Comprehensive Guide to Designing Accessible CAPTCHA

Explore our guide to designing accessible CAPTCHAs, ensuring they are user-friendly and inclusive for all and enhancing digital accessibility.

https://advancedbytez.com/make-accessible-captcha/

tried a dc taco place, cheap, open late. they r out here inventing entire new processes for the term “kafkaesque” to be applied to

does anyone know an email service that will let u make an account and then log into it using a password? i am at the end of my rope

I liked one post making fun of GRRM's blog and now my dash is full of the most media illiterate men you have ever seen complaining that a TV show about women has too many women in it.

Was just scrolling the flight rising forums to see if there was anything interesting and saw that a thread to change the coli captcha to something more accessible is up again.

If you hate the coli captcha and/or can't use it due to vision problems go give the thread some support. The recent changes to the scrying workshop seems to imply the staff at least care a little bit about accessibility and we might actually be able to get them to change the stupid nightmare colour vomit captcha to something people can actually see

or at the very least enable an accessibility option for users

One of the reasons I don't play much anymore is because my favourite thing to do is inaccessible to me now and it's really disheartening that my favourite part of the website was ruined because of a badly implemented anti-bot measure, and I know i'm not the only one it effected.

Very Silly Concept: a show called "Accessibility Nightmares" but it's structured exactly like Kitchen Nightmares. An accessibility specialist goes to different establishments and helps them make their businesses more accessible.

The accessibility specialist asks why the door at the top of the small set of stairs has a wheelchair symbol on it. The owner replies that's the accessible bathroom. The camera zooms in on the specialist as they process this information.

A customer with a service dog comes in to a restaurant. The hostess tells them they don't allow dogs. The accessibly specialist looks over at the hostess like

And there are web accessibility episodes too. The accessibility specialist stares at the white text on the light pink background of the home page like

The specialist asks why not a single product picture has alt text, and the business owner says "Well I mean, it's makeup, why would a blind person be shopping for makeup?" The specialist just

The specialist asks the web designer how a screen reader user is supposed to complete the captcha portion of the password reset process when there is no audio alternative. The designer admits they don't know.

So at this point I genuinely cannot make new accounts anywhere they require a visual captcha because the instructions are fucking vague as shit and make no sense. I literally just attempted a dozen. I clicked on the mfing buses and motorcycles and traffic lights. No dice. Am I supposed to click every single part of the picture that has the slightest hint of bus or not? I’ve tried it both ways but the images are such low quality that who knows if one image I didn’t click had a tiny sliver of a bus in one corner. I try over and over to request an audio one and apparently those just straight up don’t work because every single time it gives me an error and a try again later.

There has to be a better way to do this that doesn’t involve me being made to try again and again and again and again. Like maybe let me scream “fuck” into my mic if you need proof of life, cause your captcha has driven me to it and it might as well be of some use.

Still remember presumably abled people being offended that I pointed out that captchas are inherently inaccessible to blind deaf people.

Me: isn’t it kind of fucked that blind deaf people can’t access a large portion of the internet without outside help, including shit like banking

Some asshats in the comments: that’s a sacrifice I’m willing to make because there’s no other way to stop bots and no one’s blind deaf anyway.

Meanwhile, Disabled people in the comments: I’m cognitively disabled and spent hours trying to log on to my PlayStation and had to ask for help from my boyfriend. I’m not totally deaf but the audio options are such mush that I can’t tell what the hell they’re saying.

i just had to solve two of the most inaccessible captchas i have ever seen

the first one, which i failed twice, was a visual one where you are supposed to 'place a dot at the end of the car's path' on a map. it doesn't say which end of the path you're supposed to put it on, and i tried both ends and it said i got it wrong both times??????????

so i tried an audio captcha instead and it was almost as bad. specifically, it had two different computer-generated voices speaking At The Same Time, with the higher-pitched one speaking louder and that one said to type one of two words that it spoke. trying to understand what that one was saying with the other voice going on underneath it was absurdly hard due to my auditory processing difficulties

oh, and this was after i had to solve a normal fucked-up-text captcha, which i also have trouble with because i'm dyslexic. i managed to do that one however and it still gave me the other goddamned captchas afterwards

UPDATE: As of 25/04/2025, 4chan is back up and running again. This post and its addendum will be kept as is, and will no longer be updated unless it goes back down again. If you were on /ghost/, it was a pleasure shitposting with you.

