earlier today, i drafted what i considered a thoughtful, yet quick, reply to a comment upon the development of an accessibility statement for Drupal (http://groups.drupal.org/node/39134#comment-155813), but my comment was identified as possible spam, so i was required to take a CAPTCHA test in order to authenticate my comment, but when i attempted to use the audio captcha, the page refreshed, completely wiping out almost a half-an-hour's work which i had put into my response...
in that comment, i could not add a list of resources to which i wanted to point the original commentor (http://groups.drupal.org/node/39134#comment-155778), as any attempt to do so on my part lead to a "CAPTCHA challange", which i cannot surmount... i suppose, at this point, i should state that i am a totally blind user, using a screen-reader -- in this particular instance, the screen reader was JAWS for Windows 11.0.756 (http://www.freedomsci.com/jaws-hq.asp), internet explorer 8.0, running on Microsoft Windows XP Media Center Edition
a preliminary list of issues to be addressed with the CAPTCHA challange:
1) when a user selects "play audio CAPTCHA", focus should be placed inside the input field into which the user has to type the CAPTCHA;
2) it is not clear if one is supposed to type in the alphabetic value for each enunciated mnemonic, or whether one is supposed to type in natural language phrases;
3) there is no explicit "submit" mechanism for the CAPTCHA challange; one should be added, otherwise, one gets into a loop between the CAPTCHA challange and the reply form's "Save" or "Preview" button; are the 2 submission mechanisms separate? if so, there needs to be an explicit CAPTCHA challange submission button
4) the audio captcha utiilizes a browser plug-in for control of playback of the audio captcha, yet such embedded controls are often inaccessible to users of assistive technology -- it would be better to have an actual form control that initiated a replay of the captcha (this is the approach taken by the reCAPTCHA project)
5) isn't there a superior method of verifying if a human being is submitting a comment in good faith? please consider the following:
-
Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web (W3C Note, 2005-11-23)
** http://www.w3.org/TR/turingtest -
CAPTCHA Note Update (Wiki Page)
** http://www.w3.org/wai/pf/wiki/CAPTCHA-V2
if a CAPTCHA is used, however, could not -- for example -- a cookie be served to my user agent so that instead of having to choose an audio CAPTCHA each time my integrity is questioned, i would be served the audio captcha by default? if i store a cookie when i log in that verifies who i am and what my site preferences are, shouldn't it be possible for the site to check that cookie instead of challanging my personhood?
as a crowning insult, due to the problems described above, i had to wait until i could obtain sighted assistance in order to submit this comment, gregory.
Comments
Thank you!
Gregory, I can see perfectly, and those captchas give me trouble, too. I hate them, and I am really sorry for the terrible experience you have had. But thank you for recording this experience here. I don't think I have read a more complete and compelling explanation of the problems captchas pose for people with disabilities. I, for one, will refer to this post whenever I tell people why they are a bad idea.
Prior G.D.O. post on CAPTCHAs
I just wanted to make everyone aware that there is a prior g.d.o. post on CAPTCHAs with some good comments at g.d.o CAPTCHA is poorly accessible.
Accessibility Consultant & Web Developer - Zufelt.ca
@ezufelt on Twitter | LinkedIn profile
CAPTCHAs are a Nightmare
I agree with Gregory, CAPTHAs are a problem for those of us with visual impairments. I am not blind, I just have a problem with contrast, and small print. I incorrectly identify the letters in more CAPTCHAs than I get correct. I don't know how Gregory does it, but I have a horrible time trying to understand the audio option for a CAPTCHA. I am a ham radio operator, and it is like digging text out of the pile-up noise from a rare DX station. Of course. tinnitus, from hearing two many explosions in Vietnam, adds to the problem.
CAPTCHAs and the deafblind
@billsdesk
You're comment made me recall something else that I wanted to post in this thread.
Combination visual / audio CAPTCHAs are completely inaccessible to the deafblind.
Even for individuals who are not deafblind, but who have combined vision and hearing loss, combined visual / audio CAPTCHAs can be at best unreasonably difficult and at worst completely inaccessible.
Accessibility Consultant & Web Developer - Zufelt.ca
@ezufelt on Twitter | LinkedIn profile
my apologies
First, my apologies to @oedipus that you lost your content. I've added you to the set of users who do not have to answer the captcha question and added the existence of that policy to our About page.
