JaninaSajka
commented
5 years ago Hello:
Thank you for your most informative comment. We look forward to hearing about your accessibility enhancements. Meanwhile we want to clarify our understand of how the user will experience this protocol.
If we're understanding correctly, the user still needs to satisfy a host that they are human and not robotic. But, following that, they bank a quantity of tokens which can be spent against future Turing challenges. Is this essentially correct?
If so, what are the restrictions on the initial verification of humanity? Might it be satisfied through biometric identifiers for instance?
Thank you in advance for your help.
Janina
e271828- writes:
We are working on extending the OPRF draft IETF standard (https://github.com/chris-wood/draft-sullivan-cfrg-oprf/blob/master/draft-sullivan-cfrg-oprf.md) to address the accessibility use case, in particular for our hCaptcha.com service.
It is currently used by Cloudflare and hCaptcha.com for Privacy Pass (https://privacypass.github.io) anonymous user-authentication.
Will take us another week or so before we are ready to publish a proposal, but we believe it solves many issues in a way that preserves privacy while being substantially more robust to typical attacks.
Audio is dead as a countermeasure, so is no longer a plausible alternative. If it were effective, there would be no reason for reCAPTCHA to disable it when suspicious, as @dessant points out in w3c/captcha-accessibility#28 .
If this draft is still open for comments let me know, and we will work with you on extending it to cover this work.
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: w3c/captcha-accessibility#27
--
Janina Sajka
Linux Foundation Fellow Executive Chair, Accessibility Workgroup: http://a11y.org
The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) Chair, Accessible Platform Architectures http://www.w3.org/wai/apa
We are working to extend the OPRF draft IETF standard (https://github.com/chris-wood/draft-sullivan-cfrg-oprf/blob/master/draft-sullivan-cfrg-oprf.md) in order to address the accessibility use case.
It is currently used by Cloudflare and hCaptcha.com for Privacy Pass (https://privacypass.github.io) anonymous user-authentication.
Will take us another week or so before we are ready to publish a proposal, but we believe it solves many issues in a way that preserves privacy while being substantially more robust to typical attacks.
Audio is dead as a countermeasure, so is no longer a plausible alternative to a visual Turing test. This is why reCAPTCHA disables it when suspicious, as @dessant points out in w3c/captcha-accessibility#28 .
If this draft is still open for comments let me know, and we will coordinate with you on extending it to cover this work.