Posted by michelle on December 24, 2007 at 2:39am
This just came through on the webmaster list:
"I made my post about drupaled only to find a spam problem, enter the
gaphic. since I am blind I can not submit my post. this was the first time
I ran in to this in drupal. I was disappointed, why are you taking these
mesures when this is a system you have to log in to. I do understand
though. if you could post this for me in the drupaled thred I would
appreciate it. I would love to use this distro very baddly but need some
help."
I know there's at least one other blind Drupal user. In a community this large, there could be more. I know spam is a problem here but I hate to shut out disabled users to avoid it.
Michelle
Comments
I agree 100%
I have experienced blindness twice in my life and feel I can relate at least a little with the Drupal users you mention. I wrote about the ASCII captcha's accessibility problems last month when the captcha had just been turned on, and I'm sad that my post was overlooked or ignored and that a real person in the community has been shut out.
Moshe, Boris and others: if we can have another captcha instead, please count me in if you need another hand to help delete spam posts and comments. I won't be inclined to help, however, if this accessibility problem continues to be overlooked or ignored.
solutions
folks - we need solutions to the spam problem that have equal or less admin effort than the current CAPTCHA. thats how you may help. getting indignant does nothing, IMO.
Ideas
I haven't used it but I hear good things about http://akismet.com/ .
On my site, I use a combination of the math captcha (is that accessable? Seems like it would be) and the spam module to catch it when the bots get through. The Spam module would be tricky on here as a big part is counting URLs and people have legitimate reasons to post a lot of URLs on here. But it's something to look at if it hasn't been already.
Or maybe some sort of check that a user has been on Drupal.org X days without being blocked before they can post here? That's a big pain for real, human, new people, though.
I know it's a real problem, especially given how many people get these posts as emails. I hope my OP didn't come off as though I don't think you're doing your best. I had a wiggly fussy baby on my lap and it was hard to type a complete thought. :)
Michelle
See my Drupal articles and tutorials or come check out life in the Coulee Regio
reCAPTCHA
Moshe, I pointed out the problem a month ago and nothing happened as a result. That's something that I'm sad about (not angry or indignant), and it's not my intention to sound like I'm annoyed with you or anyone else. I'm only saying that I am not inclined to help if my valid points are overlooked or ignored. That's reasonable, isn't it?
Now there's a discussion about this thanks to Michelle and the post on the webmaster mailing list so let's move on. If I'm annoyed at all it's with myself for not being more vocal about not marginalizing the blind and vision-disabled. Unless you are or have been blind, you really have no idea how difficult the world (and the web) is to navigate.
Anyway, my vote is for offloading this to the reCAPTCHA project. As far as I know it's more effective and accessible than anything else we currently have and Rob Loach has written a module for it at http://drupal.org/project/recaptcha
random words?
As far as I think, the 5 random words, of which the nth needs to be spelled is blind friendly right? This mixed up letter order is based on CSS trickery, so is not good for screen readers. Obviously best would be to ask blind users on what would be most friendly to them. Deleting spam by hand became so much a pain that it is not something we should favor IMHO.
ok, i disabled the css captcha
good thinking. i disabled the css captcha.
oops, can't do that
sorry, i just looked and we are running now with the ASCII captcha and the css captcha, not the random word captcha. that captcha was being defeated by brute force.
so our current 2 captchas are not screen reader friendly. we need someone to enhance captcha module to handle these users, or otherwise deal with spam. i have tried spam.module and found that it interfered with other modules and was pretty heavyweight. i'd like to avoid it.
Can it be disabled by role?
I was just thinking that blind users are going to be very much the exception. Could we maybe have people apply to be exempt from the captcha? I know that's an admin pain but it might be worth a shot. In the same breath, we could disable captcha to known non spammers. Maybe only have captcha on an initial role and promote people when they have proven themselves or asked to be moved due to disability. I'd be willing to help out with that as long as it didn't get too overwhelming.
