There has been news lately about Microsoft and GMail Captchas being broken and with figures of 60-80% success rates by spambots is certainly looks like the current method of blocking automated access is going to need a replacement soon.

Now this security image technology has long been the bane of visually impaired users with captchas effectively denying access to large areas of the web. It’s just a small part of the whole accessibility debate.

A new service called IMAGINATION adds another level to the captcha idea and is being touted as captcha 2. IMAGINATION uses a picture of a distorted image and radio button list of options describing the image, these options are also in an image. This would require the recognition of the image and then the text options available which makes things a lot harder for the spambot and unfortunately still keeps the visually impaired out.

I wish I could come up with a solution to this issue but the honest truth is I can’t. Even the odd site that provides an alternative audio captcha isn’t a perfect solution and as voice recognition software is very mature I’m sure that this could be an alternative way in for the spambots.

The only option I can see that satisfies both blocking automated processes and follows accessibility guidelines is the kind of question and response architecture. In it’s simplest form this could be “What is the colour of the sky?” - most users of course will be able to answer “Blue” and be let through. However this does leave the door open to bots being able to lean on the power of the net to answer the questions.

So where to go from here? Well this entire problem stems from the anonymity of the net so the obvious solution is to provide an independently authenticated identification system that could be used in a similar fashion to OpenID.

Being identified on the net solves a wide range of issues being talked about at the moment but are people willing to lose their anonymity though?

I posted yesterday about Google crawling forms and have been keeping a close eye on others reactions to this news.

I’m not surprised to read some are not so happy about this news. For example a post on Search Engine Watch states Google is a clear and present danger to corporate data privacy.

It is true that Google is trying to map the invisible web as it is now but I disagree that this should cause a danger to corporate data privacy. We’re not talking about a brute force attack by a piece of software like John the Ripper and in any case if this data isn’t for public eyes then why is it so easily to get hold of? Simply adding a quick Captcha will stop GoogleBot in it’s tracks. Maybe the people who are worried about this should review how they are making the information available.