Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

DRAFT

W3C Working Draft

Accessibility is a major concern for us, and for most of our users. This is why we want and need that some authority establish a standard on this particular subject.
Not surprisingly, we are looking forward the W3C Web Accessibility Initiative.

Our will is to help the community to build a standard and to do so, we response to this 'Inaccessibility of Visually-Oriented Anti-Robot Tests Problems and Alternatives' paper, published in November 2003.

We will comment this paper folowing the table of content

About : the problem : a false sense of security

Right, the value of a simple visual verification is low, but the value of a global anti robot system is very high.

About : A hierarchy of needs

About : privilege

We don't think this one adds value to the paper : implementing security or preserving privilege for certain user are synonym.
Security without privilege is useless, preserving privilege implies implementing security.

About : identity and humanity

Our opinion on those two notion is that they are orthogonal.

 

robot

human

Identified

using a mail client to pop my mail account every 5 minutes

buying something on line with a Credit Card Number

Anonymous

using a feed reader to pull news every 5 minutes

consulting the NY state unified court system

This concerns two very different problems and thus should be treated as is.
Accessibility of humanity tests (Turing tests) is the subject we are interested in, not accessibility of identity systems.

Note : some identity systems also provide humanity certification, especially the biometric identity system.

About : possible solutions

As we already mentioned, identity systems cannot be proposed as solutions, because they do not concern humanity.

  • As a result, we discarded the folowing solutions
    • 7 : Federated Identity Systems
    • 3: Credit-card validation

We distinguish two types of solutions :

  • Automated solutions
    like CAPTCHA or non public automated turing tests, also known as reverse Turing tests
    It includes
    • 2 : sound output
      This may be the best of bad options :
      • It allows access to blind people, and can easily be generated by a machine.
        But :
      • This type of test is not accessible for deaf people!
      • Speech recognition research is very advanced, and human has poor speech recognition faculties compared to image recognition.
    • 6 : heuristic checks
      This solution is a curative solution : it may find out that a user is not human only after this user as caused damage.
      This is not a preventive solution.
  • Manual solutions also known as Turing tests.
    it includes solutions
    • 1 : logic puzzles
      We completly agree with Matt May on this point. We also consider that designing logic puzzle that are not cultural or language
      dependant is only possible throught mathematical puzzles. But on this particular field, calculation, robots have already proved their superiority...
      This is why we classified this solution here.
      • 5: Limited-use accounts
        This is the manual version of the heuristic checks.
      • 4 : live operator, by phone or chat
        This is the best option : Turing test. The only limiting factor is economic : providing operator for all requests without delay is surely a very expensive solution.

So what ?

  • About security
    • a system security level is less or equal the lower security level of its sub components, so implementing a solution system (visual and sound captcha) would be as vulnarable as the worse solution.
    • Being able to easily change the tests is crucial
  • Automatic :
    Coupling sensorial tests (speech or image recognition) with trivial logic puzzle
  • Central humanity system?
  • The blade runner game
  • No labels