RE: [WSG] image verification
Eric Meyer came up with one of the easiest ways to do this in an accessible manner. Use a question like this: What color is an orange? Now that may require someone knowing what an orange is, but you could do something like this. To make sure you arent a computer, Im going to ask a very simple question. My name is Marissa. What is my name? [insert input box] A petition isnt going to solve anything. The major internet companies are already aware of captcha problems. The above solution works great for a personal site or small business. When you are Craigslist, amazon, yahoo, etc a more robust technique is needed to foil the bad guys. Ted www.last-child.com From: listdad@webstandardsgroup.org [mailto:[EMAIL PROTECTED] On Behalf Of Marissa Manzino Sent: Wednesday, August 02, 2006 8:23 AM To: wsg@webstandardsgroup.org Subject: [WSG] image verification Hi, DOes any know how to get around the image verification system? If you're blind, or have another disability this could be a problem. I have started a petition regarding this at: http://www.petitiononline.com/A67309/petition.html If any of you know a way around this, please let me know! have a wonderful day! Marissa wsg@webstandardsgroup.org **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help** **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help**
RE: [WSG] image verification
To simplify it further, take case sensitivity out of the equation and ask: what is 5+3? From: listdad@webstandardsgroup.org [mailto:[EMAIL PROTECTED] On Behalf Of Ted Drake Sent: 02 August 2006 16:47 To: wsg@webstandardsgroup.org Subject: RE: [WSG] image verification Eric Meyer came up with one of the easiest ways to do this in an accessible manner. Use a question like this: What color is an orange? Now that may require someone knowing what an orange is, but you could do something like this. To make sure you arent a computer, Im going to ask a very simple question. My name is Marissa. What is my name? [insert input box] A petition isnt going to solve anything. The major internet companies are already aware of captcha problems. The above solution works great for a personal site or small business. When you are Craigslist, amazon, yahoo, etc a more robust technique is needed to foil the bad guys. Ted www.last-child.com **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help** **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help** **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help**
Re: [WSG] image verification
If the question way or the calculation way became common practise, as with image verification, it would only be a matter of time before spam-bots collects the questions, and if the same questions are used widely, the spambots would soon know the answers as well :) You would have to create a row of unique questions for your website alone.Sincerely, Thomas SilkjærE-mail:[EMAIL PROTECTED]Visit:http://theundersigned.net/http://webdesignbook.net/ Den 02/08/2006 kl. 18.09 skrev Edward Clarke:To simplify it further, take case sensitivity out of the equation and ask: what is 5+3? From: listdad@webstandardsgroup.org [mailto:listdad@webstandardsgroup.org] On Behalf Of Ted DrakeSent: 02 August 2006 16:47To: wsg@webstandardsgroup.orgSubject: RE: [WSG] image verification Eric Meyer came up with one of the easiest ways to do this in an accessible manner. Use a question like this: What color is an orange? Now that may require someone knowing what an orange is, but you could do something like this. To make sure you aren’t a computer, I’m going to ask a very simple question. My name is Marissa. What is my name? [insert input box] A petition isn’t going to solve anything. The major internet companies are already aware of captcha problems. The above solution works great for a personal site or small business. When you are Craigslist, amazon, yahoo, etc a more robust technique is needed to foil the bad guys. Tedwww.last-child.com**The discussion list for http://webstandardsgroup.org/See http://webstandardsgroup.org/mail/guidelines.cfmfor some hints on posting to the list getting help** **The discussion list for http://webstandardsgroup.org/See http://webstandardsgroup.org/mail/guidelines.cfmfor some hints on posting to the list getting help** **The discussion list for http://webstandardsgroup.org/See http://webstandardsgroup.org/mail/guidelines.cfmfor some hints on posting to the list getting help** **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help**
Re: [WSG] image verification
I know one. Don't use CAPTCHA at all. You're supposed to get rid of spam, not your users. Use akismet. Best regards, Marko Mrdjenovic Marissa Manzino wrote: Hi, DOes any know how to get around the image verification system? If you're blind, or have another disability this could be a problem. I have started a petition regarding this at: http://www.petitiononline.com/A67309/petition.html If any of you know a way around this, please let me know! have a wonderful day! Marissa wsg@webstandardsgroup.org mailto:wsg@webstandardsgroup.org ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help ** ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] image verification
On Wednesday 02 August 2006 17:46, Ted Drake wrote: A petition isn't going to solve anything. The major internet companies are already aware of captcha problems. The above solution works great for a personal site or small business. When you are Craigslist, amazon, yahoo, etc a more robust technique is needed to foil the bad guys. Ok Ted, I think there is some work for you... This petition is specifically aimed at yahoo.com and is designed to express the sentiment that yahoo.com should provide audio alternatives to image verification. But at least you've got a lot of good alternatives to choose from here ;-) Good luck! Martin. ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Image Verification
