[access-uk] Re: Graphical images - CAPTCHA
- From: "Iain Lackie" <ilackie@xxxxxxxxxxxxxxxxxxxxxxx>
- To: <access-uk@xxxxxxxxxxxxx>
- Date: Sun, 12 Aug 2007 18:57:31 +0100
The fact that a solution might exclude some is surely not an argument for
implementing it. Is it really better that all should be excluded than some
included?
Iain
----- Original Message -----
From: "Benjamin Hawkes-Lewis" <bhawkeslewis@xxxxxxxxxxxxxx>
To: <access-uk@xxxxxxxxxxxxx>
Sent: Sunday, August 12, 2007 2:09 PM
Subject: [access-uk] Re: Graphical images - CAPTCHA
Adding an aural CAPTCHA certainly is an improvement. But the problem
with the CAPTCHA Project's claim that reCAPTCHA is accessible is that
even a combination of a visual CAPTCHA and an aural CAPTCHA is not
accessible to deafblind people. The typical alternative CAPTCHA
suggested for deafblind people is some form of simple written logic,
knowledge, or comprehension test:
http://www.w3.org/TR/turingtest/
However, the CAPTCHA Project claims that such tests would be trivial to
break. And even then, there's still the problem of trying to accomodate
people with learning disabilities.
> Meantime, I'd be interested to know if anyone here with
> their own web site has tried out CAPTCHA. Unfortunately I
> am having to consider it seriously myself due to robot
> attacks on our enquiry forms.
I haven't, but here's my two cents.
For small websites, I would implement alternatives to CAPTCHA first:
http://webaim.org/blog/2007/03/07/spam_free_accessible_forms/
Then I'd look into a simple text challenge-based system:
http://dmytry.pandromeda.com/texts/captcha_and_saptcha.html
If I found the spam volume was still too high for me to cope with, I
would consider implementing reCAPTCHA but only showing a CAPTCHA when a
form submission looks suspicious (the criteria for this would vary of
course). If the CAPTCHA is guarding a comment form, the ideal thing
would be allow the form to be submitted without the CAPTCHA, but send it
directly to the moderator rather than publishing. Also, always provide
an accessible email address so people can contact the webmaster for help.
I doubt reCAPTCHA is a sensible thing to implement as part of your
contact form. Just use decent a decent spam filter on your email
account. (e.g. I've found Gmail's filter pretty good.)
--
Benjamin Hawkes-Lewis
George Bell wrote:
> A slight change of subject here for anyone encountering web
> sites where signing up involves copying text from a graphic.
>
> Doubtless there are others, but the original concept was
> call "CAPTCHA" (for Completely Automated Turing Test To Tell
> Computers and Humans Apart). A CAPTCHA is a program that
> protects websites against bots by generating and grading
> tests that humans can pass but current computer programs
> cannot.
>
> The official web site for this is at
> http://www.captcha.net/. The software to do this is
> actually free from this site, and I quote:-
>
> "Get a Free CAPTCHA For Your Site
>
> "A free, secure and accessible CAPTCHA implementation is
> available from the reCAPTCHA project. Easy to install
> plugins are available for WordPress, MediaWiki, PHP, Perl,
> Python, and many other environments. reCAPTCHA also comes
> with an audio test to ensure that blind users can freely
> navigate your site."
>
> Note that last sentence above, but please read on.
>
> Now here's an extract from the same page concerning
> "Guidelines".
>
> "Guidelines
>
> "If your website needs protection from abuse, it is
> recommended that you use a CAPTCHA. There are many CAPTCHA
> implementations, some better than others. The following
> guidelines are strongly recommended for any CAPTCHA code:
>
> "Accessibility. CAPTCHAs must be accessible. CAPTCHAs based
> solely on reading text - or other visual-perception tasks -
> prevent visually impaired users from accessing the protected
> resource. Such CAPTCHAs may make a site incompatible with
> Section 508 in the United States. Any implementation of a
> CAPTCHA should allow blind users to get around the barrier,
> for example, by permitting users to opt for an audio or
> sound CAPTCHA."
>
> Although they mention "Section 508", which applies to
> American Law, it could equally apply in British law under
> the DDA (Disability Discrimination Act).
>
> So if you come across such sites where you do not have an
> audible option, perhaps it might be worth taking the time
> and trouble to refer the webmaster to
> http://www.captcha.net/ and the Guidelines set down. If
> they are an American organisation, they are definitely
> breaking their own laws.
>
> Meantime, I'd be interested to know if anyone here with
> their own web site has tried out CAPTCHA. Unfortunately I
> am having to consider it seriously myself due to robot
> attacks on our enquiry forms.
>
> George Bell.
>
> ** To leave the list, click on the immediately-following link:-
> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
> ** If this link doesn't work then send a message to:
> ** access-uk-request@xxxxxxxxxxxxx
> ** and in the Subject line type
> ** unsubscribe
> ** For other list commands such as vacation mode, click on the
> ** immediately-following link:-
> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
> ** or send a message, to
> ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
>
>
** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
