| Summary: | blind users are unable to register for forums accounts | ||
|---|---|---|---|
| Product: | Gentoo Infrastructure | Reporter: | William Hubbs <williamh> |
| Component: | Forums | Assignee: | Gentoo Board of Trustees <trustees> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | deedra, email, forum-mods, jer, quantumsummers |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://recaptcha.net/plugins/phpbb | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
William Hubbs
2009-09-09 21:50:14 UTC
(In reply to comment #0) > Also, for more information on this issue, you might want to look at > http://blog.blindaccessjournal.com/search/label/Visual%20Verification. Link dead. (In reply to comment #1) > (In reply to comment #0) > > Also, for more information on this issue, you might want to look at > > http://blog.blindaccessjournal.com/search/label/Visual%20Verification. > Link dead. You are correct, I guess they changed their site since this bug has been opened; it was a valid link at the time. In a nutshell though, this form of captcha, which blocks people from accessing something based on their lack of sight, is wrong, and needs to be fixed. The article on captcha on wikipedia discusses this issue. Also, the original captcha site, http://www.captcha.net, states that a sight that does not provide accessible captcha may be breaking the law in the US. (In reply to comment #2) > In a nutshell though, this form of captcha, which blocks people from accessing > something based on their lack of sight, is wrong, and needs to be fixed. > Even given the current CAPTCHA, blind users are hardly blocked from using the forums, simply send e-mail to forum-mods@ and account would be created, generally within a few hours; no CAPTCHA required. > The article on captcha on wikipedia discusses this issue. Also, the original > captcha site, http://www.captcha.net, states that a sight that does not provide > accessible captcha may be breaking the law in the US. > Please stop trying to spread FUD, section 508 covers some, though by no means all, software procured pursuant to federal government contracts. So while following the guidelines in section 508 may be worthwhile, it is hardly a legal requirement. (In reply to comment #3) > (In reply to comment #2) > > In a nutshell though, this form of captcha, which blocks people from accessing > > something based on their lack of sight, is wrong, and needs to be fixed. > > > Even given the current CAPTCHA, blind users are hardly blocked from using the > forums, simply send e-mail to forum-mods@ and account would be created, > generally within a few hours; no CAPTCHA required. This is not a solution, because, it makes a blind person wait a few hours to gain access while everyone else can gain access immediately. > > The article on captcha on wikipedia discusses this issue. Also, the original > > captcha site, http://www.captcha.net, states that a sight that does not provide > > accessible captcha may be breaking the law in the US. > > > Please stop trying to spread FUD, section 508 covers some, though by no means > all, software procured pursuant to federal government contracts. So while > following the guidelines in section 508 may be worthwhile, it is hardly a legal > requirement. I simply refered you to the original developers of captchas and what they have to say about visual captchas like the one on the forums. I figure since they are the ones who came up with the idea they would know what they are talking about. (In reply to comment #3) > Even given the current CAPTCHA, blind users are hardly blocked from using the > forums, simply send e-mail to forum-mods@ and account would be created, > generally within a few hours; no CAPTCHA required. Dean, this is my concern. A blind user will come to the forums just like anyone else, wanting to find help for an issue they are having with their system or post a question. The current captcha system requires a blind user to wait for someone to create their account for them before they can post their question. Can you assure me that this will ALWAYS be done in a reasonable amount of time (say 24 hours)? Even if that answer is yes, do you feel that it is a good thing for community relations to make a blind user wait for someone to create their account, which could take hours, before they can post their question while at the same time allowing sighted users to create their accounts immediately? Another document to consider is the World Wide Web Consortium's working group note on this subject: http://www.w3.org/TR/turingtest There are alternatives such as math captcha's, phrase captchas and logic puzzles which could be used instead of visual captchas. All I'm asking for is a reasonable accomodation, and I don't think that the response-by-email method is good because it can make blind users wait an unreasonably long time to get an account created. Let me know what you think. William (In reply to comment #4) > I simply refered you to the original developers of captchas and what they have > to say about visual captchas like the one on the forums. I figure since they > are the ones who came up with the idea they would know what they are talking > about. > Their statement is correct, sites reliant solely upon visual CAPTCHAs would not meet the requirements set out in that statute; yours proceeded to expand that into a claim that all sites are somehow subject to those requirements, which is false. Given that you are the accessibility project lead and that your location is listed as being in the U.S.A, it seems highly unlikely that you were somehow unaware of that. (In reply to comment #5) > The current captcha system requires a blind user to wait for someone to create > their account for them before they can post their question. Can you assure me > that this will ALWAYS be done in a reasonable amount of time (say 24 hours)? Obviously not, there have been multiple occasions where the forums were either down or read only for various reasons for longer periods and