Leader CDN Provider Cloudflare has released Turnstile, a free alternative to the “terrible user experience” currently offered by CAPTCHA services used by websites to verify authentic online users.
Turnstile’s announcement blog post (opens in a new tab)the company said its CAPTCHA alternative would also increase user privacy on the internet as websites using it would not have to provide user data to Cloudflare.
Cloudflare’s CAPTCHA replacement will use private access tokens that allow users of supported operating systems to prove their humanity “without completing a CAPTCHA or forgoing personal information.” The company had before announced in June 2022 (opens in a new tab) that iOS and macOS devices will be the first to take advantage of the technology when visiting sites hosted on the Cloudflare network.
Eliminating CAPTCHA
Cloudflare says it has already reduced the number of CAPTCHA users seen online by 91% with a Managed Challenge platform (opens in a new tab) gets more data from your web browser before deciding whether to display a CAPTCHA puzzle.
Turnstile opens up this platform to any website owner who wishes to use it. Migrating from an existing CAPTCHA system – such as Google’s reCAPTCHA, which is currently enjoying 98% market share (opens in a new tab) – is as simple as creating a Cloudflare account and replacing the HTML code.
At first glance, Turnstile is a fairer CAPTCHA system for several reasons.
For website owners, it provides an alternative to Google’s throttling of CAPTCHA services, although this will not affect Google’s overwhelming popularity as a search engine that can use reCAPTCHA technology for free to verify users.
For users, Cloudflare says Turnstile bypasses a serious breach of privacy that security researchers have been reporting Google is committed to the latest version of reCAPTCHA – weighing the presence of a proprietary cookie in the browser when deciding whether a user is malicious or not. He accuses Google of transferring the collected data to an advertising sales company, although Google denies this.
Verifying the importance of cookies can cause headaches to the users who use it firewalls to protect against cookie hijacking attacks where malicious cyber criminals try to use cookies to gain access to web applications. Users who simply delete their cookies regularly to avoid being tracked on the Internet also face difficulties when using reCAPTCHA.
Allowing the operating systems to help verify users before offering CAPTCHA puzzles to users should also make online browsing much less satisfying.
Being a privacy-focused solution aimed at improving user experience, it is now hard to see Cloudflare turnstile as something good.