We recently tweaked the way the captcha works here so that only very new people are subjected to it and even then Mollom still does it's analysis to determine whether or not to show the spam.
I created an issue in the Mollom issue queue so they are aware of this problem and can hopefully do something about it.
I completely agree that CAPTCHAs are a pain - that's part of why we use Mollom and why we have created our new "tweak" is so that only a subset of our total userbase has to fill them out. It's an imperfect solution to a tough problem and I am always interested in hearing ideas of what we can do to make groups.drupal.org more accessible and more usable without opening the site up to major spam attacks. groups.drupal.org is somewhat unique in that it immediately sends out e-mails when there is a new comment, so whatever spam deterrent we use has to be proactive and preventive rather than detective (i.e. after the fact).
knaddison blog | Morris Animal Foundation
CAPTCHA alternatives
@greggles thank you for your attention to the CAPTCHA accessibility/usability thread -- what are the chances of using "simple" queries, such as "simple" mathematic equations in "plain text", as a method of human verification? for example:
four minus three equals: ____
or
4 minus 3 equals: _____
or
four - three = _____
or whatever way you think would best confuse bots and spammers...
tried and failed with this in the past
The bots are smart! We tried this about 2 years ago and had to abandon it because the spammers programmed their bots to solve these kinds of questions.
g.d.o is just too popular and a link here is too valuable for systems like that.
knaddison blog | Morris Animal Foundation
What about other services?
What about things like 157,500,799 easy logic questions:
http://textcaptcha.com/
I've also heard good things about the accessibility of reCAPTCHA and it might be better for accessibility than Mollom. Mind you maybe Mollom could be improved for accessibility.
--
OpenConcept | Twitter @mgifford | Drupal Security Guide
Burden on your users
the logic questions may be better than the dilapidated numbers/letters, but they still don't protect against human farming. In addition and arguably most importantly, your are still placing your security burden on your user base. Any time you place a "speed bump" for your users, like a Turing Test of any kind, you are turning away somewhere between 3.2 and 10 percent of your legitimate user base.
exactly! I'd love a more
exactly! I'd love a more accessible mollom, or a reCAPTCHA that did text analysis before displaying the captcha.
In the absense of the perfect solution we've gone with Mollom for now and the work-around to grant roles to vision impaired folks.
knaddison blog | Morris Animal Foundation
mollum versus reCAPTCHA
although i appreciate the sincerity of the intent, i'd rather not be a special exception...
what led you to choose Mollum? reCAPTCHA has a built-in audio alternative with a repeat function that -- if one has to use a CAPTCHA test -- is the "best" one to use, at least in this user's experience... yes, like all audio/visual challenges, it is still completely inaccessible to the deafblind as well as those with any appreciable hearing & vision loss, which is a hurdle which somehow has to be cleared... what i want to communicate is that there are efforts under way exploring more accessible alternatives to audio/visual challenges, and the reason i push reCAPTCHA is that they engaged the accessibility community via the W3C/WAI upon the initiation of a dialogue i had begun by sending a complaint to the generic help address -- they made several refinements in response to user and developer feedback, and engaged in discussions of CAPTCHA strategies and alternatives, which you can find at:
http://www.w3.org/WAI/PF/wiki/CAPTCHA_v2
I think you missed what
I think you missed what greggles said, he uses Mollom for the same reason I imagine most of us do, that it offers textual analysis of the content, as opposed to solely offering a CAPTCHA box. I doubt reCAPTCHA will be offering that feature. Your other points are quite valid though.
Drupal evangelist.
www.CoderintheRye.com
We just had a big discussion
We just had a big discussion on the WebAIM mailing list about this very question, and as a single developer responsible for multiple sites with public-facing forms, it's a challenging situation.
If I could not implement CAPTCHA at all, I would be forced to remove forms entirely or put them behind a complex email verification process. I have one site which receives up to 1000 spam messages a day, and if these weren't protected in some fashion we would have no option but to turn off that site's very useful feedback feature. While we do use ReCAPTCHA for certain uses on campus, we like Mollom because in many cases it can remove the need for CAPTCHA entirely - which is good for all users.
