[tor-bugs] #10831 [BridgeDB]: Captchas are not accessible for blind users

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 8 04:44:24 UTC 2014 

#10831: Captchas are not accessible for blind users
--------------------------+--------------------------------
     Reporter:  PZajda    |      Owner:  isis
         Type:  defect    |     Status:  new
     Priority:  normal    |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:            |   Keywords:  bridgedb-reportbug
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+--------------------------------

Comment (by isis):

 There are currently two ways to give CAPTCHAs to a BridgeDB user:

   1. Request a CAPTCHA from a reCaptcha API server using either BridgeDB's
 IP or a random fake IP, steal the image and the
 `'recaptcha_challenge_string'` form field from the response (the code for
 this is
 [https://gitweb.torproject.org/bridgedb.git/blob/HEAD:/lib/bridgedb/Raptcha.py#l21
 here]), and then serve it to the client. The client's CAPTCHA solution is
 then sent back to the reCaptcha API server for verification.

   2. There is a branch for #10809 which changes to using a local cache of
 descriptors, which is [https://github.com/isislovecruft/gimp-captcha
 created with Gimp]. I think we intend to to go the later route of using
 homebrewed CAPTCHAs, and adding audio CAPTCHA support would be excellent.
 The scripts which generate the CAPTCHAs cannot be run on BridgeDB, because
 Gimp requires X to be installed. The script produces a directory of image
 files which are named for the CAPTCHA answer, i.e. `aT2bXvw7.jpg`.

 '''!#2''' is the better way to go, I think, as BridgeDB is switching to
 that. Though having support for reCaptcha's audio CAPTCHAs ('''!#1''') in
 BridgeDB would be good too.

 For '''!#2''': I am uncertain of the best way to do this.
   * One idea would be to convert the image filenames to audio, by
 extending the [https://github.com/isislovecruft/gimp-captcha gimp-captcha]
 scripts to also the produce audio files. I have not looked into Python TTS
 engine wrapping modules lately, and so I have little advice to give there.
   * Another idea, which might be more resource friendly, would be to
 ignore the filename completely and generate a random string, then use some
 TTS module to create the CAPTCHA (doing all this ''only'' if the audio
 CAPTCHA has been requested by a user).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10831#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list