Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Submitted by PaulMartz .
Computer pioneer Alan Turing's famous Turing Test quantified a machine's
ability to behave intelligently. In the test, a judge would communicate with
a human and computer via a text-based communications medium. The computer
would pass the test if the judge couldn't'' tell them apart. It sounds like
something straight out of Blade Runner, in which Harrison Ford played a
detective tracking down rogue androids posing as humans.
The Turing Test has real-world applications. The internet is rife with
runaway automated processes, or robots, that continuously attempt to post
spam to discussion boards, scrape email addresses, and perform other
nefarious acts. If web admins had a way to tell whether a visitor were human
or bot, they could eliminate a lot of spam.
CAPTCHA - Bane of Blind Users
CAPTCHA is an acronym: Completely Automated Public Turing test to tell
Computers and Humans Apart. Traditionally, CAPTCHA displays an image
containing numbers and text, which the user visually reads and enters into a
text field. More modern versions ask users to select images based on some
criteria, such as "select all images with ladders". But computers have
become pretty good at visual processing. Image-based CAPTCHA isn't as
effective as it once was.
<https://www.w3.org/TR/turingtest/> CAPTCHA accessibility issues are
obvious to the AppleVis community. Many vision impaired users depend on an
audio-based challenge, in which users enter words spoken in a short audio
clip. But this is not an option for anyone with a hearing impairment.
From an accessibility perspective-and even for sighted users-the ideal
CAPTCHA would require no user interaction. For example, Google's reCAPTCHA
version 3 computes a probability that you're human by examining your
browsing activity and other data. You don't even have to check a box. These
systems are only as smart as the biases of their developers, and
accessibility tools such as magnification and keyboard navigation can throw
them off.
CAPTCHA developers see a bigger problem: AI is becoming smarter. Advances in
image processing and text-to-speech have rendered image- and audio-based
CAPTCHA systems worthless. Even reCAPTCHA v3 has already been
<https://www.wired.co.uk/article/google-captcha-recaptcha> cracked by
intelligent internet robots. That was news to me, but it shouldn't be. I've
read Ray Kurzweil's series of books on the accelerating pace of AI
development. SkyNet will be online soon.
In this blog, we'll test drive hCaptcha, a solution that claims to be both
accessible and robot-proof.
hCaptcha - the Cookie-Based Alternative
<https://www.hcaptcha.com/> hCaptcha uses cross-site cookies for
accessibility. Like reCAPTCHA v3, it's intended to be a non-interactive
CAPTCHA technology. But in practice, it's not as ideal as you might expect.
To use it, you must obtain a cookie. The cookie is only good for 24 hours,
which means you pretty much need to refresh the cookie every time you
confront a site that uses hCaptcha. You also need to configure Safari to use
cross-site cookies, which Safari disables by default.
First, let's obtain the hCaptcha cookie. Then we'll change Safari's
settings.
Me Want Cookie
Cookie Monster has one use for cookies. They must be eaten. In the same way,
your web browser consumes cookies provided by websites. There are many
<https://computer.howstuffworks.com/cookie3.htm> uses for internet cookies,
such as keeping an accurate count of site visits and visitors.
hCaptcha uses cookies to identify and clear users with accessibility issues.
To obtain hCaptcha's accessibility cookie,
<https://dashboard.hcaptcha.com/signup?type=accessibility> register on their
website. When you follow the link in the email you receive, the
accessibility cookie will be automatically delivered to your web browser.
Alternatively, you can wait until you encounter a website that uses the
hCaptcha system. I do not recommend this. Their interface of menus and web
dialogs is neither simple nor intuitive. Registering on their site in
advance greatly simplifies the process.
Enabling Cross-Site Cookies in Safari
Before you attempt an hCaptcha challenge, you'll need to modify Safari's
default settings.
Since Apple's March 2020 update,
<https://www.theverge.com/2020/3/24/21192830/apple-safari-intelligent-tracki
ng-privacy-full-third-party-cookie-blocking> Safari blocks cross-site
cookies by default. When one site consumes another site's cookie, that's a
potential privacy issue. Normally, one website should not be tracking what
you're doing on another website. But hCaptcha's accessibility cookies
require cross-site tracking. To use hCaptcha, you must enable cross-site
tracking in Safari.
On Mac OS, launch Safari and open preferences. Select the Privacy tab, and
uncheck Prevent Cross-Site Tracking. In iOS, you'll find a similar toggle in
Settings, Safari.
CAPTCHA Gotchas
Now that you've registered at their site and obtained their accessibility
cookie, now that you've allowed cross-site tracking in Safari Preferences,
you're finally ready to try hCaptcha at this
<http://democaptcha.com/demo-form-eng/hcaptcha.html> hCaptcha demo page. As
you can see, passing the hCaptcha challenge is trivial once the cookie is in
place.
In concept, hCaptcha sounds like an accessible solution:you have their
cookie, you pass their challenge. In practice, having to register at the
hCaptcha website and modify Safari Preferences makes hCaptcha positively
inconvenient for first-time users. For subsequent visits more than 24 hours
later, finding the old email and refreshing the cookie isn't much better. If
a CAPTCHA system provides a simple interface for abled users and a
convoluted interface for disabled users, is it really accessible?
CAPTCHA's Future
We know why CAPTCHA is complicated: It's the only way to stump a robot. I
can only speculate that hCaptcha's complex interface and inconvenient
24-hour expiration exists for the same reason.
How long will it be before a robot is able to navigate hCaptcha's convoluted
mechanism for obtaining an accessibility cookie? When this happens, how will
the system change, and how will it impact disabled users?
I previously mentioned reading Ray Kurzweil's series of books on AI. While
they're all good, I recommend
<https://books.apple.com/us/book/the-singularity-is-near/id361932532> The
Singularity is Near. In that book, Kurzweil predicts computer AI will pass a
general Turing Test by 2029. What happens when websites can no longer tell
humans and computers apart?
As bots become smarter,
<https://linkhigh.com/blog/captcha-and-its-many-challenges> CAPTCHA
technology must inevitably evolve. Let's hope accessibility doesn't become a
casualty in the CAPTCHA arms race.
https://www.applevis.com/blog/captcha-telling-computers-and-humans-apart
===========================================================
The fb-exchange mailing list
Manage account,
List Page: https://www.freelists.org/list/fb-exchange
Subscribe: mailto:fb-exchange-request@xxxxxxxxxxxxx?Subject=subscribe
Unsubscribe: mailto:fb-exchange-request@xxxxxxxxxxxxx?Subject=unsubscribe
Archive: https://www.freelists.org/archive/fb-exchange
Administrative contact: insight@xxxxxxxxxxxxxxxxxxxx
===========================================================