All right, I know no one gives a shit, but let me give you a recounting of the fall of 4chan from the perspective of someone who was there and has been lurking both 4chan and tumblr for a few years now.

I'll try to provide as much context as I can, but a lot of images were either lost or im too lazy to look for them in the +5000 reply thread in soyjak party.

Anyways, info below:

So, necessary context: a few years back, 4chan had a board called /qa/, which if you know little about the page, you may think every board is like /b/ or /pol/, which means a containment cess pool of grifters, (you) baiters, incels, and other deranged individuals. The thing is, /qa/ was somehow worse. The entire board was plagued and infested with soyjack edits, board culture was a nuclear disaster, anons were incredibly hostile in there, you know the drill, the big bad 4chan, but this time its actually true.

One day, moderation deleted /qa/, anons that posted there got mad, tried to raid other boards, failed, and then moved on to an altchan called soyjack party, which entire purpose you can guess from its name alone.

Apparently, the boards that allow pdf uploads (paper and origami, for example) didn't check if the uploaded file was actually a pdf file, so postscript files could be used to get access. This is as far as my understanding of web backend goes, sorry.

The hacker claims to have been working on this since 2021, and that he had access since about a year ago, but was recopilating data.

Now, what actually happened when the hack ocurred? Well, a banner of miku dancing with a song that played automatically was placed on top of every board, with the text "/QA/ IS BACK", this was possible because apparently no board was ever deleted, they were just hidden from the public.

A thread was then made on soyjack party, claiming authorship over the hack, and shit went south from there. Anons went en masse to talk there, a lot of weird discussion happened, the thread got the bump limit removed and got pinned, more than 5k posts were amassed on the first night alone. Keep in mind this happened at about 8 pm and most of the stuff went on through midnight.

So, the hacker leaked some things, first of all, the html files for the entirety of /j/ and the email address for every moderation member (important note: the pressence of .gov mails was disproven by the hacker themselves, so i guess there were never any feds), what is /j/? the board exclusive for jannies and moderators to discuss actions taken on the website regarding spam, ban evaders, threads spiraling out of control, etc. Among other things, some of the inner workings of 4chan got revealed, such as the web extension for jannies that allows them to do their job easily, how reports are handled, and other stuff. (Anecdotically, some guy got permabanned for calling anons jews or n-words over a 100 times in the same few threads)

Then, the source code got leaked. Important to say, the hacker removed the part of the source code related to the captcha, as to not facilitate bot attacks on the future, and all information related to email verification or 4chan pass users information also got removed, so all in all users are safe.

What was found on the sourcecode? That it was old, mostly. Most boards used code that hasn't been updated since about 2016, and /flash/ used the exact same code from when it was created back on 2011.

From there, desuarchive, a site that archives threads that die from bump limit, opened a dragon ball general on ghost mode, and thus began what later got called /ghost/, a solely text based thread with well over 20k replies as of right now, where a fraction of the 4chan population took refuge and is currently discussing random things with no particular topic. Kinda hard to read, but its comfy.

What does this mean for other sites? Not a lot, really. A lot of anons already crossposted in 4chan and tumblr already, and the ones that din't most likely wont come here. Some of the bigger/most dedicated groups, like /vt/, migrated to other boards. Various altchans are trying/tried to catch some of the flock of users that got lost, but i doubt it will get anywhere, since soyjak party for example was struggling with just the influx of users that came for the hack thread given its poor infrastructure. Kiwifarms saw a surge of new accounts apparently, but a lot of anons kinda loathe the idea of having to register, so theres that.

