Cloudflare's CAPTCHA Replacement Misses Crosswalks, Checkboxes, Google
Turnstile uses Cloudflare's Managed Challenge system, which draws on user behavior, browser data and, on Apple devices, private access tokens, to distinguish human visitors from bots and scripts. Cloudflare claims that its Managed Challenge system was able to reduce CAPTCHAs served to its customers' visitors by 91% over one year.
The Turnstile integrations run "a series of small, non-interactive JavaScript challenges" to investigate the visitor, including proof of work and space, web API research, and "various other challenges to detect quirks of the browser and human behavior", Cloudflare's post states. Challenges vary between visitors, and machine learning can update the model with common characteristics of visitors who have already passed a test. The user only briefly sees a "Verifying..." widget, then "Success!" »
"Google says they don't use this information for ad targeting, but ultimately Google is an ad sales company," Cloudflare's post reads.
Google bought reCAPTCHA in 2009 and used it early on to solve problems like scanning books, street view house numbers, and, as you probably guessed, identifying things like as stairs, palm trees, taxis, etc., in image recognition. tools. Cloudflare notes that the ubiquity of CAPTCHA is one of its strengths, as it has a stable and constantly updated base of resolution and behavior data to build on.
Google's reCAPTCHA offers an "invisible" mode in V2 since 2017 and a V3 that "will never interrupt your users". Most internet users still see their fair share of photo selection grids and anti-robot checkboxes, likely due to sites and developers not upgrading to newer versions or, potentially, seeming "suspects" of an unknown algorithm.
Cloudflare, originally a content delivery network that has grown into security, hosting, and nearly every other aspect of cloud computing, cites its mission to "help build a better Internet" like th...
What's Your Reaction?