...
WORKING DRAFT
Introduction
Accessibility is a major concern for us, and for most of our users. This is why we want and need that some authority establish a standard on this particular subject.
Not surprisingly, we are looking forward the W3C Web Accessibility Initiative.
...
About : the problem : a false sense of security
RightWe agree, the value of a simple visual verification is low, but the value of a global anti robot system is very high.
About : A hierarchy of needs
In our point of view, web sites implement visually oriented anti-robot tests to preserve their ressources for human users, and therefore, we think checking user humanity is the major issue.
About : privilege
We don't think this one adds value to the paper : implementing security or preserving privilege for certain user are synonymunderstand preserving priviledge and preserving ressources as the same notion. This echoes back to the global need, which is to preserve ressources by checking on user humanity.
Security without privilege is useless, preserving privilege implies implementing security.
About : identity and humanity
My Our opinion on those two notion is that they are orthogonal.
| robot | human |
Identified | using my a mail client to pop my mail account every 5 minutes | me with my CB buying something on line with a Credit Card Number |
Anonymous | using my a feed reader to pull news every 5 minutes | consulting the NY state unified court system |
This concerns two very different problems and thus should be treated as is.
Robots can have identity, and yet consume web site ressources (ex: having identified bots make several hundred reservations per minute on a train ticket reservation site)
These two notions seem different. We view captchas as a response to the need for preserving priviledges and ressources for human users.
Accessibility of humanity tests (Turing tests) is the subject we are interested in, not accessibility of identity systems.
Note : some identity systems also provide humanity certification, especially the biometric identity system.
About : possible solutions
As we already mentioned, identity systems cannot be proposed as solutions, because they do not concern humanity.
- As a result, we discarded the folowing solutions
- 7 : Federated Identity Systems
- 3: Credit-card validation
We distinguish two types of solutions :
- Automated solutions , like CAPTCHA or non public automated turing tests, also known as reverse Turing tests
It includes solutions 1 : logic puzzles, These kind of solutions include the following:- 2 : sound output
This may be the best of bad options :- It allows access to blind people, and can easily be generated by a machine.
But :- This type of test is not accessible for deaf people!
- Speech recognition research is very advanced, and human has poor speech recognition faculties compared to image recognition.
- It allows access to blind people, and can easily be generated by a machine.
- 6 : heuristic checks
This solution is a curative solution, and is not preventive.
Indeed, heuristic check can point out that a user is not human only after this user has caused damage, and non-human patterns have been identified.
- 2 : sound output
- Manual solutions , like the also known as Turing tests.
These kind of tests include:- 1 : logic puzzles
We completly agree with Matt May on this point. We also consider that designing logic puzzle that are not cultural or language
dependant is only possible throught mathematical puzzles. But on this particular field, calculation, robots have already proved their superiority...
Plus, generating automatically a large number of independant logical tests does not seem feasable. This is why we classified this solution as manual.
- 1 : logic puzzles
- 5: Limited-use accounts
This is the manual version of the heuristic checks. - 4 : live operator, by phone or chat
This is the best option : real Turing tests. The only limiting factor is economic : providing operator for all requests without delay is surely a very expensive solution.
- 5: Limited-use accounts
So what ?
- About security
- a system security level is less or equal the lower security level of its sub components, so implementing a solution system (visual and sound captcha) would be as vulnarable as the most vulnarable solution.
- Being able to easily change the tests is crucial see proof of concept
- Automatic : Coupling sensorial tests (speech or image recognition) with trivial logic puzzle
As we have already mentionned, also know as Turing tests.
...
- building complex cognitive puzzle automaticaly is too complicated.
We also see that bots are almost as good as human on sensorial tests (specialy on sounds based tests).
We think that coupling sensorial tests and trivial logic puzzle is a simple way to add complexity and thus to trasnform a nearly trivial AI problem (sensorial only test) to a Complex AI problem.
See this brillant article : Proposal for an Accessible Captcha