SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    Posts rarely lloydi's Avatar
    Join Date
    Jan 2002
    Location
    Swindon UK
    Posts
    620
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Accessibility implications of 'Captchas'

    OK, first of all, this is what I mean by captchas:

    Captchas are "automated Turing tests" that aim to
    separate automated scripts from real people. Gimpy is
    a popular one, used by Yahoo! for their registration
    process. Here are a few useful links:

    http://www.captcha.net/captchas/gimpy/
    http://www.theregister.co.uk/content/6/28694.html

    And here's the first real example I found from Google
    (I have no idea what Graal is, by the way)

    http://www.graalonline.com/accounts/signup.php

    The question I have is how could these systems affect
    accessibility?

    Obviously, if you cannot see the image, then you are
    absolutely stuck. No two ways about this. However,
    there are no doubt other issues for people with poor
    vision or dyslexia.

    If anyone has any ideas about this, any research to
    hand etc, please let me know.

    The key thing for me, though, is if this *were* introduced, how could an alternative option be made available for low/non-sighted users that could do a similar thing - ie, be accessible, but still be able to deter bots from getting passed the system or for people to launch Denial Of Service attacks. Any ideas about this would also be appreciated.

    Kind regards
    Build Your Own Web Site the Right Way!
    A beginners' HTML/CSS book with web standards at its heart
    The Ultimate HTML Reference
    A complete reference, in glorious hardback

  2. #2
    SitePoint Wizard
    Join Date
    Aug 2002
    Location
    N.Ireland
    Posts
    1,046
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would it help if the alt tag was dynamically generated? I mean if all the image contained was a number, then it'd make sense to call it say 12345.gif. Then in your alt tag you could just write the first part of the file name.

  3. #3
    ☆★☆★ silver trophy vgarcia's Avatar
    Join Date
    Jan 2002
    Location
    in transition
    Posts
    21,235
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Originally posted by Daz
    Would it help if the alt tag was dynamically generated? I mean if all the image contained was a number, then it'd make sense to call it say 12345.gif. Then in your alt tag you could just write the first part of the file name.
    However, screen scrapers will see it in the source code and be able to submit the information automagically. That's the whole point of a Turig test, to make sure a person is submitting registration, not a machine. This really is a sticky situation, especially for those browsing with, say Lynx and a screen reader, as nothing will really show there.
    Obviously, if you cannot see the image, then you are
    absolutely stuck. No two ways about this. However,
    there are no doubt other issues for people with poor
    vision or dyslexia.
    Dyslexia and other cognitive disorders are the stumper for accessibility on the web right now. Example, if you have a site dedicated to mechanical engineering and somebody with a cognitive disorder or dyslexia comes to your site, how do you format the content to fit them? You can accommodate blind users via simple cues like alt and title tags that screen readers can work with; you can also get hearing impaired users up to speed on multimedia sites with subtitles or transcripts of movie/flash clips, but cognitive disorders require a rewriting of the content itself to fit the user's level of understanding, which is beyond the reach and ability of all but the largest sites (and even they probably don't want to spend all that time and money). Newspapers had a problem with this early on too; they wanted nearly everyone to be able to read the paper and actually know what's going on without the news being over a person's head. That's why most newspapers have standardized on a sixth-grade reading level (the only exception to this in the US is the NY Times I believe, which is on an eighth-grade level). I believe the Web will come at a crossroads with this too, but a standard is not so easy to agree on with the millions of different viewpoints leading the direction of the Web.

    Sorry for my long post, but I just wanted to make the issue here clear. I do not really have a good solution for the cognition problem, or the Turig test problem, but I wanted to add food for thought to go along with what everyone else has mentioned.
    Last edited by vgarcia; Feb 17, 2003 at 09:22.

  4. #4
    Sidewalking anode's Avatar
    Join Date
    Mar 2001
    Location
    Philadelphia, US
    Posts
    2,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is no truly infallible solution to this. I thought about manual approval e-mail addresses (where actual people would need to be hired to sort through and approve) but that can be generated by a bot also.

    A possibility(not infallible, but hard to defeat) would be a technology like SSL, but teh other way around. People with disabilities could apply to receive a digital "accesibility certificate" much like one can apply for a handicapped parking pass today. The certificate would pass some sort of unique sequence to webistes equipped to receive them. In return, the sites would not use the captchas for that user agent.

    Obviously, these could be spoofed, so there would need to be something in place to prevent that.

  5. #5
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One clever alternative is to have Captchas that are based on human intuitive common sense rather than vision. For example:

    Which is furrier? A cat or an Alligator?

    The problem here of course it that you need a truly huge database of questions, or the bot coders will be able to build their own database of answers to your questions.

    Definitely an interesting problem

  6. #6
    Posts rarely lloydi's Avatar
    Join Date
    Jan 2002
    Location
    Swindon UK
    Posts
    620
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Skunk
    One clever alternative is to have Captchas that are based on human intuitive common sense rather than vision. For example:

    Which is furrier? A cat or an Alligator?

    The problem here of course it that you need a truly huge database of questions, or the bot coders will be able to build their own database of answers to your questions.

