Cloudflare wants to get rid of CAPTCHAs for good
No more fire hydrants and traffic lights
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
LeadingCDN providerCloudflare has released Turnstile, a free alternative to the “terrible user experience” currently offered by CAPTCHA services used by websites to verify authentic users online.
Announcing Turnstile in ablog post, the company claimed its CAPTCHA alternative would also increase user privacy on the web, as sites using it won’t have to provide user data to Cloudflare.
Cloudflare’s CAPTCHA replacement will use Private Access Tokens, which allow users on supportedoperating systemsto have their humanity proved for them “without completing a CAPTCHA or giving up personal data”. The company had previouslyannounced in June 2022that iOS and macOS devices would be the first to benefit from the tech when visiting sites hosted on Cloudflare’s network.
Eliminating CAPTCHA
Cloudflare says it has already reduced the number of CAPTCHAs users seen online by 91% using aManaged Challenge platformthat draws more data from a web browser before deciding whether or not to serve up a CAPTCHA puzzle.
Turnstile opens this platform up to any website owner who wishes to use it. Migrating from an existing CAPTCHA system - likeGoogle’s reCAPTCHA, which currently enjoys a98% market share- is as simple as creating a Cloudflare account and swapping out HTML code.
On the face of it, Turnstile is a fairer CAPTCHA system for several reasons.
For website owners, it offers an alternative to Google’s stranglehold on CAPTCHA services, although this won’t impact Google’s staggering popularity as a search engine, where it is free to use its reCAPTCHA tech to verify users.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
For users, Cloudflare claims that Turnstile sidesteps a severe privacy violation that security researchers sayGoogle commits with the latest version of reCAPTCHA- weighing the presence of a proprietary cookie in a browser while deciding if a user is malicious or not. It accuses Google of passing the collected data to their ad sales business, although Google has denied this.
Cookies weighting verification may cause headaches for users who are usingfirewallsto protect against cookie hijacking attacks, whereby malicious threat actors attempt to use cookies to gain access to web applications. Users who simply delete their cookies regularly to avoid being tracked across the internet also face difficulty using reCAPTCHA.
Check out our list of the best VPN services right now>Apple’s heard your screams: iOS 16 will complete captchas for you>Even CAPTCHAs aren’t safe from hackers any more
Allowing operating systems to help verify users before users are served up CAPTCHA puzzles should also just make the online browsing experience far less grating going forward.
Being a privacy-focused solution aimed at improving user experience, it’s hard to see Cloudflare’s Turnstile as anything but a good thing right now.
Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.
This new malware utilizes a rare programming language to evade traditional detection methods
Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
