In particular, it seems that if a website uses this technique, but doesn't provide an adequate backup plan for blind people, then the site may be in violation of the US ADA rules, which applies to all government sites, government contractors, and anyone with deep enough pockets. Southwest Airlines lost an ADA case for their website recently, for example.

So, while you may not want robots stuffing your forms, you must also clearly provide a means by which visually challenged humans can still take action at your website.

Even if I'm (the website is) in Germany or the Czech Republic? Now this is what annoys Europeans most about "Gods own Country". I dont'think that US rules apply to foreign institutions (yet).

I was thinking about an audio-based alternative to this for blind people - acutally the aforementioned module speaks of this also - but a visually impaired person may still send an email and request for subscription.

Bye
 PetaMem     All Perl:   MT, NLP, NLU

As stated, you probably want Authen::Captcha, but before you get started, please think of the consequences. The computer illiterate may have problems with this. I get calls from clueless family members about this: "Help, what is this all about? Oh I have to type the silly numbers in the text box below? WHY?!?". And, quite frankly, I think this type of verification is quite annoying (then again, I hate most types of verification).

Besides the annoying factor, you also ban the lynx and other textbased browsing people automatically. This may not be a problem, based on the service you offer, but it's good to keep it in the back of your mind :)

Just my €0,02...

Hear hear! And you won't win any 'accessible for the visually impaired' prizes, either.

--
3dan

Nothing wrong with making your site inaccessible if it can be tolerated or there are alternative methods.

Technologies such as the audio version of this technology would ween back in the visually impared or hearing impared.

A tiny disclaimer claiming site security will give the users the "why". And if they ask why and threaten to go away, well. you can only extend your reach so far :)


Play that funky music white boy..

You apparently do not understand either the ADA or lawyers or both. {grin}

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Nothing wrong with making your site inaccessible if it can be tolerated or there are alternative methods.

True, if you run a site with e.g. (royalty free) photos and require users to sign up, the chances are slim someone wants to view the website with a text-based browser. Still it's annoying, but ok, it might be tolerable.

However, this basically boils down to the same argument on computer security. Lots of people ban telnet, pop3 and other protocols that allow passwords being sent in plain text. It's all about how much comfort you want to give up for "security". How much "trouble" do you want to put your users through to give them what they want. IMHO, a website doesn't need such security measures as posted by the OP, but then again, I still didn't ban pop3 access for my users ;)

Instead of putting your visitors through the hassle, you might put some time in it yourself, by snooping through logfiles (or create a script that does it for you) and find the ip addresses of the "users" that filled out the form more than once in a certain time span. (And yes, that wouldn't mean for certain that you're dealing with a bot, but when the form was filled out 20 times in under a minute, the chances are, you are dealing with a bot.)

Like posted in the CB yesterday in a discussion wheter to ban certain music for kids (Cradle of Filth was the band in question, if you were curious), the actual ban might lead to curiosity that was never there before. People may want to work on scripts to circumvent the visual check, just because it's there.

A tiny disclaimer claiming site security will give the users the "why". And if they ask why and threaten to go away, well. you can only extend your reach so far :)

The question is "do you value your customers or not"? If not, then there is no argument against using visual or audio tricks to make sure you're handling a real human. But why not step it up a notch and require users to come see you in person with a valid passport? This would surely ban the "evil" scripts.

--
b10m

The Freenet Project (external link) has had several long-running e-mail threads over the years on similar schemes. The first was "Hash Cash", where a computer would have to do a certain ammount of work to access a resource. The problem is that Moore's Law works against you, and it could lead to a seperation between those who can afford fast computers and those who can't. The next idea was "Think Cash", where there is a test that a human can pass easily but a computer can't. After all the discussion, it was stamped as impossible in practice. Reasons:

• Suggested schemes often hurt usability for certain users (such as blind people or non-native English speakers)
• Though not yet available publically, the schemes were often already being solved by computers in various university AI departments
• If a harvester really wanted to, they could pay a batch of minimum-wage workers to fill out these forms all day with an acceptable rate of acesses per day