    Definitely an interesting problem
    I like that idea - lots. This one could be the answer. Now, just need to get s hoooooj database of daft questions
    Build Your Own Web Site the Right Way!
    A beginners' HTML/CSS book with web standards at its heart
    The Ultimate HTML Reference
    A complete reference, in glorious hardback

  7. #7
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lloydi
    I like that idea - lots. This one could be the answer. Now, just need to get s hoooooj database of daft questions

    as i was having a shower just now (yeh, it happens) i had an idea...a variation on the above:

    instead of keeping a database with lots of questions, how about keeping a database with various terms, categorised. then do a "spot the odd one out".

    e.g.:

    Code:
    *** database ***
    
    id | category | item
    -------------------
    1    animal     chicken
    2    animal     duck
    3    animal     moose
    4    vegetable  tomato
    5    vegetable  carrot
    6    vegetable  cauliflower
    
    etc.
    then for the question, select 2 categories at random, then 2 from category one and 1 from category two to generate something like

    "which is the odd one out ? chicken | carrot | moose ?" (randomising the order in which they appear as well)

    this way, unless someone codes a pretty clever bit of bot, you'll have a much greater number of possible questions/answers with the least database entries

    ...hmmm, did that make any sense ? as i was applying the shampoo, it sounded like a great idea
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  8. #8
    Sidewalking anode's Avatar
    Join Date
    Mar 2001
    Location
    Philadelphia, US
    Posts
    2,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That makes perfect sense, your shampoo isn't lying

    How large would the databse have to be to be reasonably attack-proof.
    TuitionFree — a free library for the self-taught
    Anode Says...Blogging For Your Pleasure

  9. #9
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if my maths aren't failing me either, let's assume we have 5 categories with 30 entries each. that would give a total number of combinations of...aeh...
    5 categories
    x 30 entries per category
    x 29 reamining entries in the same category
    x 120 remaining items in the other 4 categories
    = 522,000 possible combinations

    if anybody wanted to build and automated way of fooling this system, they'd have to roughly have that ammount of guesses to compile a list of all answers, then work out all possible combinations and each individual response...and they may have to compile it by hand as well i think.

    but then again, my maths may not be as good as my shampoo...
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  10. #10
    Sidewalking anode's Avatar
    Join Date
    Mar 2001
    Location
    Philadelphia, US
    Posts
    2,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That depends on implementation. If it's implemented as input name = "1" through three, you have bigger problems.

    If the implementation is input name = "apple", they could keep reposting the form while looping through the input names they've gathered by refreshing and viewing source, making the probability of success much higher.

    This could be exacerbated by them filling out the form by hand a few dozen times and building up a subset of a copy of your database. They could then use that data to make automated attacks even more likely to succeed.
    TuitionFree — a free library for the self-taught
    Anode Says...Blogging For Your Pleasure

  11. #11
    SitePoint Wizard Ian Glass's Avatar
    Join Date
    Oct 2001
    Location
    Beyond yonder
    Posts
    2,384
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by redux
    instead of keeping a database with lots of questions, how about keeping a database with various terms, categorized. then do a "spot the odd one out".
    So instead of discriminating against blind people, we're discriminating against the developmentally challenged and people who might not speak that language fluently? -p) Also with multiple-choice, all a 'bot has to do is choose one answer randomly again and again--sooner or later it'll strike gold.

    These things always seemed to be a temporary solution, to me, since it'll only be a matter of time before the technology does get good enough to actually answer them, too. Pretty soon, instead of testing submitters to see if they're worthy enough, the testers might actually have to grade the submissions.

    But for now, I guess all blind or text-browser using people can do is call a friend up or write an angry e-mail...

    ~~Ian
    Last edited by Ian Glass; Feb 25, 2003 at 22:42.

  12. #12
    SitePoint Wizard silver trophy TheOriginalH's Avatar
    Join Date
    Aug 2000
    Location
    Thailand
    Posts
    4,810
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Artcile on the beeb about this issue - apparently the facists at hotmail are on the case

    http://news.bbc.co.uk/1/hi/technology/2635855.stm
    ~The Artist Latterly Known as Crazy Hamster~
    922ee590a26bd62eb9b33cf2877a00df
    Currently delving into Django, GIT & CentOS

  13. #13
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    from the beeb article
    Nancy Chan, a graduate student at the City University of Hong Kong, is working on one that overlays white noise and other distractions on top of a voice reading out random letters and numbers.
    oh, great...so instead of shutting out the visually imparied, we're now going to discriminate against the hard of hearing, or those whose mother tongue is not english (or whatever the spoken language would be) ?
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  14. #14
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Or those who don't have speakers linked up to their PC (like me, for example).

  15. #15
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    We are talking about the security check images and I have dyslexia and didn't have any major problems with separating the words at the 'Captcha Project' although I wouldn't call them user friendly, that last time I had to use such a system was on AltaVista.

    As for adding audio that's just as unintelligent, there are above 800 workstations on this network alone and probably less than 30 machines have the soundcard connected directly to any multimedia speakers.

    Next, thing you know they'll be asking you to take a Culture Fair test or Ravens Progressive Matrix to gain access to a website. Thus it can be concluded these 'Captcha' based-systems are purposely discriminating against users in general since they are designed to prevent access to data and even slow down the average human response time.
    Last edited by xhtmlcoder; Mar 25, 2003 at 12:34.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •