[whatwg] Bot protection

Robert Accettura robert at accettura.com
Mon Dec 27 16:51:27 PST 2004


The one thing I'd *really* like to see is some method to prevent bots, 
but mantain accessibility (something a CAPTCHA doesn't provide).  A 
bot=false type of solution doesn't really mean much, since that requires 
the UA to be honest. 

Were all familiar with blog spam (i'm being bombarded as we speak).  But 
just think about how abusive script kiddies can be with web 
applications.  The possibilities are as endless as the applications that 
can be created.

I'd just like a simple method that is accessible, forces the user to do 
*something* that a bot can't just do.  So humans need to be involved.

I've heard it be suggested as an alternative for CAPTCHA's a website 
should provide an audio version.  What's really needed is a standard 
approach to follow.  A specific tag for human validation so honest UA's 
know what it is and can respect it, and perhaps even decide from a list 
of options...

In sillysyntax(tm):

<captcha type="multi">
  <option method="img" type="text"/>
  <option method="audio" type="text"/>
  <option method="esp" type="text"/>
</captcha>

In the above, the UA would realize human interaction is needed.  It has 
been given a choice of 3 options and enter text based upon them.  This 
way a visually impared person can choose to never use an img.  And a 
deaf person can choose never to use audio.

Obviously my sillysyntax isn't good, and I'm sure there's a better way 
to illustrate what I'm thinking, but hopefully someone else can build 
upon this.

I'd just want a way to ensure no automation, and still be accessible.  
IMHO that's very important.

-- 
Robert J. Accettura
robert at accettura.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: robert.vcf
Type: text/x-vcard
Size: 131 bytes
Desc: not available
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20041227/f1951722/attachment-0001.vcf>


More information about the whatwg mailing list