Re: Please Join Me In Making Craigslist Accessible Again

Wed, 25 Jun 2008 15:10:34 -0700

Actually this is remarkably timely. I just finished doing this not five mins ago! lol! I was posting under Lessons and Tutoring which is one of the categories that require phone verification. I gave them my VOIP (Packet 8) number and it came back as unverifiable! ick!
So I Googled, and apparently, the provider they're using may actually be categorically denying service to certain providers. So there ya go! lol! 

  -Bloody draconian if you ask me!  <smile>


  On the Mac end of this issue, as has been brought up here earlier  
this week, I had no problems at all accessing the captcha audio, but I  
did need to click on an area of the screen which VO couldn't  
announce.  The invisible link did work though.



  Now, this is not to say that the audio captcha itself was a piece  
of cake, because these were not only some of the most difficult  
captchas I've heard, but also I believe this stage of the process may  
have some issues, as I seemed, at one point, to be caught up in a  
situation where it wasn't liking my input, no matter if it agreed with  
the audio or not.  But that's getting OT.



  All in all, from my exp, it *is* possible to do this process on the  
Mac side with Safari / VO, but in general, the process itself, as CL  
has made it now, sure isn't a pretty one!  lol!


  Have an awesome day!…

Smiles,

Cara  :)


On Jun 25, 2008, at 2:20 PM, Brent Harding wrote:


Yeah, that's a good way to do it, but don't block cell phones and  
voip providers. I heard on some voip news site that they block  
certain providers by exchange on the outgoing calls you have to  
verify posts on parts of craigslist that require phone verification,  
whatever those are.


----- Original Message ----- From: "Chris Blouch" <[EMAIL PROTECTED]>

To: "General discussions on all topics relating to the use of Mac OS  
X by theblind" <[email protected]>

Sent: Wednesday, June 25, 2008 3:58 PM
Subject: Re: Please Join Me In Making Craigslist Accessible Again



Yes, it's a hard problem. I was talking with some folks about  
alternative accessible solutions to Captcha and one possibility was  
to have the ability to enter a phone number and then have them call  
you with an automated series of letters/numbers read on the phone  
which you would type into the web page. This has some of the same  
benefits of cost to the hacker and can be rate limited to prevent  
repeated attacks. As you say, it also requires some trust and good  
privacy policy that they won't be using your number for anything  
else. Of course I also pointed out that any school kid would love  
this service as a prank to ring up somebody's house at the wee  
hours of the morning via any web browser. I think this issue pretty  
much put an end to that solution.


CB

Jacob Schmude wrote:

The problem with that is the issue of privacy. I'd prefer not to  
allow any old forum moderator to have my phone number, for  
example. Even getting past that, phone numbers can be faked, and  
I'd imagine the phone system would have to be automated, which  
means that once the counter-response is figured out it could be  
cracked rather easily. On top of that, what if the web site in  
question isn't in your country of residence? Some of those  
international rates can get nasty, at least in the U.S.
This is a problem with no easy solution, unfortunately, though I  
personally believe that questions structured in an odd way that  
the human brain could figure out is the best compromise. It has  
its problems, such as needing to be familiar with the language in  
question, but at the same time I believe it to resolve most of the  
other problems. Let's face it, no matter what security measure  
anyone comes up with there will always be someone to break it. And  
the ones trying to make things secure wind up playing catch-up as  
their security measures are broken. The question in my mind is how  
much security will the end users tolerate? Hopefully it's a  
question we won't ever have to actually see answered.


On Jun 20, 2008, at 9:25, Chris Blouch wrote:


This is another example of how to avoid hackers getting in. Add  
some real expense and traceable communications to the  
authentication process. A hacker doesn't care if they have to try  
10000 times to crack one captcha since they are doing though some  
botnet. The bandwidth and compute power are essentially free and  
they can hide behind a shield of relative anonymity. If they have  
to make a phone call that raises the bar. For one that call is  
traceable so if something funny happens it comes back to a phone  
number under somebody's name. It also has a real cost as the  
phone line or cell phone account costs real money and they can't  
automate it so some real human will have to make the call. The  
10000 tries now isn't such a great deal.


CB

Dan Eickmeier wrote:

And that is good for those who are on cell phone providers that  
support that verrification.  Mine didn't, and I had to email  
their support to get it fixed.


On 19-Jun-08, at 12:21 AM, Chelsea wrote:


Well, that is good for those who have talking cell phones. :(
On Jun 18, 2008, at 9:17 PM, John Moore wrote:


They should do it like Facebook, where they  take the Captcha  
away when you varify your cell phone number with a code they  
send you via text message. When you type the code in right,  
Captcha becomes nonexistent.




















---
View my Online Portfolio at:
http://www.onemodelplace.com/CaraQuinn

























					Reply via email to