Let’s stop inaccessible CAPTCHAs
August 22nd, 2005
You have probably seen more and more CAPTCHAs in use on blog comments forms. The trend might grow now has made them widely available with a feature called . Widespread use of CAPTCHAs must be stopped.
What’s a CAPTCHA, I hear you ask? It is a tool to verify that a web form is being completed by a human being, as opposed to completed automatically by a spamming program. It works like this: a picture of a word or multi digit number is generated randomly and placed on the web form. The person filling in the form must read the word or number, then type it into a form field before submission. If the person’s answer matches the word or number in the picture, then the form is accepted. In theory at least, spamming machines cannot read pictures and therefore can’t beat the test.
So what’s the problem? CAPTCHAs discriminate heavily against anyone with a impaired vision . An odd font, which cannot be resized or read by a screen reader, on a busy background? The chances of a blind, partially sighted, or colour blind user getting past a CAPTCHA are slim. Even those of us with good vision have problems. Also, many CAPTCHA implementations can be cracked by machines . That may not be happening right now, but if enough people use CAPTCHAs, the spammers will adapt. So Blogger has just deployed a “solution” which might continue to let in spam, but which locks out a large minority of human beings.
Here’s what you can do:
-
For Blogger and BlogSpot users: CAPTCHAs (word verification for comments) are switched off by default. Leave them switched off.
-
If you are using a CAPTCHA already: stop. You are not a bad person - you probably didn’t consider all the implications. That’s OK. You know now. Please considering removing your CAPTCHA. Apart from the obvious reputation problems if your business is uncovered as a discriminator, you could be at legal risk under the Rehabilitation Act in the US or the Disability Discrimination Act in the UK.
-
If you come across a CAPTCHA: complain. I have avoided doing this to date, because I don’t want to look arrogant to other bloggers, but when one of the largest blog software providers starts to provide something so discriminatory as standard, we all have to speak up. Fill in the form, leave your comment or what have you, then add something like this:
Please be aware: the image CAPTCHA device that you use to prevent spam on this form discriminates against blind, partially sighted and colour blind users. You may also be exposing yourself or your organisation to legal risk under anti-discrimination laws.
-
If you have a blog: please write a short post to explain the discriminatory nature of CAPTCHAs and ask that your readers do the same. Yes, I am proposing an anti-CAPTCHA meme.
When you post or complain in a comment, here are some good links to mention:
W3C: Inaccessibility of Visually-Oriented Anti-Robot Tests
D Keith Robinson’s: I hate CAPTCHA
David Naylor: CAPTCHA - is it good or evil
Eric Meyer: WP Gatekeeper
(a rather technical post, but an interesting accessible alternative to using CAPTCHA)
If you can suggest other links for this list, then by all means leave them in the comments.
PS I have classified this under “Doing business” because so long as CAPTCHA usage, in particular, and accessibility, in general, are perceived as design or development issues, they won’t get the attention they deserve.
PPS Two rants in two posts? What the hell have they put in water round here?
Entry Filed under: Doing business , Design
12 Comments Add your own
1. louise | August 23rd, 2005 at 11:40 am
Yah, yah, protest about it without offering a better solution to preventing spam like the fake emails getting sent from your site. Either come up with something better or else shut the heck up.
2. Adrian | August 23rd, 2005 at 3:23 pm
First off, thanks for your comment.
Let’s make a distinction between stopping comment spam via a CAPTCHA and email spam from spoofed email addresses. The fake emails are not being sent from my site. My email address has been spoofed. Anyone’s email address can be spoofed, either by a spammer who harvests them from a website, or by the spammer who illicitly gets hold of an email address book containing the address to be spoofed.
If you have received a spam email purporting to be from me, then there really is little I can do about that - and please rest assured anything I could do, I would. It does me no good to have comments like yours appearing on this blog, or to have my email address being labelled as spam in other people’s email clients. My address has been spoofed not because I have done anything wrong - my firewall and virus checking are up to date and working - but because spammers are devious little toerags.
Just to be clear, CAPTCHA is not a solution to email spoofing or email spam. It is one possible solution to comment spam, but it is one which discrimates agains visually impaired web users, and I find that discrimination unacceptable.