See KittenAuth by Oli Warner.http://www.kittenauth.com/Basicly using easily recognisable shapes as a validation; eg, Please select 3 kittens from an array of 9 animal photos. It's very hard for a computer to identify a kitten from a pig for example, but easy for even a child. JOn 01/06/06, Kara O'Halloran - Eduka [EMAIL PROTECTED] wrote: You've all seen image verification boxes where you have to type into afield the wonky letters that you see on screen.What do vision impaired people do when they come across that? Is there away to make that accessible to blind people without making it accessible to the dreaded robots?And how common are those robots anyway?Discussion/opinions would be appreciated.K**The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help ** **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help**
Re: [WSG] Image Verification
Btw for your future Googling, the term is CAPTCHA validation.On 01/06/06, James Laugesen [EMAIL PROTECTED] wrote:See KittenAuth by Oli Warner. http://www.kittenauth.com/Basicly using easily recognisable shapes as a validation; eg, Please select 3 kittens from an array of 9 animal photos. It's very hard for a computer to identify a kitten from a pig for example, but easy for even a child. JOn 01/06/06, Kara O'Halloran - Eduka [EMAIL PROTECTED] wrote: You've all seen image verification boxes where you have to type into afield the wonky letters that you see on screen.What do vision impaired people do when they come across that? Is there away to make that accessible to blind people without making it accessible to the dreaded robots?And how common are those robots anyway?Discussion/opinions would be appreciated.K**The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help ** **The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help**
Re: [WSG] Image Verification
What do vision impaired people do when they come across that? Is there a way to make that accessible to blind people without making it accessible to the dreaded robots? Voice recording of the text. And how common are those robots anyway? No idea. However there are many ways of reading the characters via various OCR methods (that are proven to have better results than humans) or remote mechanical turk when the images are retyped by another person on another web for various reason so it's not that safe anyways. And, personally, I hate CAPTCHAs. Better possibilities out there: http://www.w3.org/TR/2005/NOTE-turingtest-20051123/ -- Jan Brasna :: www.alphanumeric.cz | www.janbrasna.com | www.wdnews.net ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Image Verification
Kara O'Halloran - Eduka wrote: You've all seen image verification boxes where you have to type into a field the wonky letters that you see on screen. They're called CAPTCHAs http://en.wikipedia.org/wiki/CAPTCHA What do vision impaired people do when they come across that? They have difficulty filling them out. Is there a way to make that accessible to blind people without making it accessible to the dreaded robots? Provide alternate text in a form that cannot be easily parsed by a robot. e.g. If the image contained the digits 3724980, you might use this: img src=captcha alt=three, seventy-two, four hundred and ninety eight, zero With this approach, you're system may have to be lenient with accepting puncuation. A person hearing that from their screen reader may actually enter 3 72 498 0 or 3, 72, 498, 0. Or you could include a note stating (no spaces or punctuation) somewhere in the label. Alterntively, you might ask a simple question that anyone should be able to answer. e.g. What colour is an orange? (Depending on the test, some people with cognitive disabilities may still have trouble) And how common are those robots anyway? They are very common. Spammers use them all the time to fill out virtually any form they come across. If you've got a blog, it's likely you've experienced some form of spam promoting online casino's, various drugs and personal enhancement products. All that comes directly from those kind of robots. -- Lachlan Hunt http://lachy.id.au/ ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Image Verification
Jan Brasna wrote: What do vision impaired people do when they come across that? Is there a way to make that accessible to blind people without making it accessible to the dreaded robots? Voice recording of the text. And how common are those robots anyway? No idea. However there are many ways of reading the characters via various OCR methods (that are proven to have better results than humans) or remote mechanical turk when the images are retyped by another person on another web for various reason so it's not that safe anyways. And, personally, I hate CAPTCHAs. Better possibilities out there: http://www.w3.org/TR/2005/NOTE-turingtest-20051123/ Voice recording is good, but it does make it a little regionalised, in that you have to ensure the voice is as much understandable to the regional audience on the site. These bots can be very common especially if you offer free sign up (forums) blogs, or a free trial of anything. Most I have found are poorly written, and are killed by a little javascripting, but they do offen result in junk records and are followed by script injection attacks. All of which people should be securing against. The really weird characters (that I sometimes can't make out either) is due to the common OCR reading of the bots. I have seen some Flash based visual and sound use to over come this as well. Mind you its only a matter a time with the voice recordings that these are translated as well. (if not already). Presently the logic puzzles seem to be the only solid method. -- Gary ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Image Verification
