[Mailman-Developers] Re: Opening up a few can o' worms here...

Chuq Von Rospach chuqui@plaidworks.com
Tue, 30 Jul 2002 09:57:47 -0700 

On 7/30/02 9:40 AM, "Dan Mick" <Dan.Mick@sun.com> wrote:

> Do you mean that the premise,
> "the email address is either inaccessible or inaccessible just to
> ADA folks" is not valid?

No, I don't. Programmatically obfuscating an email address still makes that
obfuscated email address available to a reader app for a sight-limited
person. So at least he gets something that can be interpreted. If you put it
in a graphic, since you can't (by definition) put readable content in the
ALT tag, that person ends up with a big empty, which means it's no longer
accessible. If that is, say, the email address of the admin of the list,
that list is not ADA compliant because a site-limited person can't get to
the data to manually deobfuscate it. (one could argue that obfuscating an
admin address would be bad usability for novice users, but that's a
different argument and not ADA oriented).

But beyond that, this is really a side-argument to my main one, which is
that this is really a fix of false security, since those graphics are only
safe as long as it's not worth the time of the spammers to decode them. You
can argue difficulty all you want -- I've seen what Omnipage is capable on
macOS these days, and graphics aren't safe as soon as someone decides to go
after them. 

And, unfortunately, some of the techniques Ka-Ping suggest to go after the
OCR systems also fail ADA compliance because they're going to totally hose
over folks like the colorblind. And, frankly, if you play a bit with
photoshop filters and photo-retouching techniques, you'll find very few of
those techniques will survive even trivial attempts to pull out the
information. 

I'm categorically against "fixes" that assume "they'll go after someone
easier", because they lull you into false feelings of security, and then
when they DO decide to target you, you aren't really secure, and you aren't
really looking for the attack. Either fix it right, or don't bother fixing
it, IMHO. And graphics fail too many tests for me to take them seriously.

(this is one reason why, for instance, we are reinventing our archive system
to remove the passwords we're currently using to keep the bots out. Because
that's a system that doesn't really solve the problem, any more than a "do
not enter" sign on an unlocked door stops a burglar. It only stops stupid
burglars.)


-- 
Chuq Von Rospach, Architech
chuqui@plaidworks.com -- http://www.chuqui.com/

Very funny, Scotty. Now beam my clothes down here, will you?