[nfb-talk] Captcha, (I've had enough!)

John Heim john at johnheim.net
Thu Apr 14 19:33:04 UTC 2011


Answering your questions one at a time...

1. wouldn't the site determine which type of certificate that would need to 
be submitted?

Yes, it would.  But a site could accept certificates from any number of 
different certificate authorities.  A place that issues digital certificates 
is known as a certificate authority. Its a fairly simple process to add to 
your list of recognized certificate authorities. Each certificate authority 
issues a special certificate known as a root cert. This root cert is then 
used to validate the authenticity of certs issued by that certificate 
authority. The process of recognizing a new certificate authority is simply 
to download the root cert for that authority and add it to your list of 
known certificate authorities.

2. aren't their sources that would permit spammers to get certificates?

Yes. In fact, anyone can generate their own certificates.  But it doesn't do 
any good to generate a certificate if the person you're sending it to 
doesn't have the root certificate.  If a certificate authority issued 
certificates to spammers, you could stop accepting the certs they issue by 
just deleting their root certificate.  Obviously, certificate authorities 
are highly motivated to make sure people trust the certs they issue. If not, 
they're out of business.

3.  Is this process expensive?

No. Its essentially free not counting set up time, etc. But the software 
itself and the root certs are free.

4. What's the catch?

I know you didn't ask this but its a good question.  The catch is that the 
certificate would allow web sites to track you all over the internet. If you 
downloaded some porn, did some banking, updated your facebook page, 
downloaded some more porn, and then edited your own entry on wikipedia, all 
those sites could share information about you. They wouldn't necessarily 
learn much from the certificate itself. But since a certificate positively 
identifies you, they'd be able to share information with each other about 
your web habits. Of course, anyone who still thinks they are anonymous on 
the internet is fooling themselves anyway.  But this is the main reason this 
authentication method hasn't caught on. People don't want the web sites they 
visit to know who they are.

From: "Steve Jacobson" <steve.jacobson at visi.com>
To: "NFB Talk Mailing List" <nfb-talk at nfbnet.org>
Sent: Thursday, April 14, 2011 1:47 PM
Subject: Re: [nfb-talk] Captcha, (I've had enough!)