As you ask for a better solution to prevent comment spam, I refer you to Eric Meyer’s CAPTCHA alternative, WP Gatekeeper, which I did mention in my post. Eric’s code is specific to WordPress, but the principle is applicable to all web forms. The idea works on providing a human readable question (perhaps a logic puzzle or even a simple “what is my name?”).
Other solutions can include moderating comments, registration coupled with whitelisting, blacklisting etc. Even something as simple as renaming your comment form can make a difference. Most anti-spam measures can be set to work in all cases or be triggered by comments which contain links elsewhere (almost all comment spam contains links).
There are more discussions of non-CAPTCHA methods for preventing comment spam and here , and no doubt plenty more links elsewhere.
Given the plethora of alternatives methods for tackling comment spam, do you still think it acceptable to use the one method which so blatantly discriminates against visually impaired users?
3. Phil Gerbyshak | August 24th, 2005 at 2:36 am
I think that any method that discriminates can be problematic. As long as there is a choice, I would agree to turn off the CAPTCHA feature.
Good post Adrian, and good explanation in your comment. Inclusion is important, and never moreso than on the Internet. Thanks for the tip.
As always, 100% CAPTCHA free!
4. louise | August 24th, 2005 at 1:03 pm
So let’s see, your alternatives are something which doesn’t exist except for WordPress, logic puzzles (discriminating against the dyslexic or maths impaired) or questions like “what is my name” as though that couldn’t be hacked just as easy as you claim CAPTCHA can? Or on something the size of blogger, craigslist, etc moderating/blacklisting/whitelisting?Do you have any idea the number of resources that would take? Somehow, I don’t think so.
Just how many blind people are using the internet anyway? And how many spammers?
5. Donna | August 24th, 2005 at 2:01 pm
There are two million people with sight problems in the UK (according to RNIB’s website) I beleive that makes over 3% and that is a significant proportion.
Why on earth shouldn’t/wouldn’t they use the internet? You do… I do… goodness I think even my mum might have once!
Anyhow, multiply 2 million by all the other countries out there and that’s that’s a fair bunch of people that are often needlessly discriminated against.
6. Adrian | August 24th, 2005 at 4:00 pm
Louise, your view seems to be “discrimination is OK in this instance, because I only discriminate against a small number of people. Being inclusive takes too much effort.”
I disagree with your view very strongly. No matter how few are disadvantaged, discrimination, in my view, is not OK.
7. Adrian Trenholm » I… | August 25th, 2005 at 1:30 pm
[…] uise that made me do it, or am I just an ass by nature? Let me recap: I post that I think CAPTCHA - a technique for stopping comment spam - is the devil’s work, for it is not accessible to visuall […]
8. Eric | December 22nd, 2005 at 12:05 am
First, CAPTCHA systems don’t prevent people from reading my content. They merely keep people from commenting on my post.
Further, CAPTCHA systems don’t keep people from participating, so long as trackbacks are enabled. They always have the option of setting up their own system and writing their response as a trackback to my comment.
Finally, such deaf-blind users always have the option of emailing the owner personally, and comments can be posted manually.
that said, where I have my CAPTCHA on my forum, I have a link to my email where it exists. Luckily, I have a small enough forum that I can deal with such email as it comes. Unfortunately, the email has already been innundated with spam.
I haven’t gotten it through their head that if I don’t buy viagra this time, I’m probably not interested.
9. Noontide Blog » Bl… | December 22nd, 2005 at 6:32 am
[…] feature called word verification for comments. Widespread use of CAPTCHAs must be stopped. 1. In reality thought nobody should […]
10. Stefan | December 22nd, 2005 at 5:16 pm
I agree with you completely on this. Not only do CAPTCHAs discriminate against the visually impared, they are also just damn annoying!
11. Ramsay | December 23rd, 2005 at 9:08 am
While I agree that CAPTCHAs are annoying, I fail to see how the injustice is so terrible. If life was fair and the internet not a study in chaos theory than maybe the changes you suggest could matter.
I think Louise was merely working on the premise of the greatest good for the greatest number of people idea. You might start railing against pharmaceutical companies that won’t find cures for diseases that on a few people have. At least you would be saving someones life instead of their ability to post comments on the web.
12. Chirs | December 27th, 2005 at 5:30 am
“a large minority of human beings”
That sounded funny to me.
Leave a Comment
Some HTML allowed:
Trackback this post |