Smaller communities, such as generals that didn't get a lot of traffic, or boards on the slower end (say, /ic/, /lit/, etc) will probably vanish or disseminate until (or if) 4chan comes back up. I'd say give it a month, don't get your hopes up whether you want it to stay dead or want it to come back.

Given how many anons are staying on places like /ghost/ or other similar archives with the same ghost posting feature, i doubt it will be as bad as people are making it sound. Besides, the communities that are most likely to migrate to places like tumblr are either /co/, /vg/ or /lgbt/ refugees, which aren't THAT bad. Not every board was like the main cesspools (/b/, /r9k/, /pol/).

From now on, either 4chan comes back up in a few weeks (somewhere between 2 weeks to a month is expected), altchans capture the migrating anons, or a brand new imageboard rises from the ashes to become the new go-to site for old 4chan posters.

In conclusion, nothing ever happens, but also don't worry, chances are this won't affect tumblr in the slightest. If it does, you can cash in your "you were wrong" ticket whenever you want, i'll take the L.

As a footnote, keep in mind: NO users were compromised, if you ever posted there and are worried for your safety, physical or digital, you are safe.

Edit: Forgot to add, if you are a 4chan refugee, im BEGGING you to dm me and tell what board you were from and where are you migrating, if at all.

Thank you so much for the AI scrape search tool. I am not sure if you have answered this question before but in case not: I always thought that locking fics to logged in users was a safe bet. and all my fics were locked, but it appears 36 of them got scraped anyways. Do you know what enables the AI to scrape them? are there additional measures I could take to prevent it happening besides using an unrevealed collection?

Thanks in advance! i really appreciate that you took the time to make this

Aw man, this is something that's bothered me since long before this recent scrape.

There's this common advice out there that user-locking your fics will protect them, and that's just never been the case. The only thing user-locking does is require all readers to have an account. I can get a new AO3 account in less than 5 minutes. Even if I couldn't find someone to give me an invite code (which many, many people will, even complete strangers), it's only a couple days to wait to be auto-approved. Once you have an account, you have access to the locked fics for as long as you can keep that account from getting flagged for suspicious activity. To avoid that, you just have to limit the rate at which you're scraping. Do it slow enough, and you'll never be flagged as a bot account.

The public works are only a more popular target because it's easier to scrape them quickly.

(And to be clear, this isn't meant to shit on the people who were passing around the advice to lock your fics! They saw something they thought would protect people and were kind enough to spread the word. It unfortunately just isn't the reality.)

I try to keep up regularly with AO3's terms of service, and the last I checked, there's no blanket ban on scraping. I personally use a scrape tool on my own statistics page daily, and that's 100% within the allowed terms of service. It's my stats page, so obviously, I'm logged in to do that. Different scrapers use different tools, and I don't know anything about what mass scrapers stealing other people's fics do, but I know for my own personal one, this is the only bit of code I needed to add to handle logging in to do my personal scrape.

For FFN:

In people language, this says "Pop up an error to tell Skyler to login to FFN and try again." I have to do this because FFN has anti-bot stuff on their login page that I'm sure some people could get around, but I'm an amateur and I sure can't do that.

AO3 is even easier because the code can just log in for you if you're not logged in, and AO3 doesn't do CAPTCHA. Scribbling out my NSFW pseud because I am NOT outing my weird kinks to you guys, sowwy.

That code takes maybe 5 minutes to write and test. That's why locking your fics isn't a guarantee, because it's that easy to just log in and then set your scrape tool to go slow enough to not be flagged.

So far, the only things I've seen that look effective are unrevealed collections and not posting fic at all, but I'm still trying to look into other options. (I was hoping to look faster, but it's been insane at work so I haven't had time to do much else!)

