New API removes the need for CAPTCHAs by working behind the scenes to confirm a human is present during a web interaction
Cloudflare has announced Turnstile, a simple, private way to replace CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and help validate humanity across the Internet. Now any site owner can replace CAPTCHAs through a simple API, whether they’re a Cloudflare customer or not.
CAPTCHA has long been regarded as a terrible user experience that sacrifices privacy by harvesting user data. They typically come in the form of a challenge that is meant to be difficult for a computer to pass but simple for a human, such as identifying stretched letters or numbers, or things like crosswalks or stop signs. It is estimated that collectively, humans waste 500 years a day trying to solve CAPTCHAs. In addition to being the speed bump of the Internet, the tests have been critiqued for their lack of accessibility, assuming all Internet users have the physical and cognitive capabilities to solve them. Privacy is also at risk; for example, Google’s reCAPTCHA, which dominates the market, may ask for users to log in to their Google account as a form of verification. No one should have to give up private information when simply trying to prove they are not a robot. Cloudflare’s solution is a drop-in replacement for reCAPTCHA that preserves the user’s privacy.
“Cloudflare is taking one of the most hated pieces of Internet technology, and making it easier, more secure, and more private for everyone to use,” said Matthew Prince, co-founder and CEO of Cloudflare. “Similar to our 1.1.1.1 app that makes every user and the Internet safer, we’re excited to share Turnstile with developers of any size and anywhere, for an improved and more private end user experience.”
How It Works
Turnstile is a smarter, invisible CAPTCHA alternative. The solution automatically chooses from a rotating suite of browser challenges that work behind the scenes, looking for signals there is a human user. Turnstile can fine-tune the difficulty of the challenge, presenting harder challenges to visitors that exhibit non-human behaviors. Additionally, Turnstile recognizes Private Access Tokens from users on the latest versions of macOS or iOS, allowing Turnstile to validate a device with the help of the device vendor, and without collecting, touching or storing user device data.
Turnstile now has the same stable solve rate as previously used CAPTCHAs. With this technology, Cloudflare reduced their own use of CAPTCHA by 91% and reduced the visitor time spent in a challenge from an average of 32 seconds to an average of just one second to run the non-interactive challenges.
Turnstile is now available for any developer to use on their site, regardless of if they are a Cloudflare customer.