You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: index.html
+1-64Lines changed: 1 addition & 64 deletions
Original file line number
Diff line number
Diff line change
@@ -360,70 +360,7 @@
Why not Federated Turing Tokens?
360
360
section>
361
361
<section>
362
362
<h2>Conclusionh2>
363
-
<p>CAPTCHA development has certainly become more sophisticated over time. This has included the development of
364
-
several alternatives to text-based characters contained in bitmapped
365
-
images, some of which have served to support access for persons with
366
-
disabilities. However, it has also become clear not only that
367
-
traditional CAPTCHA continues to be challenging for people with
368
-
disabilities, but also that it is increasingly insecure and arguably now ill suited
369
-
to the purpose of distinguishing human individuals from their robotic
370
-
impersonators.p>
371
-
372
-
<p>Yet the need for reliable and accessible solutions persists. In fact the need has arguably become more urgent as the limits of authenticated login alone have become more and more evident in misuse of major services around the globe.p>
373
-
374
-
<p>It is therefore highly recommended that the purpose and effectiveness of any
375
-
deployed CAPTCHA solution be carefully considered before adoption, and then
376
-
closely monitored for effective performance. As with all good software and on
377
-
line content provisioning, analysis should begin with a careful consideration
378
-
of system requirements and a thorough understanding of user needs, including
379
-
the needs of persons with disabilities.p>
380
-
381
-
<p>Clearly, some approaches such as Google's reCAPTCHA,
382
-
two-step or multi-device verification can be easily and affordably
383
-
deployed. Yet problems persist even in these systems, especially for non
384
-
English speakers. Furthermore, deployers of such approaches should be aware that they are participating in exposing
385
-
their users to a massive collection of personal data across multiple
386
-
trans-national data profiling systems, quite apart from any societal
387
-
governance.p>
388
-
389
-
<p>It is important, therefore, also to consider available stand-alone approaches such
390
-
as honeypots and heuristics, along with current image and aural CAPTCHA
391
-
libraries that support multiple languages. As always, testing and system monitoring for
392
-
effectiveness should supply the ultimate determination, even as we recognize
393
-
that an effective system today may prove ineffective a few years from now.p>
394
-
395
-
<p>We summarize our conclusions in the following points:p>
396
-
<ol>
397
-
398
-
<li>Risk analyses of attempts to access a resource are generally desirable.
399
-
Some on line resources are simply greater targets than others. It is critical that analyses include an evidence based determination of how challenging a CAPTCHA needs to be. Users should not be forced beyond what is strictly necessary to keep a site secure, e.g.,/
400
-
if a honeypot suffices, use a honeypot until evidence of robotic attacks dictates something else.li>
401
-
402
-
<li>Whenever an interactive
403
-
CAPTCHA is deemed important for security reasons,
404
-
it is very beneficial to limit and minimize how often users are subjected to interactive CAPTCHA challenges. With CAPTCHA less interactivity is clearly more accessibility. As noted above, we're encouraged by the
405
-
development of approaches such as <ahref="#privpass">Privacy Passa> which, even though it still sometimes requires an interactive CAPTCHA challenge, it does so much less often.li>
406
-
407
-
<li>Whenever an interactive CAPTCHA is implemented, a variety of alternative challenges must be
408
-
made available to engage different sensory and cognitive capabilities of the user in order that the user can choose an approach that best fits their abilities.
409
-
We humans possess a variety of intellectual strengths and weaknesses. To fail
410
-
to offer a variety of challenges is to ignore this simple truth.li>
411
-
412
-
<li>All else being equal, we prefer non-interactive approaches because these
413
-
pose no accessibility challenges. However, they may expose the user to the
414
-
collection of personal data.li>
415
-
416
-
<li>Third parties may be engaged to verify the authenticity of an access attempt.
417
-
However, such solutions may give rise to privacy trade-offs.li>
418
-
419
-
ol>
420
-
421
-
<p>In other words, while some CAPTCHA approaches are better than others, and
422
-
while more recent approaches offer clear advantage over older approaches, there
423
-
is still no single, ideal solution. It is important to exercise care that any
424
-
implemented CAPTCHA technology correctly allow people with disabilities to
425
-
identify themselves as human.p>
426
-
363
+
<pclass="ednote">This section is to be rewritten in light of emerging technologies and recent developments. The Task Force is reviewing the current range of alternatives to CAPTCHA for the purpose of revising this document to offer up to date and informed advice that serves the needs of people with disabilities, while maintaining a high level of security for application and service providers. The conclusions formerly in this section have been removed to make way for the new material, which will be a complete rewrite of the conclusions.p>
0 commit comments