Lachlan Hunt wrote: Kara O'Halloran - Eduka wrote: You've all seen image verification boxes where you have to type into a field the wonky letters that you see on screen. They're called CAPTCHAs http://en.wikipedia.org/wiki/CAPTCHA What do vision impaired people do when they come across that? They have difficulty filling them out. Is there a way to make that accessible to blind people without making it accessible to the dreaded robots? Provide alternate text in a form that cannot be easily parsed by a robot. e.g. If the image contained the digits 3724980, you might use this: img src=captcha alt=three, seventy-two, four hundred and ninety eight, zero With this approach, you're system may have to be lenient with accepting puncuation. A person hearing that from their screen reader may actually enter 3 72 498 0 or 3, 72, 498, 0. Or you could include a note stating (no spaces or punctuation) somewhere in the label. Alterntively, you might ask a simple question that anyone should be able to answer. e.g. What colour is an orange? (Depending on the test, some people with cognitive disabilities may still have trouble) And how common are those robots anyway? They are very common. Spammers use them all the time to fill out virtually any form they come across. If you've got a blog, it's likely you've experienced some form of spam promoting online casino's, various drugs and personal enhancement products. All that comes directly from those kind of robots. Even this list gets them... -- Gary ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Image Verification
Nice article on this topic in today's Wall Street Journal: - nello May 31, 2006 Codes on Sites 'Captcha' Anger of Web Users By DAVID KESMODEL May 31, 2006; Page B1 Dave Simmer is a computer-savvy graphic designer. Yet when he surfs the Internet, he often gets stumped by the distorted jumbles of letters and numbers that some Web sites ask users to retype to gain access. They keep warping them and making them longer, says the 40-year-old from Cashmere, Wash. The visually impaired have long decried these codes, which protect sites such as Yahoo.com and Ticketmaster.com from computer programs that create scores of email accounts for spammers or buy hundreds of concert tickets for scalpers. Now, the quizzes are irritating a wider array of Web surfers as companies toughen them as part of their arms race with the spam crowd. The codes, called captchas, are also showing up more often amid a boom in new Web services, ranging from blogging tools to social-networking sites. The trickiest ones make you not want to go to those sites anymore, says Scott Reynolds, a 29-year-old software architect in Ocala, Fla., who lambasted the devices on his blog last year. The captchas' flaws are prompting academics, independent computer programmers and some Web companies to craft new variations that they hope will be easier for humans to decipher but harder for computer programs. The World Wide Web Consortium, an international group that encourages improved standards for Web programming, published a paper (1) last November that advocates the creation of alternatives, saying the tests fail to properly recognize users with disabilities as human and are vulnerable to defeat by astute programmers. Internet companies defend their use of the codes, saying they face a difficult balancing act of trying to fend off attackers while providing a good experience for users. We know there's no perfect panacea, but we think this is a great tool to prevent malicious activity, says David Jeske, an engineering director at Google Inc. Google uses captchas for its free email service and its blog-writing service, among others. It is among companies that recently added an audio version, which lets the visually impaired listen to a series of letters or numbers and type them into their computer. Some captchas have been solved with more than 90% accuracy by scientists specializing in computer vision research at the University of California, Berkeley, and elsewhere. Hobbyists also regularly write code to solve captchas on commercial sites with a high degree of accuracy. But several Internet companies say their captchas appeared to be highly effective at thwarting spammers. Researchers are really good, and the attackers really are not, says Mr. Jeske of Google, based in Mountain View, Calif. Having these methods in place we find extremely effective against automated malicious attackers. Ticketmaster, a unit of IAC/Interactive Corp., has altered its captchas over the years in response to automated computer programs, called bots, that have cracked certain codes, says Brian Pike, Ticketmaster's chief technology officer. He says the robust resale market for tickets gives people a high incentive to try to swiftly snare tickets on its site. Spam companies sometimes get around the challenge of captchas by hiring workers to fill out the forms for them instead of relying on bots, according to the World Wide Web Consortium. The group said in its paper last year that it is a logical fallacy...to hail captcha as a spam-busting panacea. Captcha is an acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart. Computer scientists at Carnegie Mellon University coined the term in 2000 to describe codes they created to help Internet giant Yahoo Inc. thwart a spam problem. Turing refers to Alan Turing, a mathematician famous for his codebreaking work during World War II and, later, as a pioneer in artificial intelligence. In 1950, Turing wrote a paper that proposed a test in which a person in one room would ask questions of both a human and a computer in another to try to determine which of the respondents was human. If the judge couldn't tell which was which, the computer could be said to be able to think. Captchas deployed by commercial Web sites vary widely. For example, Microsoft Corp.'s Hotmail email service requires registrants to read a long series of twisted letters or numbers, obscured by several lines of varying shape. In contrast, eBay Inc.'s PayPal payment service shows simple block-style letters or numbers against a grid. Other sites use complex multicolored backgrounds. Mr. Reynolds, the Florida software architect, says he has been confused by captchas shown by everyone from Microsoft to Apple Computer Inc. The ones they make hard for a computer bot to break are also really hard for us to read, he says. It kind of defeats the purpose.
