Don’t make users take responsibility for our problemsBy James Edwards
You know what, I really hate CAPTCHA.
The other day I was speculatively signing up for a Facebook account (I’m not particularly interested in being on Facebook, I just wanted to have a nose around its code), but signing up was a tricky process.
You didn’t correctly type the text in the box, it said, referring to the security check image of two words you have to type-in to confirm you’re a real person.
Yeah sure, except I can’t see any words, all I can see is a message that says
Now admittedly that’s a bad example — presumably they’re using some dodgy Ajax which doesn’t work in Opera for Mac (my browser of choice), and usually such images are generated server-side without the need for scripting, hence this problem doesn’t occur.
But I still hate them because CAPTCHA tests are an accessibility black spot. What are you supposed to do if you have a reading or cognitive disability and simply can’t make them out? Man, I have perfect 20-20 vision, and more often than not I can’t read the damn things; it’s very common for me to have to make three or four different attempts before I get it right.
(I might also point out that a CAPTCHA is not a true Turing test — it only tests cognitive ability, not intelligence; so not only does it fail for some humans, it can be read by a machine with suitably sophisticated hull-scanning technology.)
Some CAPTCHA systems offer an audio alternative, and that’s certainly an improvement, but it’s still not good enough. What if you don’t have a sound card? What if you’re blind and deaf and can only receive information through a braille feedback device? What if, as with the visual test, you simply can’t make it out? CAPTCHA sucks because it creates a barrier for users where there needn’t be one.
Needn’t be one?, I hear you exclaim,
how else do we protect against bots! Well, now I’m going to have to step back from the practical to the more conceptual point, which is the nub of why I really hate them so much. Using a system like this is making users take responsibility for our problem. Bots are our problem, not the users’, and it’s totally unfair to pass the buck.
A similar example is those email opt-in services, where before you can send a person email you have to go to some website and confirm that you’re a real person, give a reason why you want to contact them, and in many cases pass a CAPTCHA as well. This, again, is not fair — it’s passing responsibility for spam onto legitimate people who want to contact us, and forcing them to deal with a problem that’s actually ours, not theirs.
So please, let’s not pass the buck – don’t make users take responsibility for our problems.