> bought Dad's sister fits' or 'The dress Mom bought myself fits' ?"
>
> The spammers would try three times instead of once, guess the valid
> sentence, and get through every three times
> on average: still far too often. This is the usual reason not to
> implement such a system.
>
> Stephan
>
>> --Chris
>>

From: Travis Roth
Date: Thu, Apr 02 2009 7:25AM
Subject: Re: Alternatives for the CAPTCHA
← Previous message | No next message

Apple hasn't really figured out how to never get viruses. <smile>

I've not researched this but believe I've read that research has been
on-going since the 1950's on finding ways to tell machines and humans apart.


-----Original Message-----
From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Randi
Sent: Wednesday, April 01, 2009 7:02 PM
To: WebAIM Discussion List
Subject: Re: [WebAIM] Alternatives for the CAPTCHA

This is a little off topic, but I'm wondering if there's a Department
of Internet Security or anything? I mean people who are dedicated to
trying to destroy spam bots? If there was just some way of actually
making it impossible for them to even work, captchas wouldn't even be
needed. I mean, if Apple figured out how to never get viruses, can't
someone figure out how to destroy the bots before they can be
destructive? Am I just really naive?

On 3/23/09, Stephan Wehner < = EMAIL ADDRESS REMOVED = > wrote:
> On Mon, Mar 23, 2009 at 6:47 PM, Chris Hoffman < = EMAIL ADDRESS REMOVED = >
> wrote:
>> Why not flip the problem on its head, and ask, "What are people really
>> bad at that computers are good at?"
>>
>> Then provide a problem that a computer algorithm would get _right_,
>> but that a human being would get _wrong_. Exploit the cognitive biases
>> that we have but computers don't.
>>
>> Yet another approach would be to use natural language parsing
>> problems, which are very difficult for computers. For example, ask
>> "Which of the following is a valid English sentence: 'The dress Mom
>> bought Dad's sister fits' or 'The dress Mom bought myself fits' ?"
>
> The spammers would try three times instead of once, guess the valid
> sentence, and get through every three times
> on average: still far too often. This is the usual reason not to
> implement such a system.
>
> Stephan
>
>> --Chris
>>