Evading CAPTCHA

Security test with the words "kill CAPTCHA" written and a text box to enter them in
Facebooktwitterredditlinkedinmail

The ‘Completely Automated Public Turing test to tell Computers and Humans Apart’ is one of the most infuriating things on the web. It’s even more annoying than forgetting your password for a site or those timers that run while you try to buy tickets for an event and have to answer a million questions. One of the reasons they are so infuriating is they are completely incomprehensible. It’s all very well saying ‘type this distorted word or identify this distorted image to prove you aren’t a spambot’ but what if you can’t read the word or identify the image? The fact that this happens to most of us on a regular basis is annoying enough, but what if you are blind or visually impaired?

The trouble is that for the same reason that CAPTCHA trips spambots, it trips screen readers too. Screen readers that the blind or visually impaired rely on. Some sites have an audio version of CAPTCHA with words and numbers accompanied by other sounds. The idea is that only the human mind can work out which sound they need to type. In practice, it’s just as difficult for a human to pick out the word from the cacophony of sound as it is for a spambot. So now what?

Christopher Toth is what. His company, Accessible Apps, has been rethinking and releasing accessibility-focused programs that allow those with disabilities to use the same programs everyone else does. And being a blind programmer gives him the edge on, not only, the annoying glitches that trip others with sight difficulties, but also the downright maddening elements of sites where the needs of people with disabilities haven’t even been considered. In 2016, he announced in a podcast that Accessible Apps was taking on CAPTCHA with a program called CAPTCHA Be Gone.

CAPTCHA Be Gone, though still in its infancy, can work with all major Windows screen readers and all internet browsers, though not yet with mobile browsers and Macs. Once paid for and downloaded, the service will read out the letters and numbers of the CAPTCHA test to the user with one simple right click. The minimal fee of US$33 a year allows those with visual impairments to use the site without the distress of CAPTCHA and without requiring the help of an assistant or caregiver. In fact, the fee seems trivial even for someone without visual impairments to be able to avoid the CAPTCHA test.

The test itself is so hated that consumer groups alongside disability organisations have been campaigning for a while to have them rethought or removed altogether. Google has taken up the challenge with its own ‘I am not a robot’ checkbox. Apparently, all that’s really needed to confuse a spambot in the first place is this simple question – or rather the request to click a box. It isn’t that the question causes an existential crisis it’s that the system can tell from the mouse movements immediately before the click whether it is human or robot. In tests, 60% of WordPress users and 80% of those using a gaming ecommerce site were identified by only the checkbox test. It’s not clear if any of these had visual impairments and It may be a while before this simple solution is foolproof for those with accessibility issues whose mouse movements will likely be different. Still, it’s a step in the right direction.

Sign up for an accessibility review through Amnet Systems and make sure the one billion people worldwide with disabilities are making the most of your digital assets.