additional such periods are expected to occur in the future. However, I can assure you that all such requests since I have been receiving mail to the forum-mods@ alias have been handled in under 24 hours, most in under one hour. > Even if that answer is yes, do you feel that it is a good thing for community > relations to make a blind user wait for someone to create their account, which > could take hours, before they can post their question while at the same time > allowing sighted users to create their accounts immediately? > My feelings on the matter are irrelevant, as yours should be; rational assessment of the the problem at hand, potential solutions thereto or ameliorations thereof, the costs involved and benefits of each, being far more useful. Having a system which allowed any interested user to register and begin using their account immediately would, obviously, be preferable. > Another document to consider is the World Wide Web Consortium's working group > note on this subject: > > http://www.w3.org/TR/turingtest > The relevant concerns mentioned in that note have been and will continue to be addressed in whatever manner is deemed most practical by those actually maintaining the site. > There are alternatives such as math captcha's, phrase captchas and logic > puzzles which could be used instead of visual captchas. > All of which are relatively easily, if not trivially, defeated. > All I'm asking for is a reasonable accomodation, and I don't think that the > response-by-email method is good because it can make blind users wait an > unreasonably long time to get an account created. > > Let me know what you think. > While the current situation is hardly optimal, it is as acceptable a compromise as is presently available. (In reply to comment #6) > (In reply to comment #4) > > I simply refered you to the original developers of captchas and what they have > > to say about visual captchas like the one on the forums. I figure since they > > are the ones who came up with the idea they would know what they are talking > > about. > > > Their statement is correct, sites reliant solely upon visual CAPTCHAs would not > meet the requirements set out in that statute; yours proceeded to expand that > into a claim that all sites are somehow subject to those requirements, which is > false. Given that you are the accessibility project lead and that your location > is listed as being in the U.S.A, it seems highly unlikely that you were somehow > unaware of that. In my original statement, I said that a sight "might be breaking the law in the US". I did not specifically mention section 508, because I know that there are other laws, such as the Americans with Disabilities Act, and similar laws at the state level which could apply. I'm not a lawyer by any means, so I don't know all of the details about how the laws work. I was just saying that we could possibly be open to action if someone wanted to push it. So, I stand behind my original statement about this issue, it is not false. But let's move away from the legal issue for now. > (In reply to comment #5) > > The current captcha system requires a blind user to wait for someone to create > > their account for them before they can post their question. Can you assure me > > that this will ALWAYS be done in a reasonable amount of time (say 24 hours)? > Obviously not, there have been multiple occasions where the forums were either > down or read only for various reasons for longer periods and additional such > periods are expected to occur in the future. However, I can assure you that all > such requests since I have been receiving mail to the forum-mods@ alias have > been handled in under 24 hours, most in under one hour. I was not referring to technical issues such as the forums being down or read only for a time, as these would affect all users who wanted to create accounts, not just blind users. I was specifically referring to the situation where a blind user emails forum-mods and wants an account to be created. I appreciate you handling these as quickly as you have, and I don't have a problem with forum-mods creating accounts for blind users, or for anyone who asks them to. I just don't think this should be the primary way that blind users get their accounts created. > > Even if that answer is yes, do you feel that it is a good thing for community > > relations to make a blind user wait for someone to create their account, which > > could take hours, before they can post their question while at the same time > > allowing sighted users to create their accounts immediately? > > > My feelings on the matter are irrelevant, as yours should be; rational > assessment of the the problem at hand, potential solutions thereto or > ameliorations thereof, the costs involved and benefits of each, being far more > useful. Having a system which allowed any interested user to register and begin > using their account immediately would, obviously, be preferable. We are on the same page here then. > > Another document to consider is the World Wide Web Consortium's working group > > note on this subject: > > > > http://www.w3.org/TR/turingtest > > > The relevant concerns mentioned in that note have been and will continue to be > addressed in whatever manner is deemed most practical by those actually > maintaining the site. According to section 1.1, there is a false sense of security associated with visual only captchas, and there are a number of techniques that are as affective as visual captchas without causing accessibility issues. Also, take a look at section 3 of this document for more ideas of how this could be done. Yes, some of the suggestions there are theoretical, but some are not. The issue I have with visual only captchas comes down to this. The purpose of a captcha is to tell the difference between a computer and a human. Visual only captchas are inherently flawed in this regard, because they can't recognize blind users as human. I'm not convinced, especially after reading the w3c working group note that