Captchas and accessibility

Here’s a demo of the captcha generation I have so far — the script talks to a mini web service to get the data. I’ll add more options to the web service and then make it available. [Update: the ‘demo’ is now just the way I screen comments on this blog.] Interestingly, although I have fond feelings for the gd image library, nothing I needed for doing nice image distortion turned out to be there, at least in the PHP-bundled version — I had to do it at the pixel level.

John’s comment led me to think more about accessibility. As I said in a comment, if an individual running a site decides that inaccessibility to bots is more important for that site than accessibility for some humans, I’m not going to stand in judgement (someone else will do that for me, I’m sure). But I guess that if you’re writing code that multiple people might use for bot-screening, it would be irresponsible not to include some alternative to images. So I’m thinking of adding an “alt text” captcha, most likely some kind of MadLibs-style description of a number. (Instead of blocking the visually-impaired, it would block people who can’t do any arithmetic in their heads — bug or feature?) The difficult part is in coming up with obfuscation that couldn’t be easily reversed by parsing it.

If captcha generation becomes more widespread, I wonder if open source would help confer some abuse resistance. I mean, if MSFT used a particular style of capture for single-signon, there’d be a lot of incentive to defeat it. But imagine lots of captcha servers, each run by someone who likes to mess around occasionally with the obfuscating code… is it ever going to be worth trying to beat them all?

6 thoughts on “Captchas and accessibility”

  1. How about audio-based captchas? I’ve seen those suggested as an accessibility option.

    In regards to defeating captchas, the ‘state of the art’ seems to be using the targets captchas as a barrier to something people want to enter for free (i.e. free porn). Answer this captcha (and thus transparently auto-create me a hotmail account) in return for hot naked chicks. It seems very hard to defeat that.

  2. Yes, audio is possible. The article that JohnW linked to was negative about them, based on their difficulty even if your hearing is good. 🙂

    With regard to enlisting humans to solve your captchas for you …. I wonder how well they do on turnaround time? If I present a captcha in a web form, and it will never be seen again… how quickly can a spammer recruit a willing victim, get a solution, and come back to complete the form?

  3. With regard to enlisting humans to solve your captchas for you –

    Radwin was telling me a story once that Yahoo mail had this exact problem. They basically found that people were hiring sweatshop workers to type in the captchas all day for like $1 an hour or something insane. The value of the free (spam) service provided was much higher than hiring someone from nambibia to type “zeroth.”

    In either event, the Captchas are pretty cool for blogging, as I doubt anyone thinks its worth the effort to hire someone to manually enter blog spam when there are so many other willing targets. 🙂

  4. Worse, people are stealing captcha images, letting gullible humans do the hard reverse Turing test on a different site, and then feed the result into the bot generating the comment noise. Very nasty.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s