RE: [WSG] Image Verification
I had to install a captcha on my installation of mediawiki due to repeated abuse from bots, they're a necessary evil. -Original Message- From: listdad@webstandardsgroup.org [mailto:[EMAIL PROTECTED] On Behalf Of Nello Lucchesi Sent: Thursday, 1 June 2006 2:58 PM To: wsg@webstandardsgroup.org Subject: Re: [WSG] Image Verification Nice article on this topic in today's Wall Street Journal: - nello May 31, 2006 Codes on Sites 'Captcha' Anger of Web Users By DAVID KESMODEL May 31, 2006; Page B1 Dave Simmer is a computer-savvy graphic designer. Yet when he surfs the Internet, he often gets stumped by the distorted jumbles of letters and numbers that some Web sites ask users to retype to gain access. They keep warping them and making them longer, says the 40-year-old from Cashmere, Wash. The visually impaired have long decried these codes, which protect sites such as Yahoo.com and Ticketmaster.com from computer programs that create scores of email accounts for spammers or buy hundreds of concert tickets for scalpers. Now, the quizzes are irritating a wider array of Web surfers as companies toughen them as part of their arms race with the spam crowd. The codes, called captchas, are also showing up more often amid a boom in new Web services, ranging from blogging tools to social-networking sites. The trickiest ones make you not want to go to those sites anymore, says Scott Reynolds, a 29-year-old software architect in Ocala, Fla., who lambasted the devices on his blog last year. The captchas' flaws are prompting academics, independent computer programmers and some Web companies to craft new variations that they hope will be easier for humans to decipher but harder for computer programs. The World Wide Web Consortium, an international group that encourages improved standards for Web programming, published a paper (1) last November that advocates the creation of alternatives, saying the tests fail to properly recognize users with disabilities as human and are vulnerable to defeat by astute programmers. Internet companies defend their use of the codes, saying they face a difficult balancing act of trying to fend off attackers while providing a good experience for users. We know there's no perfect panacea, but we think this is a great tool to prevent malicious activity, says David Jeske, an engineering director at Google Inc. Google uses captchas for its free email service and its blog-writing service, among others. It is among companies that recently added an audio version, which lets the visually impaired listen to a series of letters or numbers and type them into their computer. Some captchas have been solved with more than 90% accuracy by scientists specializing in computer vision research at the University of California, Berkeley, and elsewhere. Hobbyists also regularly write code to solve captchas on commercial sites with a high degree of accuracy. But several Internet companies say their captchas appeared to be highly effective at thwarting spammers. Researchers are really good, and the attackers really are not, says Mr. Jeske of Google, based in Mountain View, Calif. Having these methods in place we find extremely effective against automated malicious attackers. Ticketmaster, a unit of IAC/Interactive Corp., has altered its captchas over the years in response to automated computer programs, called bots, that have cracked certain codes, says Brian Pike, Ticketmaster's chief technology officer. He says the robust resale market for tickets gives people a high incentive to try to swiftly snare tickets on its site. Spam companies sometimes get around the challenge of captchas by hiring workers to fill out the forms for them instead of relying on bots, according to the World Wide Web Consortium. The group said in its paper last year that it is a logical fallacy...to hail captcha as a spam-busting panacea. Captcha is an acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart. Computer scientists at Carnegie Mellon University coined the term in 2000 to describe codes they created to help Internet giant Yahoo Inc. thwart a spam problem. Turing refers to Alan Turing, a mathematician famous for his codebreaking work during World War II and, later, as a pioneer in artificial intelligence. In 1950, Turing wrote a paper that proposed a test in which a person in one room would ask questions of both a human and a computer in another to try to determine which of the respondents was human. If the judge couldn't tell which was which, the computer could be said to be able to think. Captchas deployed by commercial Web sites vary widely. For example, Microsoft Corp.'s Hotmail email service requires registrants to read a long series of twisted letters or numbers, obscured by several lines of varying shape. In contrast, eBay Inc.'s PayPal payment service shows simple block-style letters or numbers against
