Note from reCAPTCHA developer Ben Mauer

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Note from reCAPTCHA developer Ben Mauer

Aaron Leventhal-3
Forwarding....

I like his message -- especially the end whre he says "While we do still have
a11y issues, I think we're getting closer to fixing them. When we do fix them,
all sites using reCAPTCHA will benefit",

- Aaron

From: Ben Maurer
Subject: Re: CAPTCHA examples for Mozillazine?

 > So here are a few of the things I've gotten out of both working
 > on reCAPTCHA and from the discussion on this list:
 >
 > - Writing a CAPTCHA is hard. There are lots of UI elements that
 > folks miss -- for example, having a reload button when a CAPTCHA
 > isn't readable, getting the UI interaction right for a11y
 >
 > - Designing a secure CAPTCHA is even harder. Very few CAPTCHA
 > implementations actually stand up to attacks. Common CAPTCHAs
 > (such as the phpBB one) get broken. It's also a bit tricky to
 > design the CAPTCHA so that replay attacks don't work.
 >
 > - Secure audio captchas take quite a bit of effort. You need to
 > gather a large number of voice samples to get it to be secure.
 > These samples can not be shared, otherwise it will greatly aid
 > an attacker. Similarly, synthized audio is not sufficient for CAPTCHAs.
 >
 > - It's very easy to write a CAPTCHA that allows you to DoS the
 > server. I've seen CAPTCHA scripts that allow a remote DoS with
 > 10-20 req/s.
 >
 > - Browsers suck at playing audio. When they do play it correctly,
 >  visually impaired users can't control the audio (pause, volume,
 > etc).
 >
 > I think that a CAPTCHA service, such as reCAPTCHA is the best
 > way for sites that don't have the resources to engineer a
 > CAPTCHA. While creating open source captchas is a potential
 > solution, I think that's gone badly, in general. One of the
 > advantages of reCAPTCHA is that we're able to analyize user
 > behavior on a large set of solutions. We can also make security
 > updates (in how we generate images) very quickly.
 >
 > While we do still have a11y issues, I think we're getting closer
 > to fixing them. When we do fix them, all sites using reCAPTCHA
 > will benefit
 >
 > -b
_______________________________________________
dev-accessibility mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-accessibility