Sep 29, 2022 11:05:00

Cloudflare releases 'Turnstile' instead of CAPTCHA, what is the mechanism to test the browser instead of the user and determine whether it is a bot?

'

CAPTCHA ' is a system that distinguishes between humans and bots by letting you enter intentionally distorted character strings or choose a specified photo. Content delivery network provider Cloudflare has released an open beta version of Turnstile , an alternative to this CAPTCHA.

Announcing Turnstile, a user-friendly, privacy-preserving alternative to CAPTCHA
https://blog.cloudflare.com/turnstile-private-captcha-alternative/

Cloudflare's Turnstile is its next CAPTCHA replacement to determine you're human - The Verge
https://www.theverge.com/2022/9/28/23367035/cloudflare-turnstile-captcha-bot-blocker-beta

CAPTCHA is often placed just before accessing the service, and it is necessary to select a photo or enter a character string each time, and the annoyance greatly impairs the user experience, says Cloudflare. Also, the creator of CAPTCHA himself lamented that ``I have created a system that unknowingly wastes millions of hours of the human brain cycle, which is the most valuable resource,'' and dislikes CAPTCHA. exist in large numbers.

That's why Cloudflare announced Turnstile. Instead of presenting users with visual puzzles, Turnstile challenges many web browsers to look for ``human behavior'' and increases the difficulty if the user exhibits ``inhuman behavior.'' something like. It uses JavaScript-based challenges to read the web browser environment, look for quirks in browser behavior, and cycle tests such as proof-of-work, proof-of-spatial, and web API probes.

It also utilizes machine learning models to compare new challenges to past successful challenges, speeding up the process of passing. According to Cloudflare, CAPTCHA took an average of 32 seconds to complete the task and complete authentication, but using Turnstile shortened it to just 1 second.

Additionally, Cloudflare claims that Turnstile is better for privacy than CAPTCHA. CAPTCHAs usually determine if the user's browser has a cookie issued by Google. Google says it doesn't use information about this cookie to target ads, but Cloudflare considers it unreliable, saying, 'Google is an ad sales company after all.'

The `` Private Access Token '' announced by Apple in June 2022 is a function for bypassing CAPTCHA on iOS 16, etc., and the original technology was developed in cooperation with Cloudflare and Google. Turnstile incorporates this private access token and asks Apple to verify the device to minimize data collection. In addition, Cloudflare declares that 'cookies are not used to collect or store any kind of information.'

This isn't the first time Cloudflare has tried to eliminate CAPTCHAs. In 2021, Cloudflare has declared that it will “eliminate CAPTCHAs completely” and is creating hardware-enabled authenticators using USB-based physical keys like the YubiKey and FIDO key .

Cloudflare announces complete departure from `` CAPTCHA madness '' and proposes a system that uses physical security keys - GIGAZINE

Turnstile is available as a beta version at the time of writing, and anyone can use it for free without using other services provided by Cloudflare or sending traffic to Cloudflare's network. Cloudflare said, ``It may be hard for others to believe, but helping build a better internet is our true mission. Turnstile is not the first to create free tools to make the internet better. And it won't be the last time,' he said.