I am an ass… but CAPTCHA is still the devil’s work
August 25th, 2005
Was it the provocation from Louise that made me do it, or am I just an ass by nature? Let me recap:
I post that I think CAPTCHA - a technique for stopping comment spam - is the devil’s work , for it is not accessible to visually impaired users. Louise comments: it is spam that is the devil’s work, and I should put up - suggest practical CAPTCHA alternatives - or shut up. I respond with alternatives and Louise - rightly - calls one of those alternatives into question, for discriminating against another group of users. She says the other alternatives are too resource-hungry. She asks:
Just how many blind people are using the internet anyway? And how many spammers?
It is then that the red mist of battle takes over. I roll out my dogma cannon and FIRE!
Louise, your view seems to be “discrimination is OK in this instance, because I only discriminate against a small number of people. Being inclusive takes too much effort.”
I disagree with your view very strongly. No matter how few are disadvantaged, discrimination, in my view, is not OK.
Like I said: was it Louise made me do it, or am I just an ass?
Having slept on it, I began to get some fresh perspective on this. I live in a flat on the second floor. There are no ramps or lifts. Does that not discriminate against people in wheelchairs? I can just about get away with it, because:
- Our flat is not a public space and no one, in a wheel chair or not, is entitled to enter without permission. In public spaces, there will be places a disabled person is entitled to go which are inaccessible to him or her.
- We do not own the stair well, so even if I did want to invite someone with a wheelchair to come up, I still cannot fit a lift or ramp.
- Even if we had permission to fit a lift, we couldn’t afford it
So is there a more workable principle: discrimination in public spaces over which I have control, except when I don’t have the resources is not OK? Am I finally letting some shades of grey dominate my previously black and white thinking? Yes, I think I am. But what about web accessibility? Are CAPTCHAs OK now?
No, they are not. We are not, after all, taking something which is already inaccessible and applying massive resources to provide access (like building a lift in a block of flats). We are talking about taking something which is accessible by nature (the web) and then deliberately denying access. Using a CAPTCHA is like ripping the lifts and ramps out of an accessible building and replacing them all with stairs, then justifying your actions by saying the ramps and lifts made it easy for thieves to come into the building.
The web is a public space. The website owner has control over his or her site. And the resources required for the various alternative anti-spam methods are, in most cases, not significantly more than those required to implement CAPTCHA, and in some cases less. CAPTCHAs, in my view, are still not OK, and I would like to see them consigned to the scrapheap.
No doubt Louise will disagree. That’s OK. If Louise has a blog and wants to take up the discussion there, I will happily link to it. Through all this, I have learnt something new about myself and about blogging, specifically about how I respond to comments. I intend to be less of an ass in future. But one thing is sure, I won’t be shutting up about web accessibility any time soon.
Entry Filed under: New perspectives , Design
17 Comments Add your own
1. Anonymous Coward | August 25th, 2005 at 4:33 pm
How to evaluate a CAPTCHA. Jeremiah Grossman calls it the CAPTCHA Effectiveness Test :
2. Adrian | August 25th, 2005 at 4:36 pm
Thank you Anonymous Coward - that is superb. When I have talked about CAPTCHA, I am talking specifically about the visual kind that is difficult, if not impossible for visually impaired users.
BTW everyone seems to be avoiding leaving their name and URLs. Why is that?
3. lex | August 26th, 2005 at 6:06 am
I don’t think you’re being an ass. I think I’m being an ass when I neglect to consider accessibility on my own site (which is pretty much all the time, but I’m a noob). Thanks for reminding people, because those of us who are not visually impaired don’t always consider those who are.
4. lexrob.com… | August 27th, 2005 at 8:40 am
self serving saturday!
Another Saturday, another self-serving entry. Maybe this will become a regular thing, Self-Serving Saturdays. Hey, why not create a new category for it? Anyway, several things to talk about…Around the web…Kristen is now blogging, so letR...5. Adrian | August 28th, 2005 at 1:50 pm
There are more CAPTCHA alternatives over at Sitepoint
6. Louise | August 30th, 2005 at 5:08 pm
You are an ass. Not so much because of your views on CAPTCHAs, but because you didn’t think it through, blogged about it as some kind of web guru, right down to the patronising “It’s ok, you didn’t know” line, and yet failed to offer any kind of real alternative.
And then you implied that I said it was ok to discriminate. No, in a just world there would be no discrimination. Right now, that world is unjust, and constantly under attack and on the verge of going under because of spam. The visually impaired aren’t taking it down, but spam traffic is. Which to me makes the fight against spam of currently greater importance than the accessibility to the blind. So for a guy who readily admits he can’t control the spam being sent from his own website to ignore that issue and go on about CAPTCHAs being so much worse makes you next to impossible to take seriously.
Louise does have a blog, but wouldn’t dare let you near it. Which is why Louise’s next step is to install CAPTCHA.
7. Louise | August 30th, 2005 at 5:10 pm
Oh, and the next time someone with limited mobility wants to come around to your flat for dinner, what are you going to do? You say you can’t afford a lift, but you’re going to discriminate against them anyway. And with the other CAPTCHA alternatives being resource hungry, you don’t care, except those are expensive as well, just not to you personally. How hypocritical!
