You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: index.html
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -159,7 +159,7 @@
Biometrics
159
159
section>
160
160
<section>
161
161
<h4>Cryptographic Attestation of Personhoodh4>
162
-
<p>An approach designed to verify that the user is a person, while preserving individual privacy, has recently been proposed by Cloudglare [[attestation]]. It is built upon the Web Authentication (WebAuthn) API [[webauthn-1]]. The WebAuthn registration process is invoked to establish that the user is in control of a hardware authentication device produced by a known and trusted manufacturer, as determined by a valid chain of digital certificates. If biometric authentication occurs in this procedure, as it typically does, then it is used only to unlock the private cryptographic key of the authentication device, and hence the user's identity is never explicitly disclosed to the party requesting evidence of personhood. A variant of this scheme has also been developed which offers stronger protection of privacy by not revealing the identity of the device manufacturer, which could be exploited in combination with other information to infer the user's identity. This version of the approach requires the implementation of a protocol based on zer-knowledge proofs [[attestation-zero-knowledge]].p>
162
+
<p>An approach designed to verify that the user is a person, while preserving individual privacy, has recently been proposed by Cloudflare [[attestation]]. It is built upon the Web Authentication (WebAuthn) API [[webauthn-1]]. The WebAuthn registration process is invoked to establish that the user is in control of a hardware authentication device produced by a known and trusted manufacturer, as determined by a valid chain of digital certificates. If biometric authentication occurs in this procedure, as it typically does, then it is used only to unlock the private cryptographic key of the authentication device, and hence the user's identity is never explicitly disclosed to the party requesting evidence of personhood. A variant of this scheme has also been developed which offers stronger protection of privacy by not revealing the identity of the device manufacturer, which could be exploited in combination with other information to infer the user's identity. This version of the approach requires the implementation of a protocol based on zero-knowledge proofs [[attestation-zero-knowledge]].p>
163
163
<p>Since the user is free to choose among a variety of authentication devices from reliable manufacturers, the hardware can be selected that best satisfies his or her accessibility-related needs and preferences. The inherent flexibility of the proposed approach is clearly advantageous to both security and accessibility.p>
164
164
section>
165
165
section>
@@ -233,7 +233,7 @@
The Google reCAPTCHA
233
233
<section>
234
234
<h4>Version 2: Are you a robot?h4>
235
235
<p>reCAPTCHA v2 provided an API that was most effectively marketed as the "no CAPTCHA re CAPTCHA," and its checkbox proclaiming: "I'm not a robot" became a cultural icon, spawning various cultural offshoots in art, theater, and popular music.p>
236
-
<p>The checkbox was, of course, never a checkbox in the traditional HTML sense. The <ahref="https://termsfeed.com/blog/privacy-policy-recaptcha/">pseudo-checkbox processa> became a prodigious collector of user data well beyond mouse movement and keyboard navigation, including the date, the language the browser is set to, all cookies placed by Google over the last 6 months, CSS information for that page, an inventory of mouse clicks made on that screen (or touches if on a touch device), an inventory of plugins installed on the browser, and an itemization of all javascript objects, all to determine whether the user is human or robot. Of course Google also generally knows much about individual users, including their customary IP addresses, the telephone numbers and email addresses of their friends, family and colleagues, where they have been at every moment of every day, as well as their web search and YouTube habits. This is why the simple checkbox could keep the CAPTCHA process disarmingly simple, though it also explains why a link to Google's privacy policy has always accompanied the "no CAPTCHA reCAPTCHA". Disclosure and certain provisions of the Privacy Policy are required to satisfy legal requirements in California and in the E.U.p>
236
+
<p>The checkbox was, of course, never a checkbox in the traditional HTML sense. The <ahref="https://termsfeed.com/blog/privacy-policy-recaptcha/">pseudo-checkbox processa> became a prodigious collector of user data well beyond mouse movement and keyboard navigation, including the date, the language the browser is set to, all cookies placed by Google over the last 6 months, CSS information for that page, an inventory of mouse clicks made on that screen (or touches if on a touch device), an inventory of plugins installed on the browser, and an itemization of all JavaScript objects, all to determine whether the user is human or robot. Of course Google also generally knows much about individual users, including their customary IP addresses, the telephone numbers and email addresses of their friends, family and colleagues, where they have been at every moment of every day, as well as their web search and YouTube habits. This is why the simple checkbox could keep the CAPTCHA process disarmingly simple, though it also explains why a link to Google's privacy policy has always accompanied the "no CAPTCHA reCAPTCHA". Disclosure and certain provisions of the Privacy Policy are required to satisfy legal requirements in California and in the E.U.p>
237
237
<p>Even though specific WCAG failures were often noted, Google's reCAPTCHA v2 was for a time regarded the most accessible CAPTCHA solution for one simple reason, it was capable of being comfortably completed using a variety of <a>assistive technologiesa>. More recently it has been widely observed that utilizing keyboard navigation, as many assistive technology users do, no longer works. Instead, users are presented with a traditional inaccessible CAPTCHA as a fall-back mechanism. Our own tests with various browsers on various operating environments have been generally successful with Google's own <ahref="http://www.google.com/recaptcha/api2/demo">reCAPTCHA test pagea>. However, browsing in incognito mode, clearing or blocking cookies, and additional factors can apparently trigger a fallback to traditional CAPTCHA these days for many assistive technology users.p>
238
238
239
239
<p>One reCAPTCHA v2 innovation seems most
@@ -320,7 +320,7 @@
Leveraging the Multi-Device Environment
320
320
teleconference service, asks the user to press a particular key on their telephone
321
321
to continue. This is easy enough on a desk phone, but it becomes problematic
322
322
for the text to speech (TTS) dependent smart phone user who must now hear the phone's TTS voice
323
-
in order to get the dialpad to pop up, and then find the appropriate touch tone key all at
323
+
in order to get the dial pad to pop up, and then find the appropriate touch tone key all at
324
324
the same time as the Webex service voice is also speaking, repeating:
325
325
"Welcome to Webex. Press 1 to be connected to your meeting. ... Welcome to Webex. Press 1 to be connected to your meeting. ..." It is important to recognize that both of these voices are routed through the same physical device speaker, even on units equipped with dual speakers for playing music in stereo.p>
0 commit comments