Some of the solutions proposed in the W3C article are: 1. Use logic puzzles.

This solution does not satisfy requirement 2. It would require someone to manually create these tests. Also, they would probably be difficult if you have a cognitive impairment. 2. Use credit card validation. Brilliant idea. Everyone would be happy to submit their credit card number to unknown sites on the internet. 3. Live operators. Fails on cost efficiency. Although it would be one of the best ways to provide support for your users, a lot of sites do not have the resources to provide this kind of service. 4. Federated identity systems. Well, this does not exist yet so we can not use it. 5. Sound output. If it could be possible to create a sound file that was difficult to decode for a machine, this may be the best option to use together with a regular captcha image. Lets move forward with this solution.
http://www.nfb.org/Images/nfb/Publications/bm/bm09/bm0901/bm090108.htm

The first version of HIPUU is a combination of nontextual images and sounds. For instance, we have an image of a dog, and we have a sound clip of a dog barking. The idea being that, if you are blind, you can use the sound clip; if you have a hearing impairment or are sighted with no disability, for that matter, you can use the picture of the dog. But, because it's nontextual because it uses pictures and sound clips--it's actually more secure. It is more secure because image-recognition and speech-recognition technology are much better at recognizing text than at identifying pictures and certainly at identifying sounds. Humans, however, are quite adept at recognizing both graphics and sounds. Depending on whether or not the user is blind, the user may use either the picture or the sound clip to respond appropriately to the security questions or tests in this system. Initially we used visual and sound combinations from transportation, animals, weather, and musical instruments. We started with things that are easy to identify. What happens is that, when you hear the sound clip, you must choose the correct answer by identifying the sound using a drop-down box where you select the appropriate choice. We started with the smallest of choices. We enhanced the security of the system by including a wide variety of sounds that would rotate for each test. If the user missed three attempts to identify the image or sound, the user would be blocked out of the program. This is consistent with the traditional CAPTCHA protocol. Again, the idea is that this should be much easier for both blind and sighted people to use and it should actually be more secure. Page 1 Page 1

Securely Extending Tag Sets to Improve Usability in a Video-Based Human Interactive Proof

Usability Challenges should be easily and quickly solved by humans. The test should be independent of the users language, physical location, educational background, and perceptual disabilities Usability To evaluate whether the video HIP is easy for humans, 30 participants of various genders, ages, and educational backgrounds will be asked to tag 30-50 video. The following will be recorded: time required for the user to submit a tag and the tag which the user submits. Using this data, the pass/fail decision of the separate sources mentioned above can be computed in a post-processing fashion. The participants will also be asked a subjective question of how difficult the tagging task was. Note that the users will not receive a pass/fail decision during the user study (this will be computed offline at a later date). While the proposed video HIP is not language independent, localized versions could be developed by serving appropriate videos from localized versions of the online video database (YouTube.de, YouTube.fr, etc.) Security To evaluate whether the video HIP is hard for machines, a database attack will be attempted against the video HIP. Since the underlying video database is public, attackers may attempt to replicate the database. Online video databases index tens of millions of videos (for example, YouTube.com indexes over 83.4 million videos as of April 9, 2008), which makes such an attack difficult. Nevertheless, such an attack vector will be evaluated. Futhermore, attackers may attempt to utilize important facts about the publicly available video selection algorithm and ground truth generation. Videos which will be included in the challenges must meet certain criteria (length, appropriate content, number of tags, 2

Page 3
popularity, etc.). A clever attacker may attempt to selectively replicate the database to reduce the search space and to use frequently occurring tags. Such an attack will also be evaluated