8. Andy Merrett | August 30th, 2005 at 8:04 pm
Grow up Louise
9. Adrian | August 31st, 2005 at 4:40 pm
Steady on, Andy
Louise, CAPTCHAs are not accessible - that’s not in dispute. None of us want to see the web - in your words - “taken down” by spam.
So the focus of this conversation is: does spam prevention take precedence over accessibility? To you, “the fight against spam [is] of currently greater importance than the accessibility to the blind.” To me, they are of equal importance. Why does it have to be spam prevention or accessibility? Why not both? I am not saying “don’t fight spam,” I am saying “fight spam, but keep the web accessible while you do it.”
As for my tone of voice - I don’t “claim” guru status, but the other people I link to in these posts are generally acknowledged by their peers as highly accomplised in web development, usability and accessibility. Is it patronising to say “It’s OK, you didn’t know”? I don’t think so. Many people don’t know that CAPTCHA is inaccessible: website owners, web developers, and especially not the majority of people serviced by Blogger.
Blogger’s customers are attracted by ease and simplicity. They don’t know about accessibility and why should they? I think a lot of people who use Blogger and switch on the CAPTCHA would be horrified to learn that they have just made a part of their blog inaccessible. They are not bad people. They just did not know. So if we can raise awareness without being critical, then mission accomplished, as far as I am concerned (and yes, I was overly dogmatic towards you in the comments - and I had the good grace to acknowledge that in this post).
If Blogger could at least warn their customers that turning on CAPTCHA makes their comments inaccessible, that would be a start.
What a shame you won’t invite us to read your blog. No doubt your introduction of CAPTCHA will be an interesting case study - will it change the number of comments you receive on your blog, for example?
As for your second comment - there are plenty of anti-spam options which are within the means of blogging service providers and of bloggers who host their own blogs. How can I prove that? Because plenty of bloggers, operating on limited resources, have already installed anti-spam measures which don’t rely on CAPTCHA. I discussed the example of fitting a lift outside my flat simply to explore the principle. Your suggestion that anti-spam measures of any kind are as resource hungry as brick and mortar capital projects is really smoke and mirrors, don’t you think?
Finally, discussion is good. I welcome your comments here. However, I have one reservation: you have asserted in this comment for a second time on this blog that spam gets sent from this website. That is absolutely inaccurate. I do not send spam. Given the informed nature of your comments, I am sure that you understand this. Unfortunately others might not, so please take care in future to distinguish between email spoofing (which lots of us fall victim too), sending spam (which I do not do) and comment spam (the subject of this conversation). Thank you.
10. Louise | September 1st, 2005 at 12:27 pm
Right, so let me recap:
1) You can’t do anything about e-mail spoofing, nor are you willing to try.
2) Something can be done about spam, but you don’t like the currently most effective method which as with everything else has already evolved to become more effective and will continue to evolve to be effective AND accessible because what it has currently evolved into is currently restrictive to people who are blind.
3) You claim on this website that you teach people how to communicate, and you link to your own web development business website, but you a) don’t know how to prevent e-mail spoofing, b) you don’t know how to use Skype, c) you can’t figure out how to use Skype by say, spending all of 30 seconds on their website, and d) don’t see how “there there, you didn’t know” isn’t patronising in the extreme?
How you manage to make money from either web development or communication skills is beyond me.
11. Louise | September 1st, 2005 at 12:34 pm
Oh! Look! A quick google search reveals plenty of Spoofing Prevention Tips, which any web developer should be presumed to know! From www.linuxsecurity.com :
Prevention of IP Spoofing:
To prevent IP spoofing happen in your network, the following are some common practices:
· Avoid using the source address authentication. Implement cryptographic authentication system-wide.
· Configuring your network to reject packets from the Net that claim to originate from a local address.
· Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IP addresses on your downstream interface.
If you allow outside connections from trusted hosts, enable encryption sessions at the router.
Please stop having others do your work for you. You should be embarrassed.
12. Adrian | September 1st, 2005 at 1:29 pm
Thanks for your input.
13. Louise | September 1st, 2005 at 1:55 pm
Apparently communication also doesn’t extend to grammar. I believe you wished your comment to say “Thanks for your input.” but I’m not the communication guru. You’re claiming that high ground.
14. Adrian | September 1st, 2005 at 3:00 pm
Thanks for that. Please check your email. Thank you.
15. Louise | September 2nd, 2005 at 10:06 am
Did check it. Nothing from you. Sent you e-mail re: remote working address for next few days. Still nothing. What gives this time?
16. Adrian | September 10th, 2005 at 8:50 pm
Louise is now in contact with me via email.
17. Noontide Blog… | December 22nd, 2005 at 6:37 am
CAPTCHAs
There seems to be a lot of noise being made lately about the inaccessible for people with disables. Most people fail to realize that CAPTCHA are not inheritently discriminatory. For example:You have probably seen more and more CAPTCHAs in use on blo...Leave a Comment
Some HTML allowed:
Trackback this post |