I think that Mollom is being used on g.d.o for the same reason we are: it's effective, it is cheap, and it integrates well with Drupal. Also, since it is a bit more open than other CAPTCHA service providers, I think that there's a better chance of accessibility issues being resolved with Drupal/Mollom than other solutions.
In the meantime, we also render out an email address where people can send responses to if the Mollom CAPTCHA is rendered and I post them myself. I've only had one of these, and I agree it's a less-than-perfect solution.
Email filtering
At the Iowa Department for the Blind, all the forms are wide open for submission. They are web-to-email forms built using Drupal's webform module. The email system has some very heavy spam filtering. I don't know what filtering tools are in use. The goal is to allow anyone to submit the forms and to minimize the amount of spammy submissions that staff have to see in their inbox.
www.pixotech.com
Yeah, we faced a similar
Yeah, we faced a similar situation with spam, however the CAPTCHAs were found to be inaccessible back when first looking at them. reCAPTCHA was put through usability testing, but they found that a11y users often couldn't make out the audio either and were often stuck.
This got me thinking and led to a current shift. Most of our forms are for people in the University's community, meaning they already have ID numbers. Thus, we have a goal now of moving any forms that don't need to be publicly facing to be behind our login on our Drupal intranet.
Have you stopped to consider whether most of your forms really need to be available on the public web?
Edit: Forgot to mention, we didn't test out Mollom for a11y, but I use it on some of my personal sites and find it very good.
Drupal evangelist.
www.CoderintheRye.com
CAPTCHA alternatives
This type of alternative now exists in the Captcha module and is used by some sites.
Invisible CAPTCHA alternative
There is a free service called BotAlert, it is 100% invisible to your users and we’ll send you a daily report telling you what your traffic breakdown for that page was, humans vs bots. They also offer an invisible CAPTCHA alternative, but that has a cost associated with it. http://www.pramana.com to learn more
Add issues to mollom, work on captcha api
When working on a current site we've realized many times that mollom is very limited in accessibility. Even for users without significant handicap, situations occur where they click e.g. on the mollom image and see themself visiting the mollom page - losing the whole form with text.
We started adding some thoughts about this to the mollom issue queue:
Target for link on mollom captcha image
http://drupal.org/node/768710
Alter help text on audio captcha
http://drupal.org/node/768694
Please add your thoughts about it and please also add further accessibility issues to the project. I'd recomment adding the Tag "Accessiblity" also.
When further thinking about the Captcha configuration of mollom we also thought further:
What if we had a native fapi attribute for captcha controle or something like a captcha api.
Captchas would have a common core functionality and the systems could be replaced without a lot of work. All form specific configurations will be reused for all captchas because they are a common denominator.
The idea is somewhat like a wysiwyg API.
See our brainstorming in the captcha group about captcha api use cases and the original issue from mollom about its configurability that triggered the analisys.
Captcha configuration use cases, captcha api
http://groups.drupal.org/node/64978
overhead from form_id in mollom_form_list
http://drupal.org/node/774188
All inputs very appreciated.
Just created the Text CAPTCHA
Just created the Text CAPTCHA module which integrates CAPTCHA with the textcaptcha.com service.
http://drupal.org/project/textcaptcha
[This is where I deleted some terrible idea that should have never been uttered about Mollom that I'm retracting because the best solution is to help Mollom fix their a11y issues. Sorry, Mollom - please return my calls!]
I didn't think your previous
I didn't think your previous idea was too terrible, because though I like Acquia and Mollom, they could certainly put a11y as a higher priority issue. It's like with the recent Facebook stuff, what better way to get some action going than to produce a little stir. But yes, working to make Mollom accessible is certainly the better route.
Drupal evangelist.
www.CoderintheRye.com
Correct, but I think that
Correct, but I think that they have been responsive and have at least made statements that they are working towards greater accessibility. If it ends up being all talk, that will be clear over the next few months.
Plus I don't want Dries mad at me...
Just replying to this to see
Just replying to this to see if it works because I am also having problems, I cannot get past the captcha in my group (multisite).
Amity Web Solutions
Hmm, so it works here but not
Hmm, so it works here but not on the multisite group for me??
Amity Web Solutions