fix summary overrun
This commit is contained in:
parent
8d0a71ee64
commit
16cb9b256e
|
|
@ -118,51 +118,52 @@ of CAPTCHAs:
|
|||
[scan your LAN ports][ebay].
|
||||
1. GUI CAPTCHAs fail to meet [WCAG standards][wcag] and thus
|
||||
discriminate against impaired people, ultimately blocking
|
||||
satisfaction of [FSF criteria C2][fsfCriteria]: <details>
|
||||
<summary>(rationale)</summary>
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th><strong><em>WCAG Principle</em></strong></th>
|
||||
<th><strong><em>How the Principle is Violated</em></strong></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><em>1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.</em></td>
|
||||
<td>hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>1.2: Time-based media: Provide alternatives for time-based media.</em></td>
|
||||
<td>hCAPTCHA has an invisible timer that the user cannot control.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.</em></td>
|
||||
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code>, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible. Moreover, CloudFlare attacks robots -- robots that could help provide an alternative user interface for users that are impaired or handicapped. Robots often use wget or cURL to obtain data that is presented to the user in a more useful way.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>2.1: Make all functionality available from a keyboard.</em></td>
|
||||
<td>The hCAPTCHA does not accept answers from the keyboard.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>2.2: Provide users enough time to read and use content.</em></td>
|
||||
<td>If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>3.1: Make text content readable and understandable.</em></td>
|
||||
<td>When the CAPTCHA says "select all images with parking meters", how is someone in Ireland supposed to know what a parking meter in the USA looks like? When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>3.2: Make web pages appear and operate in predictable ways.</em></td>
|
||||
<td>It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>4.1.: Maximize compatibility with current and future user agents, including assistive technologies.</em></td>
|
||||
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code> or any other text-based tool, the blockade imposes tooling limitations on the user.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</details>
|
||||
satisfaction of [FSF criteria C2][fsfCriteria]:
|
||||
<details>
|
||||
<summary>(rationale)</summary>
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th><strong><em>WCAG Principle</em></strong></th>
|
||||
<th><strong><em>How the Principle is Violated</em></strong></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><em>1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.</em></td>
|
||||
<td>hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>1.2: Time-based media: Provide alternatives for time-based media.</em></td>
|
||||
<td>hCAPTCHA has an invisible timer that the user cannot control.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.</em></td>
|
||||
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code>, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible. Moreover, CloudFlare attacks robots -- robots that could help provide an alternative user interface for users that are impaired or handicapped. Robots often use wget or cURL to obtain data that is presented to the user in a more useful way.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>2.1: Make all functionality available from a keyboard.</em></td>
|
||||
<td>The hCAPTCHA does not accept answers from the keyboard.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>2.2: Provide users enough time to read and use content.</em></td>
|
||||
<td>If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>3.1: Make text content readable and understandable.</em></td>
|
||||
<td>When the CAPTCHA says "select all images with parking meters", how is someone in Ireland supposed to know what a parking meter in the USA looks like? When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>3.2: Make web pages appear and operate in predictable ways.</em></td>
|
||||
<td>It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>4.1.: Maximize compatibility with current and future user agents, including assistive technologies.</em></td>
|
||||
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code> or any other text-based tool, the blockade imposes tooling limitations on the user.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</details>
|
||||
|
||||
16. Users are forced to execute [non-free javascript][nonfreejs], thus
|
||||
violating [FSF criteria C0.0][fsfCriteria].
|
||||
|
|
@ -170,20 +171,23 @@ of CAPTCHAs:
|
|||
text-based clients including the `git` command.
|
||||
1. The CAPTCHAs are often broken. This amounts to a denial of service:
|
||||
* E.g.1: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
|
||||
* E.g.2: gitlab.com has switched back and forth between Google's reCAPTCHA and hCAPTCHA (by *Intuition Machines, Inc.*) but at the moment they've settled on hCAPTCHA. Both have broken and both default to access denial in that event: <table>
|
||||
<thead>
|
||||
<tr class="header">
|
||||
<th>Google reCAPTCHA (pre-2021)</th>
|
||||
<th>hCAPTCHA (gitlab.com today)</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><img src="https://user-images.githubusercontent.com/18015852/51769530-9d494300-20e3-11e9-9830-1610b3ae9059.png" alt="ccha"/></td>
|
||||
<td><img src="https://lemmy.ml/pictrs/image/dcSUfFnja5.png"/></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
* E.g.2: gitlab.com has switched back and forth between Google's
|
||||
reCAPTCHA and hCAPTCHA (by *Intuition Machines, Inc.*) but at the
|
||||
moment they've settled on hCAPTCHA. Both have broken and both
|
||||
default to access denial in that event: <table>
|
||||
<thead>
|
||||
<tr class="header">
|
||||
<th>Google reCAPTCHA (pre-2021)</th>
|
||||
<th>hCAPTCHA (gitlab.com today)</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><img src="https://user-images.githubusercontent.com/18015852/51769530-9d494300-20e3-11e9-9830-1610b3ae9059.png" alt="ccha"/></td>
|
||||
<td><img src="https://lemmy.ml/pictrs/image/dcSUfFnja5.png"/></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
19. The CAPTCHAs are often unsolvable.
|
||||
* E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
|
||||
|
|
|
|||
Loading…
Reference in New Issue