Do It Myself Blog – Glenda Watson Hyatt

Motivational Speaker

Are Negative CAPTCHAs Any More Accessible?

Filed under: Blog Accessibility — by at 7:30 pm on Thursday, March 5, 2009

An example of a difficult to read CAPTCHA This morning I sat down to finish writing the “Do CAPTCHAs prevent your readers from commenting?” section for my upcoming ebook Web Accessibility for Bloggers. CAPTCHAs (short for Completely Automated Public Turing test to tell Computers and Humans Apart) pose many accessibility issues.

I recalled that, in a previous post about web accessibility, a reader offered negative CAPTCHAs – whereby spambots must prove they are bots rather than requiring humans prove they are indeed human when leaving blog comments – are accessible alternative. I googled negative CAPTCHAs to learned more about this alternative and started with Damien Katz’s Negative CAPTCHA.

Reading through the comments, which can be more informative and insightful, the following points were mentioned:

  • “a legitimate user on a browser which either doesn’t support or doesn’t have CSS enabled could fall for it”;
  • some browsers auto fill form fields and, thus, could conceivably fill in the hidden field;
  • a smart programmer could program bots to look for the hidden CSS tags and discard those field responses;
  • screen readers (software used by individuals with sight impairments) vary widely in how they react to hidden or invisible information as demonstrated by  Bob Easton’s research results (note: you would want a n/n for this instance);
  • “if you’re hiding a form field called "e-mail" from stupid bots, why not also include some explanatory text like "if you’re a human, don’t type anything in here–its just a trick to weed out spambots." sighted users will see nothing ’cause you’ve used js/css to hide the whole thing but the blind or people using lynx will read/hear an explanation.”

The discussion continued, but by then my eyes were spinning in their sockets and I was desperately craving chocolate! All I wanted to know was whether negative CAPTCHAs are accessible. Once again i was reminded that accessibility isn’t always a clear cut yes or no, but rather a continuum, which my clients always hate hearing.

So, I am taking the question to my brilliant and insightful people: Are negative CAPTCHAs any more accessible? Are they an appropriate alternative to the distorted characters in images used for blocking spam? If a blogger is using a good spam engine, such as Askimet, and requiring that the first comment of new readers be moderated (with an accompanying “Your comment is awaiting moderation” message – coming soon to this blog), is there even a need for CAPTCHAs to keep spam off blogs?

What are your thoughts on this topic?


A captcha with an audio feature Putting the ebook aside for the day, I next checked my email. In there was Viddler’s monthly newsletter announcing the release of its newest version, including “Captcha on forums” – like that is a good thing?! <insert sound of web accessibility consultant banging her head against the wall>

If you enjoyed this post, consider buying me a chai tea latte. Thanks kindly.

Random Posts

Trackbacks

8 Comments »

Comment by Ricky Buchanan

March 5, 2009 @ 10:48 pm

Personally, looking at that negative CAPTCHA example at the top of your article makes my head feel instantly migraine-ey. It’s no easier to figure out the letters/numbers for me than it is with the distorted one or the weird-background ones.

Comment by Tim O'Brien

March 6, 2009 @ 5:03 am

I think the future of anti-spam is in OpenID. Using OpenID, you can use a reputable source to guarantee that you are human and not a spambot.

Negative CAPTCHAS might stop this generation of spambots, but spammers will just redesign a better spambot.

To defeat spam, we need some time of confirmation system, either third party (OpenID) or personal (email confirmation or registration).

Comment by Bob Easton

March 6, 2009 @ 5:11 am

Ricky, the image at the top of the page is not a negative captcha. It’s a normal captcha, and yes it is obnoxious! A negative captcha is one that we won’t even recognize.

The idea is that people would see a regular form and no captchas at all. The spam bots would see that same form plus an extra field that people don’t see. If that field comes back filled in, it means a spam bot filled it in.

While a good idea, the nature of the spam war is that the bot designers learn these tricks very quickly and find ways to overcome them.

Bottom line, and it’s a shame, is that the technique is not useful enough to work for large, high-traffic sites. Sure, it appears to work well for the geeky web designer (self-referential) who uses it on his own lightly traveled blog. But it won’t work for Google or Yahoo or other large sites. The spammers can too easily defeat it.

Unfortunately, I think we’re stuck with obnoxious captchas for a long time. You see, the person who comes up with a very effective replacement for the captcha, a very easy to use and highly accurate Turing Test, could be instantly wealthy. And with the way people scheme to make money, someone should have come up with that very lucrative answer by now. They haven’t.

As always, all the best to Glenda. Keep up the great work!

Comment by Glenda

March 6, 2009 @ 10:01 am

Bob, thank you for clarifying the image above is not a negative CAPTCHA. I now realize the visual is misleading, given the topic. Although, from my understanding, a negative CAPTCHA would not be seen.

At the moment, if bloggers want to encourage comments, is their best line of defense against spam is to have a good spam engine and to moderate a reader’s first comment?

By the way, is the preferred form captcha (all lower case) or CAPTCHA (all upper case).

Comment by Bob Easton

March 6, 2009 @ 2:13 pm

Yes, a good spam engine is the best thing for us bloggers. The spam engines are collaborative filters which are shaped by all their users and are reasonably effective. WordPress users get good service from both Akismet and WP-SpamFree.

Moderating first time comment makers takes a step toward what Tim suggests, verifying the address represents a real person.

Combining those two is great for those of us with blogs. However, my irritation is with all of the big high traffic services who simply can’t afford that level of verification.

CAPTCHAS (you’re right about upper case) are popping up everywhere and presenting barriers for all sorts of people with disabilities. There’s an ever increasing number of barriers being built.

Tim might be right about something like OpenID being an answer, but that’s an answer the big sites won’t adopt until they know most of their audience has the IDs, and most of the audience won’t get the IDs until they’re pushed into it. Sigh…

hmmmm, Maybe we ought to lobby someone like Amazon to give / nag each of their customers to get an openID?

Comment by Glenda

March 6, 2009 @ 2:33 pm

The thing that really makes me cringe is when sites like Disaboom – an online community for people with disabilities – use CAPTCHAs on their blogs. Mind you, they don’t caption their videos either. If they don’t get it, is there any hope? Perhaps we would have more success with Amazon!

Comment by Tim O'Brien

March 6, 2009 @ 5:01 pm

Though I can’t say for sure, I think Disaboom’s CAPTCHA is more a sign of the state of technology than anyone’s indifference to universal access. Most anti-spam provisions default to CAPTCHA. You need to be fairly technically proficient to get into the setting to access CAPTCHA controls, never mind to find and implement alternatives. just my thoughts.

Comment by David Hucklesby

March 6, 2009 @ 5:19 pm

I call these “honeypots.” If I were to do this, I think I’d respond to a mistakenly completed form with a “did you really mean to do this?” page that needs a re-submission, rather than rejecting a comment outright. Would that work?

You sure give us lots to think about, Glenda! Nice one.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>