[accessibleimage] Re: Please support web access to visual verification systems
- From: "Will Pearson" <will-pearson@xxxxxxxxxxxxx>
- To: <accessibleimage@xxxxxxxxxxxxx>
- Date: Wed, 18 Jan 2006 18:23:48 -0000
Hi Darrell,
"As soon as assistive technology companies
figure out how to use OCR to render these images in text form, the visual
CAPTCHAs will be changed to retain their security value. Keep in mind
there's absolutely nothing preventing spammers and others who aren't blind
from purchasing and using assistive technologies to abuse web site
resources."
Yup, I'm sure Eric D would find a nice new market in Nigeria if this sort of
thing were to be implemented in JAWS. However, that doesn't mean to say
that it cannot be implemented in a secure manner that renders the Turing
tests accessible whilst rendering them as useful as they currently are for
the spammers.
I'm fairly certain that the assistive technology vendors won't find a
solution for this, as the solution is far outside their current mental set,
as it doesn't involve screen scraping or DOM access. As Chris mentioned in
his original response, the solution looks to involve an IE add-in. If this
system was properly threat modelled, then the resulting decoded string could
be guarded until it was physically presented to the user, which would leave
the spammers with a decoded speech string, or other physical representation,
which is just as useful as if they sat down and looked at the Turing tests
themselves, as it offers no means for using it with intelligent agents what
so ever.
The important thing is to keep this away from the access technology vendors.
As we all know, there are serious security flaws in nearly all of the main
screen readers. It's pretty common knowledge that I put some threat models
into public forums that demonstrate how the scripting language in JAWS could
be used to comprimise a system. So, if this were to be implemented in
screen readers, I have no doubts it would be easily comprimised, as well as
generating a new market for greedy and unethical screen reader vendors. If
it were to be comprimised, then there would be a widespread association
between accessibility solutions and their ability to be used for no good.
However, I feel that if this is kept away from the screen reader vendors,
then this association can be avoided.
Will
- References:
- [accessibleimage] Re: Please support web access to visual verification systems
- From: Will Pearson
- [accessibleimage] Re: Please support web access to visual verification systems
- From: Darrell Shandrow
Other related posts:
- » [accessibleimage] Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- » [accessibleimage] Re: Please support web access to visual verification systems
- [accessibleimage] Re: Please support web access to visual verification systems
- From: Will Pearson
- [accessibleimage] Re: Please support web access to visual verification systems
- From: Darrell Shandrow