[RFC] stop distributing worthless CAPTCHAS in 3.1

[/a3]

Just thought I would share this link... It's a different way of defeating bots (using games):

http://areyouahuman.com

A few issues:

• JavaScript sources aren't GPL. Nobody can modify/distribute them, except for the authors. As per the phpBB.com homepage, phpBB is "the #1 free, open source bulletin board software".
• phpBB 3.0 currently supports users without JavaScript. Even reCAPTCHA supports non-JS users.
• I haven't seen how their CAPTCHA works, but it might be worth considering that servers can also execute JavaScript (good example is node.js which uses V8).

On the subject:

stop distributing worthless CAPTCHAS in 3.1

+1

[DionDesigns]

Just thought I would share this link... It's a different way of defeating bots (using games):

http://areyouahuman.com

If one's site is in the United States, use of this CAPTCHA requires a fallback registration option (Admin-approval, COPPA-style, whatever). Such a CAPTCHA cannot be completed by people with many types of physical disabilities, which is a violation of ADA (Americans with Disabilities Act) if there are no other options for registration.

[callumacrae]

Just thought I would share this link... It's a different way of defeating bots (using games):

http://areyouahuman.com

If one's site is in the United States, use of this CAPTCHA requires a fallback registration option (Admin-approval, COPPA-style, whatever). Such a CAPTCHA cannot be completed by people with many types of physical disabilities, which is a violation of ADA (Americans with Disabilities Act) if there are no other options for registration.

wat

[RMcGirr83]

Such a CAPTCHA cannot be completed by people with many types of physical disabilities, which is a violation of ADA (Americans with Disabilities Act) if there are no other options for registration.

The ADA has no such authority as currently written. It encompasses employment, public entities, public accommodations and commercial facilities. It has absolutely nothing to do with CAPTCHAs/registrations. The US DOJ can ask for one if a complaint is filled but that's it. The company can choose to or not to comply with the request.

[DionDesigns]

Are you familiar with the online reservation service called OpenTable? Six years ago, they were sued on ADA grounds because a disabled individual was not able to register. It was settled out of court, and their registration page was completely rewritten. Was it a frivolous suit? Don't know, don't care. It's also very possible that the "ADA militants" who actively looked for violations are no longer as active as they once were. But you know, I (and I suspect most people) don't want to deal with a lawsuit, however frivolous and/or unlikely it may be.

Getting back on topic. Clearly people can do whatever they want, but if they are considering the use of an animated CAPTCHA, they should also consider offering an alternative method of registration.

[Ger]

If one's site is in the United States, use of this CAPTCHA requires a fallback registration option (Admin-approval, COPPA-style, whatever). Such a CAPTCHA cannot be completed by people with many types of physical disabilities, which is a violation of ADA (Americans with Disabilities Act) if there are no other options for registration.

That's where [RFC] Contact Page comes in.

[callumacrae]

Getting back on topic. Clearly people can do whatever they want, but if they are considering the use of an animated CAPTCHA, they should also consider offering an alternative method of registration.

That defeats the point in the animated CAPTCHA, as bots will just use the fallback…

[RMcGirr83]

Are you familiar with the online reservation service called OpenTable? Six years ago, they were sued on ADA grounds because a disabled individual was not able to register. It was settled out of court, and their registration page was completely rewritten. Was it a frivolous suit? Don't know, don't care. It's also very possible that the "ADA militants" who actively looked for violations are no longer as active as they once were. But you know, I (and I suspect most people) don't want to deal with a lawsuit, however frivolous and/or unlikely it may be.

No I was not aware of it. My post was to simply state that currently, as the law stands, Title III has not been amended for websites. Saying that, of course a company is going to revamp their registration process in lieu of a law suit as the former is much cheaper than the later. I am willing to bet that the "settlement" was nothing more than OpenTable stating they would change the registration part of their site and probably pay for the lawyer fees that were incurred to bring action.

https://www.federalregister.gov/article ... s-of-state

That's where [RFC] Contact Page comes in.

I don't believe that would satisfy the requirements of the law but not being a lawyer and there nothing in the law about web accessibility as it pertains to commercial endeavors, not completely sure.

[Ger]

Well, I'd say that you can simply put in something like:

Trouble registering? contact us for assistance.

[ecwpa]

I agree with stevemaury's original point. From the moment a CAPTCHA get's figured out by bots, it's over. Q&A are never over because they're never the same. If you ship phpBB with any of those, then bots can focus on a few single targets, Q&A (without defaults) doesn't allow this.

In a small forum I run we used to have 20+ spambots registering daily no matter what method we used until we switched to Q&A, since then it's been years since I saw a spambot which was a few days ago. My question was "what's the surname of the president of x country", I though it was something bots could figure out but they didn't until now. My current question is "what's the nickname of x athlete", I think we'll be safe with that one for a while.

So, Q&A without defaults is the way to go.