> John,
>
> This seems like an interesting approach to the problem.  I have a couple 
> of questions, though.
>
> In this case, wouldn't it be the web site that would be requesting a 
> certificate, so wouldn't the site determine which type of certificate that 
> would need to be
> submitted?  Also, while I understand the process for getting a certificate 
> from the source you mentioned, aren't their other sources that would 
> permit
> spammers to get certificates?  I will readily admit that this certificate 
> process has always been a bit of a mystery to me.  Is this process 
> expensive for a web
> site to implement, understanding that the generations of CAPTCHAs are ot 
> free.
>
> Best regards,
>
> Steve Jacobson
>
> On Thu, 14 Apr 2011 13:06:28 -0500, John Heim wrote:
>
>>Well, the whole point of a captcha is that is supposed to be something a
>>computer cannot recognize. If a computer recognizes it, then by 
>>definition,
>>it is not a captcha.
>
>>Yes, I think it would be a very good idea for the NFB to work toward 
>>getting
>>web designers to enable different authorization protocols. For example, a
>>site could accept a digital certificate as authorization for a download. 
>>The
>>web site could automatically ask the browser for a certificate and if it 
>>has
>>one, the download could begin. This would all be transparent to the user
>>once they installed a certificate on their PC.
>
>>And it doesn't have to cost the end user a penny. There is at least one
>>place to get free digital certificates. Its called cacert.org (see
>>www.cacert.org). To get an account, you have to be "assured" by 2 other
>>members or you have to have 2 notarized statements verifying your 
>>identity.
>
>>If more places used this kind of authorization, we could create accounts 
>>for
>>people at NFB conventions and show them how to install their certificates.
>
>>----- Original Message ----- 
>>From: "Peter Donahue" <pdonahue2 at satx.rr.com>
>>To: "NFB Talk Mailing List" <nfb-talk at nfbnet.org>
>>Sent: Wednesday, April 13, 2011 11:04 AM
>>Subject: Re: [nfb-talk] Captcha, (I've had enough!)
>
>
>>> Hello everyone,
>>>
>>>    Audio captchas are of no use to the deaf-blind . For God sakes if we
>>> can
>>> develop the technology that allowed us to put a blind guy behind the 
>>> wheel
>>> of an automobile and drive it independently we should be able to find a
>>> way
>>> to allow captchas to be recognized by screen readers while protecting 
>>> Web
>>> sites and such from the bad guys. The belief that the technology to do
>>> this
>>> is not there doesn't wash with me.
>>>
>>> Peter Donahue
>>>
>>>
>>> ----- Original Message ----- 
>>> From: "Joshua Lester" <jlester8462 at students.pccua.edu>
>>> To: "NFB Talk Mailing List" <nfb-talk at nfbnet.org>
>>> Sent: Wednesday, April 13, 2011 8:38 AM
>>> Subject: Re: [nfb-talk] Captcha, (I've had enough!)
>>>
>>>
>>> John, what's really bad, is if there are multiple blind people in a
>>> church denomination, and their site's contact form, or church locater,
>>> are inaccessible.
>>> My organization's Website is like that.
>>> They have an audio file that's supposed to play the captcha, but it 
>>> won't
>>> play.
>>> I'll post the Website here.
>>> www.upci.org
>>> I've contacted their IT department, but they have done nothing about 
>>> this.
>>> Blessings, Joshua
>>>
>>> On 4/13/11, John Heim <john at johnheim.net> wrote:
>>>> A few months ago, the Department of Justice said that the ADA applies 
>>>> to
>>>> web
>>>> sites. This is a big deal. Since the Department of Justice is 
>>>> responsible
>>>> for enforcing laws like the ADA, if the Department of Justice says the
>>>> ADA
>>>> applies to web sites, then it does.  A business would have to go to 
>>>> court
>>>> to
>>>> show that the DOJ overstepped its bounds in making that determination.
>>>> But
>>>> the burden of proof would be on them. Well, anyway, the point is that
>>>> CAPTCHAs are now illegal.
>>>>
>>>> IMO, this is one of the toughest issues we face. My own boss came to me
>>>> yesterday wanting to put a captcha on our web site. I had to talk 
>>>> really
>>>> long to get her to not do it. It was a really tough sell and I only got
>>>> her
>>>> to agree on a provisional basis. If an alternate solution I came up 
>>>> with
>>>> doesn't work, she will probably insist on using the captcha. Her point 
>>>> is
>>>> that the page we want to protect simply isn't visited very often by 
>>>> blind
>>>> people. Its not worth the trouble to make it accessible.
>>>>
>>>> I've pointed out that its a matter of principle. I've even mentioned 
>>>> what
>>>> a
>>>> bitter thing it would be for me to install captcha software. I've 
>>>> pointed
>>>> out our legal responsibilities. All this makes little to no difference.
>>>> All
>>>> that really matters is that captchas work. Honestly, I was sitting 
>>>> there
>>>> thinking of trying to write software to break captchas and sending it 
>>>> to
>>>> every spammer I can find.
>>>>
>>>> By the way, my boss is not a bad person by any means. She is very open
>>>> minded. I just think that if you're not blind, you don't see what the
>>>> problem is.
>>>>
>>>> ----- Original Message -----
>>>> From: "Joshua Lester" <jlester8462 at students.pccua.edu>
>>>> To: <nfb-talk at nfbnet.org>
>>>> Sent: Tuesday, April 12, 2011 10:25 PM
>>>> Subject: [nfb-talk] Captcha, (I've had enough!)
>>>>
>>>>
>>>>> Hi, it's Joshua Lester.
>>>>> I've posted this on the Faith Talk list, and the Music list, but I'm
>>>>> not having any success.
>>>>> I've just thought of a question.
>>>>> I'd like everyone's feedback.
>>>>> How can we better influence the Webmasters of their sites, to make
>>>>> more accessible contact forms?
>>>>> How can they make them, where they can differentiate, between Jaws, 
>>>>> and
>>>>> a
>>>>> Robot?
>>>>> I want them to make the captcha, where Jaws can catch it, and read it 
>>>>> to
>>>>> us.
>>>>> What can we do?
>>>>> Thanks for your ideas.
>>>>> This is for all Websites.
>>>>> Blessings, Joshua
>>>>>
>>>>> _______________________________________________
>>>>> nfb-talk mailing list
>>>>> nfb-talk at nfbnet.org
>>>>> http://www.nfbnet.org/mailman/listinfo/nfb-talk_nfbnet.org
>>>>> To unsubscribe, change your list options or get your account info for
>>>>> nfb-talk:
>>>>> http://www.nfbnet.org/mailman/options/nfb-talk_nfbnet.org/john%40johnheim.net
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> nfb-talk mailing list
>>>> nfb-talk at nfbnet.org
>>>> http://www.nfbnet.org/mailman/listinfo/nfb-talk_nfbnet.org
>>>> To unsubscribe, change your list options or get your account info for
>>>> nfb-talk:
>>>> http://www.nfbnet.org/mailman/options/nfb-talk_nfbnet.org/jlester8462%40students.pccua.edu
>>>>
>>>
>>> _______________________________________________
>>> nfb-talk mailing list
>>> nfb-talk at nfbnet.org
>>> http://www.nfbnet.org/mailman/listinfo/nfb-talk_nfbnet.org
>>> To unsubscribe, change your list options or get your account info for
>>> nfb-talk:
>>> http://www.nfbnet.org/mailman/options/nfb-talk_nfbnet.org/pdonahue2%40satx.rr.com
>>>
>>>
>>> _______________________________________________
>>> nfb-talk mailing list
>>> nfb-talk at nfbnet.org
>>> http://www.nfbnet.org/mailman/listinfo/nfb-talk_nfbnet.org
>>> To unsubscribe, change your list options or get your account info for
>>> nfb-talk:
>>> http://www.nfbnet.org/mailman/options/nfb-talk_nfbnet.org/john%40johnheim.net
>>>
>
>
>>_______________________________________________
>>nfb-talk mailing list
>>nfb-talk at nfbnet.org
>>http://www.nfbnet.org/mailman/listinfo/nfb-talk_nfbnet.org
>>To unsubscribe, change your list options or get your account info for 
>>nfb-talk:
>>http://www.nfbnet.org/mailman/options/nfb-talk_nfbnet.org/steve.jacobson%40visi.com
>
>
>
>
>
> _______________________________________________
> nfb-talk mailing list
> nfb-talk at nfbnet.org
> http://www.nfbnet.org/mailman/listinfo/nfb-talk_nfbnet.org
> To unsubscribe, change your list options or get your account info for 
> nfb-talk:
> http://www.nfbnet.org/mailman/options/nfb-talk_nfbnet.org/john%40johnheim.net
> 





More information about the nFB-Talk mailing list