Re: What is the issue with Captchas?


 

Judith,

            I will do my best to explain the function of Captchas as a security mechanism and some of the "side benefits" that have been derived from them.

            Captchas work extremely well in differentiating human beings from robots (mostly spambots).  The technology is evolving, and there is actually a move away from the conventional Captcha, but it's happening slowly.  Originally, virtually every Captcha text you would be presented with was literally scanned from old books and was usually two words.  These were words that were difficult to read and there was controversy about what they actually were, but only regarding a letter or two.  Having millions of humans see these, and give their typewritten responses as to what they were, gave researchers a way to narrow down what these words probably are as more and more people leaned toward a given answer.  They are excellent for preventing robots from using them like humans (sighted ones, anyway) do because they are not characters displayed in a way that technology can just skim off and spit back out, thus they prevent automated registrations and various sorts of automated attacks by programs.   The same idea carries over to the recordings used if you can't see these items.  They're not meant to be crystal clear because there does exist speech recognition software that can easily take "clean" recordings and translate them to the necessary text.  It's only humans that can hear recordings that have imperfections such as those that characterize old records with their pops and cracks (among other distractions) and zero in on what's signal (what they want you to type) and what's noise.

            Captchas, at least the ones that are actual Captchas, do not require that you give "the correct answer" but just one that's "correct enough."  The very nature of the beast is such that there is ambiguity about certain parts of the image, and so long as the response is unambiguous about the characters that are unambiguous, but could be anything for the characters that are ambiguous, the test is passed.  It really was a brilliant way to separate the human from the computerized intruder.  The addition of the audio portion was done after the light bulb went off that the blind and visually impaired are never going to be reading Captchas from the scanned images, but the audio is meant to be at least somewhat ambiguous as well for precisely the same reasons.

            I'm not trying to defend Captchas from an accessibility standpoint here.  But, contrary to your assertions, they are very, very, very effective at differentiating humans from robot programs and if you think about some of the places where you're encountering them you will see why that might be a security priority at that particular juncture.

            Security features are designed to be barriers.  What they ideally should not be are accessibility barriers.  If you go to the official website of the "classic Captcha" and click on anything you are immediately redirected to Google's site for the new reCaptcha (which, by the way, I'd really wonder if it is accessible by design, as it should be) where the next generation of the technology, which does not require any reading, but is "point and click" in a way that remains confusing to machines but quite clear to humans (and I think to screen readers, too).  I've seen lots of reCaptchas already.  This may let you know that what's coming next is better, or let you start complaining (and legitimately) about accessibility issues ahead of the broader use of this technology.

Brian

Join main@jfw.groups.io to automatically receive all group messages.