Social Enterprise

Lack of accessibility should kill CAPTCHAs, but where's the replacement?

Several Australian consumer groups have combined to call for an end to CAPTCHAs across the web.

CAPTCHAs, the supposed automated submission deterrence device at the bottom of forms, is a necessary evil to prevent a flood of spam from ruining the internet, isn't it?

Not so, says a group of Australian consumer groups that regards them as little better than roadblocks to hundreds of thousands of vision-impaired users whose screen readers are unable to deal with them.

Blind Citizens Australia, Media Access Australia, Able Australia, the Australian Deafblind Council, and the  Australian Communications Consumer Action Network (ACCAN) are calling on "organisations big and small to phase out the use of CAPTCHA".

"My experience with audio CAPTCHA has been almost as inaccessible as visual CAPTCHA – I must have listened to the Skype audio CAPTCHA 20 times before I gave up and asked my sighted friend to set up my account," said ACCAN disability policy advisor Wayne Hawkins, who is blind.

It's a fair point. Head over to the ReCAPTCHA example page and listen to the audio version of a CAPTCHA; it is a horrible experience.

So step one in the plan put forward by the group is to remove CAPTCHAs, but what would they be replaced with?

On the alternatives front, the W3C has a number of proposals, but there are not many on that list that appear workable, or do not hinder another section of the online population.

What we have, then, is a three-stage process. The first is to end the use of CAPTCHAs (there's been a petition created for such an end), someone creates a fantastic replacement, the internet universally adopts it, and the world becomes a better place.

It's the lack of a decent replacement that, despite the best intentions of the group, means we will be saddled with the impact of poorly executed and illegible CAPTCHAs for years to come.

The whole situation reminds me of that Churchillian quote: "Democracy is the worst form of government except for all those others that have been tried."

Do you think that there is a CAPTCHA replacement waiting to solve the spam issue on the internet? Let's us know your thoughts in the comments below.

About

Some would say that it is a long way from software engineering to journalism, others would correctly argue that it is a mere 10 metres according to the floor plan.During his first five years with CBS Interactive, Chris started his journalistic advent...

13 comments
FTAdmin
FTAdmin

I've seen a particular site use the combination of an illustration with a name imprinted on it, and a radio selection group of names--of which only one matches the name in the image. The text is usually quite clear enough to read. The illustration itself doesn't necessarily have anything to do with the name on it (logically speaking,) but that may keep scripts from more easily OCRing the text. Each time the form is accessed, the image and radio choices are different.

Has anyone else run into similar, and if so do you know of research explaining the efficacy of this approach?

Afterthought:
Perhaps a similar system can be used where photos (not overly simplistic illustrations) of basic objects are in the image and NO name is imprinted (to avoid all potential OCR attempts.) If someone doesn't recognize the object for some reason, then they can click a button to try another set.

I say no to overly simplistic illustrations, because I wonder if advanced AI scripts could somehow make them out. Yeah, that's a bit Sci-Fi, but I'll bet it's closer than is comfortable for a potential long-term solution.

FTAdmin
FTAdmin

I'm not entirely against CAPTCHAs, but I do detest the ones that use differing sizes of text along with differing capitalization, which is taken into consideration for the pass/fail.

Is that a lower case "x" or a smaller sized upper case "X"? Oh look, there's a "W" also! ...or is it "w"? (-_-)

tigertom
tigertom

Apart from the difficulty for vision-impaired users,  the classical illegible captcha gives a lot of difficulty and delay for ordinary users.  Ryanair introduced the classical illegible captcha, but must have found it impacted business: They've replaced it with a new style of captcha which is much easier to read, but much longer, presumably to provide the same level of difficulty for scripts.

It should be possible to devise a test based on a huge number of clear text general knowledge questions, available as print or clear audio.  For example, complete the following sentences:

- A woman's hair is on her h________.

 - The colour of an orange is o_______.

 - A jacket has two s________

 - A fly has six l_______

dvroman
dvroman

For security purposes CAPTCHA is mandatory. It needs to tell the computer from the human so that a bot can't get to your data.

The current form of CAPTCHA needs to constantly change to stay ahead of the smart programs.

I feel that CAPTCHA in it's current form will evolve over time to something which is currently unrecognizable. We need to think outside the box.

