Actually this is remarkably timely. I just finished doing this not
five mins ago! lol! I was posting under Lessons and Tutoring which
is one of the categories that require phone verification. I gave them
my VOIP (Packet 8) number and it came back as unverifiable! ick!
So I Googled, and apparently, the provider they're using may
actually be categorically denying service to certain providers. So
there ya go! lol!
-Bloody draconian if you ask me! <smile>
On the Mac end of this issue, as has been brought up here earlier
this week, I had no problems at all accessing the captcha audio, but I
did need to click on an area of the screen which VO couldn't
announce. The invisible link did work though.
Now, this is not to say that the audio captcha itself was a piece
of cake, because these were not only some of the most difficult
captchas I've heard, but also I believe this stage of the process may
have some issues, as I seemed, at one point, to be caught up in a
situation where it wasn't liking my input, no matter if it agreed with
the audio or not. But that's getting OT.
All in all, from my exp, it *is* possible to do this process on the
Mac side with Safari / VO, but in general, the process itself, as CL
has made it now, sure isn't a pretty one! lol!
Have an awesome day!…
Smiles,
Cara :)
On Jun 25, 2008, at 2:20 PM, Brent Harding wrote:
Yeah, that's a good way to do it, but don't block cell phones and
voip providers. I heard on some voip news site that they block
certain providers by exchange on the outgoing calls you have to
verify posts on parts of craigslist that require phone verification,
whatever those are.
----- Original Message ----- From: "Chris Blouch" <[EMAIL PROTECTED]>
To: "General discussions on all topics relating to the use of Mac OS
X by theblind" <[email protected]>
Sent: Wednesday, June 25, 2008 3:58 PM
Subject: Re: Please Join Me In Making Craigslist Accessible Again
Yes, it's a hard problem. I was talking with some folks about
alternative accessible solutions to Captcha and one possibility was
to have the ability to enter a phone number and then have them call
you with an automated series of letters/numbers read on the phone
which you would type into the web page. This has some of the same
benefits of cost to the hacker and can be rate limited to prevent
repeated attacks. As you say, it also requires some trust and good
privacy policy that they won't be using your number for anything
else. Of course I also pointed out that any school kid would love
this service as a prank to ring up somebody's house at the wee
hours of the morning via any web browser. I think this issue pretty
much put an end to that solution.
CB
Jacob Schmude wrote:
The problem with that is the issue of privacy. I'd prefer not to
allow any old forum moderator to have my phone number, for
example. Even getting past that, phone numbers can be faked, and
I'd imagine the phone system would have to be automated, which
means that once the counter-response is figured out it could be
cracked rather easily. On top of that, what if the web site in
question isn't in your country of residence? Some of those
international rates can get nasty, at least in the U.S.
This is a problem with no easy solution, unfortunately, though I
personally believe that questions structured in an odd way that
the human brain could figure out is the best compromise. It has
its problems, such as needing to be familiar with the language in
question, but at the same time I believe it to resolve most of the
other problems. Let's face it, no matter what security measure
anyone comes up with there will always be someone to break it. And
the ones trying to make things secure wind up playing catch-up as
their security measures are broken. The question in my mind is how
much security will the end users tolerate? Hopefully it's a
question we won't ever have to actually see answered.
On Jun 20, 2008, at 9:25, Chris Blouch wrote:
This is another example of how to avoid hackers getting in. Add
some real expense and traceable communications to the
authentication process. A hacker doesn't care if they have to try
10000 times to crack one captcha since they are doing though some
botnet. The bandwidth and compute power are essentially free and
they can hide behind a shield of relative anonymity. If they have
to make a phone call that raises the bar. For one that call is
traceable so if something funny happens it comes back to a phone
number under somebody's name. It also has a real cost as the
phone line or cell phone account costs real money and they can't
automate it so some real human will have to make the call. The
10000 tries now isn't such a great deal.
CB
Dan Eickmeier wrote:
And that is good for those who are on cell phone providers that
support that verrification. Mine didn't, and I had to email
their support to get it fixed.
On 19-Jun-08, at 12:21 AM, Chelsea wrote:
Well, that is good for those who have talking cell phones. :(
On Jun 18, 2008, at 9:17 PM, John Moore wrote:
They should do it like Facebook, where they take the Captcha
away when you varify your cell phone number with a code they
send you via text message. When you type the code in right,
Captcha becomes nonexistent.
---
View my Online Portfolio at:
http://www.onemodelplace.com/CaraQuinn