I referred to, that a visual only captcha has enough benefits to justify this flaw. All I am saying is that I do not agree that the email optionn should be the only option for blind users to get their account created, and I am asking the forum maintainers to research other options, and we can discuss other options here. I'm not telling you which option to implement, but something needs to be done. Thanks, William It looks to me like forums.g.o could start using an improved CAPTCHA implementation, regardless of the perceived inconvenience of the current implementation to specific groups of users. Is anything technically stopping us from basically upgrading the CAPTCHA library? If not, are other resources needed to move forward with this? Here is more information to consider for this issue. http://www.smashingmagazine.com/2011/03/04/in-search-of-the-perfect-captcha According to this article, captchas should be the very last resort, and other methods of spam detection should be used. forum folks anyone want to fix this pretty please? I'm a returning developer, can't register because i can't read the capture, and i definitly should not have to email anyone to get an account registered for this. google has audio captures that work just as well on their websites, as do others. I understand there are reasons this is enabled, however, I really do think that this needs to be addressed. forum-mods: Any reason you can't just drop in reCAPTCHA? recaptcha will only work if there's a way for the blind folks to actually download the audio file. Problem with some of the audio captcha stuff is that the sound isn't clear enough to be understandable. I'm not trying to complain here, but if you add audio captchas, we need to make sure that they're understandable for people. I've seen some so bad that they can't be understood, and i've seen some really good ones. I suspect to fix this it's going to take a bit of trial and error to find a decent compromise. I am reassigning this to the Trustees of the Foundation, as accessibility is a legal issue. We may not be able to implement a perfect fix for this issue immediately, we must address this with an incremental solution now. The trustees will have a discussion regarding this at the next regular meeting in May, however I am hopeful we have an interim mitigating partial solution in less time. (adding forum-mods to the CC as they need to be in the discussion still to implement whatever is required) williamh: you linked recaptcha in your original bug submission, since it had audio support. dmwaters per comment 12 objects to audio, so can you can suggest a specific alternative solution that can be dropped into place like recaptcha? As an idea I had, what if there is a email template that gets processed automatically? That would be entirely text-based, and could be subject to classical spam reduction techniques. The user MUST however fill out all of the fields of the form to pass the automation. There will be NO bounce or rejection messages, to avoid backscatter spam attackers either. (In reply to comment #14) > (adding forum-mods to the CC as they need to be in the discussion still to > implement whatever is required) > williamh: > you linked recaptcha in your original bug submission, since it had audio > support. dmwaters per comment 12 objects to audio, so can you can suggest a > specific alternative solution that can be dropped into place like recaptcha? I don't think dmwaters objected to an audio captcha per se. The issue with most of them is that they are so distorted that it is difficult to make out what you are supposed to type. dmwaters, I would like you to reply to this comment and tell me if you agree with what I'm about to say. I think a good example of a solvable audio captcha is something like the one on www.slashdot.org. > As an idea I had, what if there is a email template that gets processed > automatically? That would be entirely text-based, and could be subject to > classical spam reduction techniques. The user MUST however fill out all of the > fields of the form to pass the automation. There will be NO bounce or rejection > messages, to avoid backscatter spam attackers either. This is a possibility too, as long as filling out the form immediately gives the user a forums account. What we are trying to get passed is the email-and-wait situation for registering an account. (In reply to comment #13) > I am reassigning this to the Trustees of the Foundation, as accessibility is a > legal issue. We may not be able to implement a perfect fix for this issue > immediately, we must address this with an incremental solution now. > > The trustees will have a discussion regarding this at the next regular meeting > in May, however I am hopeful we have an interim mitigating partial solution in > less time. A few hours delay would have saved everyone some bug spam, considering that the CAPTCHA has been disabled for two weeks running following the activation of additional anti-spam measures courtesy of tomk. This had been our intended trial period to ensure that things would not get out of hand with respect to spam or false positives, both remained under control and, as we had expected, the CAPTCHA is to remain disabled until such time as enabling one would appear, to us, to provide sufficient benefit. (In reply to comment #14) > (adding forum-mods to the CC as they need to be in the discussion still to > implement whatever is required) Thanks. > As an idea I had, what if there is a email template that gets processed > automatically? That would be entirely text-based, and could be subject to > classical spam reduction techniques. The user MUST however fill out all of the > fields of the form to pass the automation. There will be NO bounce or rejection > messages, to avoid backscatter spam attackers either. If and when we do enable a CAPTCHA again, we may well try something along those lines. Marking bug as resolved as there were no other issues beyond the CAPTCHA itself cited as delaying registrations. |