How about a tie in to the new fingerprint reader which requires a new scan of the user's fingerprint, locked down and validated through the OS to that computer. A simple yes/no from the reader software would suffice.

I believe that reCAPTCHA is on the right track with their multiple forms of validation.

mudpuppy1
mudpuppy1

I'm not blind and I still have trouble with some of those &*%$#@ things. More than once I've had to click the "give me something I can see" button (or whatever they call it) so I can see something I can actually get right. My vision isn't as good as it used to be (didn't need glasses until I was 44), but I have no trouble reading normal pages with reading glasses. CAPTCHA needs to go away. Fortunately, I don't encounter it much.

Another thing that would help would be to crack down severely on spammers and virus/malware creaters (execution comes to mind :-) ). Then maybe those of us that just want to get things done without being bothered wouldn't have to put up with such things.

wizard57m-cnet
wizard57m-cnet moderator

Technology is advancing, perhaps fingerprint scanners, or some other "bio-informational" credentialing will come along and CAPTCHA will be relegated to history

Regulus
Regulus

I can understand the reasoning.  However, as a user, it is apia.  At the very least, it is also an impediment to accomplish any goals.

dave
dave

@mike and @aos168b you do understand that the audio is deliberately unclear right?  Just as the Captcha text is deliberately blurred and contorted they obfuscate the audio so it is more difficult for automated processes to decipher it thus helping ensure online forms and such are not abused by scripted clients.  Cleaning up the audio would, to some degree, defeat the purpose.  It's a balance.

For my part I tried the audio in the linked example and was able to decipher the correct code on my first try.  It's not ideal, but no harder than the textual Captcha equivalent.

The point is moot though for those who simply are unable to decipher the code from text or audio.  I never gave much thought to alternatives but I agree there is a better mousetrap somewhere.  Now where did I put that cheese...

mike
mike

Well, I'll get the conversation rolling.  Towns across America had to install sidewalk ramps at intersections to accommodate wheelchairs.  Some of these towns almost went bankrupt.  They had to get federal funding.  In time wheelchairs will become obsolete.  The same thing is true with eyesight.  Technology or transplants will make blindness a thing of the past.  I don't want industry spending millions or billions to solve a problem for a small segment of the population. 

I'm no network expert, but if somebody can come up with a viable solution for the blind that doesn't cost millions or billions, and doesn't make it more difficult for the seeing to use, I'm all for it.  I'm not sure how easy it is to tamper with an originating IP address or mac address, and prevent site creating multiple accounts. 

I'm definitely not sure why CAPTCHA audio is soo poor.  This technology has existed for years. 

aos168b
aos168b

It seems like the real problem in this case is inaudible captchas. I know I've tried listening to them myself, when I had trouble trying to detect the correct letters. Every audible version I've ever heard is absolutely worthless. Effort should be put in place to improve the audio portion of capchas.

FTAdmin
FTAdmin

@dvroman  

An immediate worry that I see for the fingerprint idea is the potential for hackers to make their PC force a "YES" along with the use of a script. Perhaps the whole "Trusted Platform" thing could somehow safeguard that replay for a while, if anything.

Sister Morphine
Sister Morphine

@dvroman "I believe that reCAPTCHA is on the right track with their multiple forms of validation".

Not sure if it's exactly what you mean, but I think it's necessary to give people options in terms of validation. Pretty much every form of validation I've heard of is going to alienate somebody.  CAPTCHA images alienate blind people.  Logic/ maths puzzles alienate people with cognitive difficulties.  Fingerprint ID alienates people who have no hands.  And so on.

Letting people select their form of validation might help.

On a somewhat unrelated, ranty note, what frustrates me about the "Kill CAPTCHA" movement is that many of its proponents talk about "web developers" and "administrators" as though every organisation has a team of dedicated professionals looking after their website around the clock.  These dedicated nerds should apparently be "keeping on top" of spam and coming up with clever security solutions.

I work for a tiny not-for-profit and our "web administration team" consists of me and a volunteer who moderates the message board.  When we're not doing our normal jobs.

randysmith
randysmith

mike I'm definitely sure why the audio CAPTCHA is so garbled - it's to thwart speech recognition software.  However, I wonder what the real risk is for offering clearer audio - will sites really be overwhelmed by bots generating spam?  Looking at industry blogs and forums, they already have plenty of humans ready to post "my mom makes..." crap, so maybe there is an over-reliance on CAPTCHA.