Michelle
See my Drupal articles and tutorials or come check out life in the Coulee Regio
michelle's role solution seems reasonable to me
The role solution sounds good to me - what about using a few of the other captchas as well and the random captcha?
The random captcha prevents (or at least dramatically slows down) the brute force aspect.
--
Knaddisons Denver Life | mmm Chipotle Log | The Big Spanish Tour
knaddison blog | Morris Animal Foundation
we are already doing random
we are already doing random but only two captcha types are enabled. the others are disabled because they are easily solved by brute force ('pick a word that doesn't belong' and math). enabling those just increases the odds that spam gets through. random doesn't really help the problem much. these are computers we are dealing with who don't get tired.
i think a required delay after registration helps a tiny amount but many scripts account for this and just leave dormant accounts around for a while.
manual role promotion
I meant the manual role promotion for blind folks seemed good. While not perfect (requires extra admin work), at least it works consistently.
knaddison blog | Morris Animal Foundation
Another vote for reCAPTCHA
Luis von Ahn, the inventor of the original CAPTCHA at Carnegie Mellon, has made it even better (and accessible) with the reCAPTCHA project. PBS.org has a brief video about reCAPTCA and the June issue of Wired goes into more depth.
Not just blind users
So here I am trying to figure out why I have like 45+ signed up on a group and 30+ people showing up to a meetup but rarely does a person post on groups.drupal.org. When someone does posts it is generally a native English speaker or someone fluent in English.
The reason.
The captcha with the weird random letters. "aN5ax73f" or something similar.
If your native language is based on Characters and not the roman alphabet distinguishing between the upper and lowercase versions of certain characters is extremely difficult. I have now watched several people unable to distinguish between "c & C" "i & I" "n & N" "m & M" on that specific captcha because of the font size in use. When used on a browser/computer set to be optimized for reading Chinese (and I'd assume Japanese and others) the fonts look extremely, extremely similar. This isn't the case with a picture captcha.
This captcha is definitely stopping spam but it is also now working against us when trying to organize people as they can not use the tool.
My vote is in for recatcha as it has a really good backing behind it and we'd not only offload this issue to someone else but we'd also really help out an good organization.
I'm also up for looking into the Role issue so that we can get rid of captcha completely for those people that have proven themselves over and over again. Facebook has a neat little SMS verification system that helps to get rid of the captcha. Also we could fairly easily setup a system wherein people pay $2 or $5 US via paypal to "up" their account into a non-captcha role. This is the couch surfer approach wherein you're paying for the verification and not for the use of the service.
The role is a long-term goal. ReCaptcha seems like a nice short-term goal.
My current schedule is insanely busy BUT I can and will find resources for this if we come to a consensus on a plan.
-Jacob Redding
-Jacob Redding
What the Captcha looks like
Here is a screenshot to show how the captcha looks when you are on a computer optimized to read Chinese characters. I honestly don't know what the answer to the captcha is/was. We copied the post and refreshed the original page to get a new type of captcha.
-Jacob Redding
-Jacob Redding
update
Do we have any consensus on how to move forward? Can we move to ReCaptcha or a different module.
Its incredibly difficult for me to utilize groups.drupal.org with Chinese speakers as the Captchas simply do not work (see the picture above). Today I had to sit through 5 different captcha just to post as my U.S based Mac set to Chinese screwed up the display of the English characters so with an inability to figure out the order of the characters I had to keep trying until I finally got it correct. Its not impossible to get it to work just incredibly, incredibly frustrating.
So where are we? What are the next steps?
-Jacob Redding
-Jacob Redding
I plan to implement a 3rd
I plan to implement a 3rd party CAPTCHA in the next week. I'll post a bit more about it soon.
cool thanks..
Thanks for the update. If you need any help just let me know.
-Jacob Redding
-Jacob Redding
This discussion appears to
This discussion appears to have been continued elsewhere at http://groups.drupal.org/node/8973
Here's to hoping that Mollom will make groups.drupal.org more accessible to screen readers.