DRAFT
W3C Working Draft
Accessibility is a major concern for us, and for most of our users. This is why we want and need that some authority establish a standard on this particular subject.
Not surprisingly, we are looking forward the W3C Web Accessibility Initiative.
Our will is to help the community to build a standard and to do so, we response to this 'Inaccessibility of Visually-Oriented Anti-Robot Tests Problems and Alternatives' paper, published in November 2003.
We will comment this paper folowing the table of content
About : the problem : a false sense of security
Right, the value of a simple visual verification is low, but the value of a global anti robot system is very high.
About : A hierarchy of needs
About : privilege
We don't think this one adds value to the paper : implementing security or preserving privilege for certain user are synonym.
Security without privilege is useless, preserving privilege implies implementing security.
About : identity and humanity
Our opinion on those two notion is that they are orthogonal.
|
robot |
human |
Identified |
using a mail client to pop my mail account every 5 minutes |
buying something on line with a Credit Card Number |
Anonymous |
using a feed reader to pull news every 5 minutes |
consulting the NY state unified court system |
This concerns two very different problems and thus should be treated as is.
Accessibility of humanity tests (Turing tests) is the subject we are interested in, not accessibility of identity systems.
Note : some identity systems also provide humanity certification, especially the biometric identity system.
About : possible solutions
As we already mentioned, identity systems cannot be proposed as solutions, because they do not concern humanity.
- As a result, we discarded the folowing solutions
- 7 : Federated Identity Systems
- 3: Credit-card validation
We distinguish two types of solutions :
- Automated solutions
like CAPTCHA or non public automated turing tests, also known as reverse Turing tests
It includes
-
- 2 : sound output
This may be the best of bad options :- It allows access to blind people, and can easily be generated by a machine.
But : - This type of test is not accessible for deaf people!
- Speech recognition research is very advanced, and human has poor speech recognition faculties compared to image recognition.
- It allows access to blind people, and can easily be generated by a machine.
- 2 : sound output
-
- 6 : heuristic checks
This solution is a curative solution : it may find out that a user is not human only after this user as caused damage.
This is not a preventive solution.
- 6 : heuristic checks
- Manual solutions also known as Turing tests.
it includes solutions
-
- 1 : logic puzzles
We completly agree with Matt May on this point. We also consider that designing logic puzzle that are not cultural or language
dependant is only possible throught mathematical puzzles. But on this particular field, calculation, robots have already proved their superiority...
This is why we classified this solution here.
- 1 : logic puzzles
-
- 5: Limited-use accounts
This is the manual version of the heuristic checks.
- 5: Limited-use accounts
-
- 4 : live operator, by phone or chat
This is the best option : Turing test. The only limiting factor is economic : providing operator for all requests without delay is surely a very expensive solution.
- 4 : live operator, by phone or chat
So what ?
- About security
-
- a system security level is less or equal the lower security level of its sub components, so implementing a solution system (visual and sound captcha) would be as vulnarable as the worse solution.
- Being able to easily change the tests is crucial
- Automatic :
Coupling sensorial tests (speech or image recognition) with trivial logic puzzle
- Central humanity system?
- The blade runner game