Hi I am not from software development background, but I feel that you can check this website ssconline.nic.in it seems that the developer of this website has done something for solving captchas. According to my understanding, Alok's approach is similar to the one adopted by this one.
On 8/8/17, Alok Kaushik via Ai <ai@accessindia.inclusivehabitat.in> wrote: > Hi Harish / Akash, > > Thanks for your response. > > > > Yes. I completely agree that theoretically it is possible to extract the > alt text of the image and convert words in numbers. However, the idea was > to stop general bots, which would still happen. It is possible to > determine the captcha programmatically provided that coding to target > specific site is done. I would myself not recommend this approach for a > site that is vastly popular, or has high stakes, in which case specific > targeting could very well happen. > > > > There are many other backend tracking and detection mechanisms that > should be implemented for a high visibility / high stake site. Amazon has > been able to keep intruders away even without a captcha. > > > > OTP may be cited as one of the alternatives. > > > > However, solution has to be context specific, and many portals that are new > or have a relatively low user base may not be able to opt mobile > integration or deploy network level safety mechanisms. > > > > Sugamya Pustakalaya has a captcha that asks the user to add two numbers. > While this would suffice for a general bot, it would not suffice if > someone specifically targets that site, and codes to determine the > captcha. Hackers would indulge in custom coding if they have something to > gain from it. > > > > Your observation is completely valid. We just need to decide context > specific trade-offs. > > > > > > I may be sticking out my neck and making a statement about future. I feel > that with the emergence of AI / computer vision most captchas would not be > safe in near future, even if they are just images. We may actually see > image based captchas go away in the time to come, and something new may > emerge. > > > > Thanks. > > Alok > > > > From: Ai [mailto:ai-boun...@accessindia.inclusivehabitat.in] On Behalf Of > Kotian, H P via Ai > Sent: Tuesday, August 08, 2017 2:17 PM > To: Share, empower &Enrich > Cc: Kotian, H P > Subject: Re: [Ai] For software developers - creating custom accessible > CAPTCHA > > > > Hi Alok > > > > Just to bring to your attention, there is a security challenge in this > approach. > > CAPTCHA is essentially used to fight against Bots and to prevent them from > guess the CAPTCHA. > > As I see, you have the words placed in Alt text. It is not a big deal to > read the alt text fromDocument object and convert the numbers in words back > to numerals. > > > > Check it out. > > > > Harish. > > > > > > From: Ai [mailto:ai-boun...@accessindia.inclusivehabitat.in] On Behalf Of > Alok Kaushik via Ai > Sent: Tuesday, August 8, 2017 8:49 AM > To: ai@accessindia.inclusivehabitat.in > Cc: Alok Kaushik <alok.li...@gmail.com> > Subject: [Ai] For software developers - creating custom accessible CAPTCHA > > > > Hi, > > In one of my recent software development works I created a CAPTCHA that is > accessible for screen readers using the following approach. > > > > 1. Generate a random 5 digit number. > > 2. Generate an image containing the embedded 5 digit number. Image is > programmatically generated and is not an image that could be downloaded. 5 > digit number is communicated to the captcha generating code using > encryption. > > 3. Convert the complete 5 digit number in English words, including the > words thousand and hundred. > > 4. Assign the converted number in words as the alternate text of the > image dynamically. This would allow the screen readers to read out the > number in words, while other users will see regular image. > > 5. Track the random number as a session variable for later > comparison. > > > > I am writing this for following two reasons. > > 1. This approach seems to be working for me. Want to know if anyone > sees any issue in this either in usability or security. > > 2. If anyone doing software development is interested in implementing > this, I can share the code off the list. > > > > Thanks. > > Alok > > > > > > _____ > > > Caution: The Reserve Bank of India never sends mails, SMSs or makes calls > asking for personal information such as your bank account details, > passwords, etc. It never keeps or offers funds to anyone. Please do not > respond in any manner to such offers, however official or attractive they > may look. > > > Notice: This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you are not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the information contained in > this e-mail message and/or attachments to it are strictly prohibited. If you > have received this email by error, please notify us by return e-mail or > telephone and immediately and permanently delete the message and any > attachments. The recipient should check this email and any attachments for > the presence of viruses. The Reserve Bank of India accepts no liability for > any damage caused by any virus transmitted by this email. > > -- Believe in WORK not in LUCK! & Most of all, trust in God but don't be dependent on Him. --- Thanks, Cornelius Lyngdoh. Disclaimer: 1. Contents of the mails, factual, or otherwise, reflect the thinking of the person sending the mail and AI in no way relates itself to its veracity; 2. AI cannot be held liable for any commission/omission based on the mails sent through this mailing list.. To check if the post reached the list or to search for old posting, reach: https://www.mail-archive.com/ai@accessindia.inclusivehabitat.in/maillist.html _______________________________________________ Ai mailing list Ai@accessindia.inclusivehabitat.in http://accessindia.inclusivehabitat.in/mailman/listinfo/ai
