Captcha, a less frustrating version is possible

Captcha, a less frustrating version is possible


There is a specific, unique and nerve-wracking anger that arises when we are asked to click on every box that contains a crosswalk, only to be told we missed one because a tiny corner had ended up in an adjacent box. The fury unleashed by captchas is a feeling that has been common to all web users for years despite the importance of these tools, which serve to prevent bots from carrying out fraud and other abuses. Google's ReCaptcha, the leading system for implementing these controls, introduced a version in 2018 that leverages machine learning to verify behind the scenes that users are indeed human beings and gradually eliminate confusing letters and grids full of traffic lights. But now the internet infrastructure company Cloudflare has presented a new version of the captcha.

Like reCaptcha, the new Cloudflare alternative, called Turnstile, is free and you don't need to be a customer of the company to add it to your site . Turnstile - "turnstile" in English - is based on a tool called the Cloudflare Managed Challenge that the company introduced for its services in April. When solving a captcha, users are basically completing a "challenge" to prove they are not bots. Managed Challenge, on the other hand, runs quick checks on browser behavior and other telemetry in the background to determine that the user is really a human being, without asking them to do or prove anything. Just in case he is not sufficiently convinced then Cloudflare's system presents users with a "more difficult challenge" or puzzle to solve only if they are not sufficiently convinced of their humanity. Managed Challenge also constantly tests different types of puzzles to find the least frustrating options for users.

How Turnstile works

Anyone can now implement Turnstile for free through an application programming interface (API). You can set the system to complete challenges on its own that are not displayed, or have it show the user a button to click to prove that you are a person and not a bot. Unlike Managed Challenge, Turnstile never shows particularly complicated challenges or Captchas.

"If a person walked down the street next to a robot, even without asking questions, it would be possible to understand that it is not a human being simply by watching it pass - explains John Graham-Cumming, Cloudflare's chief technology officer -. Turnstile can do the same with the information that our computer sends to the website you are accessing, which may indicate the web browser or the type of device used. A machine that attempts to impersonate a human user often does not get everything right: there is usually something 'weird' about your login request. "

Invisible challenges include, for example, complex equations that devices must solve. Turnstile has data on the time taken by different devices, for example a Macbook Air or a Samsung Galaxy, to solve a given challenge. A device that claims to be a Samsung Galaxy S22 but solves the challenge much quicker than it should be able to, could be an indication that the request is actually coming from an automated system run by a data center. br>

Focus on privacy

Captchas are an important defense of security across the web. Cloudflare said Turnstile is also particularly concerned with protecting privacy. The tool examines some information relating to the browser session, such as the characteristics of the aforementioned and the data of the rendering mechanisms of the sites, but does not control advertising cookies or access cookies. In addition, the company plans to outsource data review as much as possible to minimize the amount of personal information that Cloudflare sees. For example, Turnstile will check for Apple's Private access tokens, launched this year as a tool to prove a user is human and reduce the use of captchas.

Researchers have found in recent years that among methods used by reCaptcha, the Google system, to determine if a user is a human being there is the presence of a Google login cookie. Google denies that reCaptcha data is used for purposes other than challenges, but some have pointed out that the information could be used to fuel targeted advertising campaigns. Cloudflare claims that since it launched Managed Challenge it has drastically reduced the number of captchas: "Before the introduction of Cloudflare Managed Challenge, if we believed that a visitor was a bot and our client wanted us to confirm it, then we would give him a Captcha - says Graham-Cumming - After the introduction the number was reduced to 9 percent, and today it has dropped further, to 3 percent. "

The company adds that previously users employed on average thirty-two seconds to resolve the captchas on their sites. Since the Managed Challenge was implemented, the average wait time is one second thanks to the silent, behind-the-scenes challenges offered by the new feature. In Cloudflare's dashboard, the captcha option is now called Legacy Captcha, which the company says "more accurately describes what Captcha is: an outdated tool or tool that we don't believe should be used."

Turnstile it's part of a wider tech industry effort to rethink captchas and make them less frustrating for users. And while reCaptcha's ubiquity and familiarity may hinder the adoption of new alternatives, the time may be ripe for the entry of a new operator, especially if it doesn't make you want to throw your computer away.

This article originally appeared on US.

Powered by Blogger.