"Bots on the internet are nothing new, but a sea change has occurred over the past year. For the past 25 years, anyone running a web server knew that the bulk of traffic was one sort of bot or another. There was googlebot, which was quite polite, and everyone learned to feed it - otherwise no one would ever find the delicious treats we were trying to give away. There were lots of search engine crawlers working to develop this or that service. You'd get 'script kiddies' trying thousands of prepackaged exploits. A server secured and patched by a reasonably competent technologist would have no difficulty ignoring these.

"...The surge of AI bots has hit Open Access sites particularly hard, as their mission conflicts with the need to block bots. Consider that Internet Archive can no longer save snapshots of one of the best open-access publishers, MIT Press, because of cloudflare blocking. Who know how many books will be lost this way?  Or consider that the bots took down OAPEN, the worlds most important repository of Scholarly OA books, for a day or two. That's 34,000 books that AI 'checked out' for two days. Or recent outages at Project Gutenberg, which serves 2 million dynamic pages and a half million downloads per day. That's hundreds of thousands of downloads blocked! The link checker at doab-check.ebookfoundation.org (a project I worked on for OAPEN) is now showing 1,534 books that are unreachable due to 'too many requests.' That's 1,534 books that AI has stolen from us! And it's getting worse.

"...The thing that gets me REALLY mad is how unnecessary this carnage is. Project Gutenberg makes all its content available with one click on a file in its feeds directory. OAPEN makes all its books available via an API. There's no need to make a million requests to get this stuff!! Who (or what) is programming these idiot scraping bots? Have they never heard of a sitemap??? Are they summer interns using ChatGPT to write all their code? Who gave them infinite memory, CPUs and bandwidth to run these monstrosities? (Don't answer.)

"We are headed for a world in which all good information is locked up behind secure registration barriers and paywalls, and it won't be to make money, it will be for survival. Captchas will only be solvable by advanced AIs and only the wealthy will be able to use internet libraries."

Love the fact the Walter robots canonically(?) can’t pass a captcha test, even if it’s just clicking a box.

Something tells me that was put in place as more of a child lock than the bots not having the capability to. Just imagine how many useless packages would be arriving at Walter Manor on the daily if Rabbit and Zer0 had unrestricted access to the internet. Also viruses. So many viruses because sometimes Spine loses the braincell and even he doesn’t realize that, no, this link will not give you free online tokens. In fact, yes, Rabbit, you should click it! This is a very good idea that will have absolutely no negative consequences (Six and the Walter Workers who had to handle those consequences would disagree)!

I want to get on douyin as well, but it seems that I'm not able to download it living in the US... from your bio I assume that you also don't live in China, so I'm curious how you manage to access it?

If you have an iphone, there's instructions on how to access the China app store in my FAQ (/faq or linked in my pinned). You will likely not be able to sign up for an account (national IDs/Chinese phone numbers are required for access), but you can still use the app without signing in, and as you use it, the algorithm will customise your experience same as if you did have an account.

I'm unsure how to access the app for Android, sorry!

If you don't want to download the app, the web version, douyin.com, is not as restricted as tiktok.com, and you can pretty much use the search/tag functions and scroll the feed unrestricted (just fill out the captcha and X out of sign up pop-ups). The only thing with the website is that recently, it's gotten a little more restricted in terms of how many comments you're able to scroll through, and also you may not have access to individual user pages anymore (top/recent videos may still appear in the sidebar—you just might not be able to click through to see their whole page).

I donated a total of 6 dollars , though i am english not sure how many quid i donated but yes!!! probably shouldn't have access to my card as i gave my headache over the possibility of spending 1/3rd of my bank account and over 8 months worth of pocket money on a jhost card and chains.... i've been told by many people i should t as i don't have a job BUTTT also another friend is being irrisponable and trying to make me spend it... ill think about it

also Martyn reading my name out in stream!! i wanted to slide a second donation in with the name "Joe Hills Juppet in a trench coat" but the captcha hated me.. so.. yeah..