Hear hear! And you won't win any 'accessible for the visually impaired' prizes, either.

Technologies such as the audio version of this technology would ween back in the visually impared or hearing impared.

A tiny disclaimer claiming site security will give the users the "why". And if they ask why and threaten to go away, well. you can only extend your reach so far :)

You apparently do not understand either the ADA or lawyers or both. {grin}

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

There are limits to which that extend. For instance, accessibility to a site on optical illusions or graphic arts is less likely to be penalized than a site on literature. Not that lit sites can't get away w/o having it and visual sites would get in trouble, but that's the way things are supposed to pan out.

No laws for absurdity, right? :)


Play that funky music white boy..

Nothing wrong with making your site inaccessible if it can be tolerated or there are alternative methods.

True, if you run a site with e.g. (royalty free) photos and require users to sign up, the chances are slim someone wants to view the website with a text-based browser. Still it's annoying, but ok, it might be tolerable.

However, this basically boils down to the same argument on computer security. Lots of people ban telnet, pop3 and other protocols that allow passwords being sent in plain text. It's all about how much comfort you want to give up for "security". How much "trouble" do you want to put your users through to give them what they want. IMHO, a website doesn't need such security measures as posted by the OP, but then again, I still didn't ban pop3 access for my users ;)

Instead of putting your visitors through the hassle, you might put some time in it yourself, by snooping through logfiles (or create a script that does it for you) and find the ip addresses of the "users" that filled out the form more than once in a certain time span. (And yes, that wouldn't mean for certain that you're dealing with a bot, but when the form was filled out 20 times in under a minute, the chances are, you are dealing with a bot.)

Like posted in the CB yesterday in a discussion wheter to ban certain music for kids (Cradle of Filth was the band in question, if you were curious), the actual ban might lead to curiosity that was never there before. People may want to work on scripts to circumvent the visual check, just because it's there.

A tiny disclaimer claiming site security will give the users the "why". And if they ask why and threaten to go away, well. you can only extend your reach so far :)

The question is "do you value your customers or not"? If not, then there is no argument against using visual or audio tricks to make sure you're handling a real human. But why not step it up a notch and require users to come see you in person with a valid passport? This would surely ban the "evil" scripts.

--
b10m

Instead of putting your visitors through the hassle, you might put some time in it yourself, by snooping through logfiles (or create a script that does it for you) and find the ip addresses of the "users" that filled out the form more than once in a certain time span. (And yes, that wouldn't mean for certain that you're dealing with a bot, but when the form was filled out 20 times in under a minute, the chances are, you are dealing with a bot.)

You can't go by ip. There are a lot of proxies out there, like those used by AOL. Even so, 30 bots each submitting 1 request a day for 30 days is 900 junk registrations. Maybe I'll accumulate 60 bots and do one every other day. Now you have to sit down and analze logs for hidden patterns, since a proxy will totally through your ip anlaysis off. :)

Come up with another one, I'll try and defeat it for you. :) (FINISH HIM!)

A tiny disclaimer claiming site security will give the users the "why". And if they ask why and threaten to go away, well. you can only extend your reach so far :) The question is "do you value your customers or not"? If not, then there is no argument against using visual or audio tricks to make sure you're handling a real human. But why not step it up a notch and require users to come see you in person with a valid passport? This would surely ban the "evil" scripts.

If it's a free site like slashdot, with no customer support, I see no problem with a small disclaimer and someone eventually getting to the why questions if ever. I run an internal site that uses pre-generated, overly random passwords. The user can reset his password whenever he wants to another new pre-generated password. People hate it since they are hard to remember, but they put up with it since it's understood that I won't change it for security reasons. I tell them right out, I'm more likely to trust my random junk than someone typing in a really bad password later.

It's a matter of perspective on who gets to do what and why.


Play that funky music white boy..

(And yes, that wouldn't mean for certain that you're dealing with a bot, but when the form was filled out 20 times in under a minute, the chances are, you are dealing with a bot.)

Or that there are lots of interested subscribers behind a firewall/masquerading gateway. Wouldn't like to spoil them all.

Bye
 PetaMem     All Perl:   MT, NLP, NLU