Re: [tor-bugs] #10831 [Circumvention/BridgeDB]: Captchas are not accessible for blind users

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#10831: Captchas are not accessible for blind users
-------------------------------------------------+-------------------------
 Reporter:  PZajda                               |          Owner:  juggy
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/BridgeDB               |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  bridgedb-reportbug, bridgedb-ui,     |  Actual Points:
  anti-censorship-roadmap-2020Q1 , s30-o22a2     |
Parent ID:  #31279                               |         Points:  5
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-can
-------------------------------------------------+-------------------------
Changes (by phw):

 * status:  needs_review => new


Comment:

 Replying to [comment:24 juggy]:
 > I wrote a sample web server [https://github.com/jugheadjones10/bridgedb-
 audio-captcha] that serves the original BridgeDB captcha page with audio
 captchas (using suggestions from the comments here). Could I receive some
 feedback about any naive code or problems that might arise if this is
 integrated into BridgeDB? Thank you!
 [[br]]
 Thanks for working on this! I gave it a shot and it worked for me. Here
 are some thoughts:

 * The size of a single audio CAPTCHA seems to be approximately 85 KB. It
 should be straightforward to add the audio CAPTCHA to
 bridges.torproject.org but if possible, we should also make it available
 over moat. We could encode it in Base64 and send it in the HTTP response
 to a moat request. However, > 85 extra KB per request sounds expensive for
 a CAPTCHA that only a small fraction of users would use but we may be able
 to reduce the size.

 * The library's default voice is English, which is a potential usability
 problem. It would be neat if we had multiple languages but this doesn't
 strike me as a critical issue. Most people will recognise English numbers.

 * Your GitHub repository contains the following question:
 > A concern : Given the simple input-output nature of the Python audio
 captcha library, it seems like it wouldn't take long to train a simple
 model to accurately crack the audio captcha.
   That's true but I wouldn't expect the audio CAPTCHA to be easier to
 break than the visual CAPTCHA, or am I missing something? As long as it
 doesn't make our distributor easier to attack, I see no problem in
 deploying it.

 * Out of curiosity, did you take a look at other libraries too? If so, why
 did you end up using https://github.com/lepture/captcha ?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10831#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs