Filed in: General, Wed, Jan 26 2011 20:17 PT
That title looks a little confrontational, I know. But no, seriously. They’re actually looking for someone with the skills necessary to help make the most popular site on the web a little more accessible to its users.
Okay, there’s the good news. Here’s the bad: while they’re looking for that person, they’re also busy reinventing my greatest nemesis: the CAPTCHA. Now, at first blush, it might look like it’s not going to be that big of a deal. Reportedly, Facebook is rolling out a service that will display three images of one of a given user’s friends, and prompt them to select that friend’s name from a list. This will appear as a prompt to users who are exhibiting suspicious activity, in an attempt to keep hacked accounts from spamming others, for example.
I will admit that asking people to identify themselves by verifying knowledge of their social network has some significant upside potential.Â However, by pinning that knowledge on being able to see and recognize an image, a couple groups of people get screwed in this deal. First and foremost are blind and low-vision users, who would fail this test just as readily as they’d fail to recognize mangled patterns of numbers and letters. Given that most of these users have no chance of passing this test, they would presumably be locked out of their own accounts with no real recourse to regaining access. My fear is that the tenor of any subsequent screening would be similar to what one might expect of someone from Nigeria who just failed the same test: that is to say, not pleasant. (Another group I’m less concerned about is people like Robert Scoble, who famously hit up against Facebook’s 5000-friend limit, and who I’d bet dollars to donuts would fail a photo ID on 4/5 of those friends. No offense, Robert. I’m just playing the odds.)
What really worries me about this isn’t that it’ll be a failure, but that it’ll probably be a success. Facebook has all the information it needs to provide random information that tie users together. If that happens, it won’t be long before we start getting these kinds of searches on our Ticketmaster orders in place of CAPTCHAs. Companies would love that kind of certainty because it would reduce fraudulent transactions dramatically. But what makes that a win for Facebook and its partners would also make an already-huge problem for blind and low-vision users even bigger. From what I see here, there isn’t any way to fall back to another kind of test, and this is precisely the role an accessibility specialist needs to play inside Facebook.Â Somebody has to jump in at this stage and say, “hey, guys, I think you forgot something.”
This one’s a freebie. (By the way, does this count toward my community service? Man, I’ll never punchÂ that mascot again.)Â What I would say to them is that there is quite likely some other set of information that could be shared, that doesn’t require vision, but merely provide some kind of safeguard beyond the information that’s presently available. Provided the user’s email account hasn’t also been captured, something like a simple password reset could do the job. Failing that, Facebook needs at a minimum to provide a way for blind and low-vision users to contact a human being and prove their identity. That could be as simple as locking down access to a user’s private info once the account has been flagged as suspicious, and asking questions about that info. Sure, hackers could jump in and capture that information first, but once the more sophisticated hackers get wise to this new prompt, they’ll start capturing every friend’s photo as well. There’s no perfect security solution here, but we have to create some way to allow blind and low-vision users to protect themselves more or less equally.
Mind you, any blind user who’s created an account on Facebook has already had to defeat at least one CAPTCHA, which is another problem to solve, but remember that the user has no skin in the game on account creation. When your account may have been hacked, it’s critical, especially on a social networking site, to regain control of it as soon as possible to minimize the damage. (I wish I didn’t know as much about that feeling as I do. Thanks, Gawker.) So it’s important to the overall security of Facebook to ensure that legitimate users can retrieve their accounts quickly, irrespective of their sensory capabilities.
If you have the skills called for in Facebook’s job posting, let me know you’re interested and I can put you in touch (in confidence, if necessary) with someone there. I can’t think of an open position in accessibility that has a greater potential for one person to do a whole lot of good for a whole lot of people. And you will not want for design challenges.