Allow users to pick with type of CAPTCHA test they see

[septim]

Title:
Allow users to pick with type of CAPTCHA test they see

Area:
comments, entries

Summary:
Allowing users to choose which type of CAPTCHA (text-based or graphic based) they will see/take through Manage Account.

Description:
Users choosing what type of CAPTCHA they will see/take allows greater accessibility.

I have dyscalculia and the text-based CAPTCHAs are full of arithmetic problems, thus I keep failing them. As of now, there's no way to choose which CAPTCHAs you will take, only what type of CAPTCHAs others will see in your journal.

Poll #10625 Allow users to pick with type of CAPTCHA test they see

Open to: Registered Users, detailed results viewable to: All, participants: 78

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
56 (71.8%)

Should be implemented with changes. (please comment)
1 (1.3%)

Shouldn't be implemented.
3 (3.8%)

(I have no opinion)
17 (21.8%)

(Other: please comment)
1 (1.3%)

Comments

[msilverstar]

Spammers could use this option to circumvent the new captcha, so I don't see any way to make this work for anonymous comments.

[jeshyr]

It won't let you circumvent though, it'll just let you choose which type which is a sensible option.

And heaps of other options are only available for logged-in comments so that's cool too. OTOH it could be done as a cookie like the "view options" are for anon people if wanted.

[azurelunatic]

After antispam gets better reporting on CAPTCHAs on our side, the only problem would be spammers in abandoned journals/places where the spam does not get deleted-and-reported, and they're a problem anyway.

When antispam knows that something's a genuine spammer evading a CAPTCHA, we put ... firmer ... measures into place.

[ninetydegrees]

It would be nice if there was a "switch to text test"/"switch to graphic test" reload link for logged-out users as well.

[azurelunatic]

Only after there is better spam tracking of CAPTCHAs, but yes.

[archane]

I don't want to single you out, because I'm sure this sentiment is widely shared, but your statement here really bothers me. It seems to say that minimizing the annoyance created by spammers who circumvent the CAPTCHA system is more important than the ability of actual Dreamwidth community members to use parts of the site.

One of the reasons I love Dreamwidth, and that I'm always willing to talk up the site on- and off-line, is the commitment to accessibility. CAPTCHAs have been a barrier to accessibility for a long time, and Dreamwidth has made more of an effort than any other site I've seen to overcome that barrier. I don't know what percentage of users continue to have problems with text-based CAPTCHAs, and I don't know what percentage of spam comes from circumventing CAPTCHAs, but it would really upset me to see that commitment to accessibility given a lower priority than a subset of spam. I'm not saying that better spam tracking is unimportant, but unless it's something already in progress that can be reasonably expected to be complete before there's time to write an accessibility fix, let's worry about accessibility and then make sure there's better spam tracking.

+1

[septim]

Thank you. It's rather jarring to read that an accessibility problem is given a lower priority than spam.

Re: +1

[matgb]

On the other hand, if spam isn't treated as top priority, pretty much beating everything else, the site eventually gets swamped by it and either dies or gets blocked by so many spam warning systems its inaccessible to everyone.

Spam kills websites. If we don't prioritise fighting spam, the whole site can die.

[septim]

I understand this. However, I can't report spam if I can't get through the site without reloading a bunch of times because I can't take the CAPTCHAs.

Re: +1

[azurelunatic]

One of the things driving my high level of caution is LiveJournal's experience, it being our code parent and all. The antispam system we inherited is basically the same as theirs from ~2007, around about the time they were experiencing epic levels of spam that only got worse. They wound up getting blacklisted by a major antispam service because they were not able to address all of the spam they were getting.

But we are not actually at a spam level where I'm concerned about that when I think about this for more than 30 seconds.

Re: +1

[matgb]

Yeah, it was that experience, plus a few of my own, that prompted me to say it how I did, at a simple level the most accessible website in the world is utterly pointless if it's blocked by all the search engines and email providers because it's a spam haven. I'm not in any way opposed to this idea, haven't thought it through enough, but I am opposed to the line of thinking that says fighting spam is a lower priority than X, Y or Z-anything short of the site falling over or stopping working is lower priority in my mind, but of course other factors need to be taken into account when lookign at the bigger picture.

Re: +1

[lightnings]

To be fair, there's been a fake youtube virus going around the spam comments on livejournal very recently, so their antispam system still isn't very good-- if DW got attacked, I think having made the captcha more accessible to its users and more vulnerable would be the least of our worries.

[azurelunatic]

I apologize for not thinking the implications of my comment through better.

I would like to give more background on where I'm coming from as well.

I view spam as not just an annoyance, but as a threat that has the potential to bring a site to its knees if it's allowed to gain a large enough foothold. It doesn't have that much of a foothold at the moment, but there was a large campaign within the last month that severely tested the human limits of the current system. There's been a bug filed for quite some time about spam CAPTCHA tracking, and if there is another campaign like this recent one before another developer has time to take up the bug, I'm likely to try my hand at development. My instinct says that passing information on whether a CAPTCHA was passed for a comment, and which one, back to the antispam team, would be easier than the ability to change which one is presented and make a setting for this preference, in that I'm able to imagine myself taking on the former as a very neophyte developer, but I don't know the code well enough to say for sure.

However, not only did I discount accessibility in favor of antispam when making my initial comment, I also ignored that people are already able to choose between visual and audio CAPTCHA with ReCAPTCHA. So not only was my prioritization inappropriate, it was also grounded in inaccuracy. Further user choice of method of CAPTCHA is unlikely to have an effect on spam penetration; it's the simple fact of whether a CAPTCHA was presented or not that's of immediate interest to the spamwhackers in the event of another large attack.

[archane]

Thank you for your clarification, and for your understanding.

I'm not a development person, and know very little about the back-end of running websites, so I figured that there had to be more that I didn't understand, which is why I commented about how your statement appeared to me, rather than making assumptions about your intent.

Given your clarification, particularly since the option to choose already exists, it sounds to me like there's no reason for accessibility changes and spam tracking changes to be inter-dependent — one followed by the other — instead of independent but related.

[azurelunatic]

I phrased myself particularly poorly, considering that I had in a large part intended my comment to prevent a potential flood of comments from people without insight into the actual antispam systems citing spam risk as a reason for not wanting this to happen. I didn't follow that train of thought far enough before leaving the comment.

[ninetydegrees]

Could you explain why being able to choose/switch from one type to another would be an issue? (Also related to your other comment)

[azurelunatic]

If one type of CAPTCHA is broken by spammers, and spammers are able to choose that type of CAPTCHA when commenting, that method of spam resistance would become futile. Thus, having a better way to detect if this is happening would be a good idea. However, that's currently premature.

See also: http://dw-suggestions.dreamwidth.org/1354499.html?thread=4218371#cmt4218371

[ninetydegrees]

Thank you.

[ex_starborn656]

I would just like to add my voice to say that as a dyscalculia sufferer myself, I have also found this to be a problem (I realise this is a new journal but I'm not new to DW). Thank you for raising it for discussion.