Cloudflare, the content delivery network CDN and decentralized domain name resolution service DDNS provider, announced the launch of a verification API “Turnstile” to replace the CAPTCHA mechanism to identify the user of the website server as a human, so that humans can save 500 years of time to prove themselves every day. .
For a long time, websites have relied on a mechanism called “CAPTCHA (Automatic Turing Test to Distinguish Computers from Humans)” to identify visitors as humans and prevent robots from abusing service resources. However, Cloudflare pointed out that the CAPTCHA verification code is neither efficient nor respectful of privacy, and it takes humans the equivalent of 500 years every day, which is one of the reasons for slowing down the speed of the network.
In the past, the CAPTCHA verification code was judged by using distorted text and even multiple pictures. The purpose was to make it difficult for a computer to answer, but a human “should” be able to answer it easily. In fact, many CAPTCHA tests have already been cracked by hackers, and some, such as Google reCAPTCHA, collect visitor data. In addition, the assumption that normal humans can answer the CAPTCHA problem has also been criticized in terms of accessibility.
The verification API “Turnstile” launched by Cloudflare is an invisible verification method that uses some signals that someone is operating as a judgment standard. It starts with a series of small, non-interactive JavaScript challenges to gather more signals about the visitor and browser environment, including proof-of-work, proof-of-space, probing web APIs, and other challenges that sense browser characteristics and human behavior. The results are then used to adjust the difficulty of the question for a specific request, giving the bot harder challenge questions. Turnstile also used a machine learning model to sense common characteristics of visitors who had previously passed the test.
Completely free and simple steps to replace CAPTCHA
Using the Turnstile API is free, website developers only need to open a free account to get the website key and secret key, then copy some JavaScript code from the Cloudflare website to replace the original CAPTCHA code, and finally replace the old one with Cloudflare’s verification URL Verify URL is ready to use.
After switching to Turnstile, webmasters can also see verification statistics on Cloudflare to see how many people and bots visit each day.
Support for Apple Private Access Token
Apple announced at WWDC in June that iOS 16 added private access tokens to automatically authenticate users. Turnstile directly embeds the private access token, reducing the collection of data and automatically completing the verification work.
Cloudflare pointed out that the accuracy of Turnstile is similar to the previous CAPTCHA, and that after adopting this technology, Cloudflare itself has reduced the usage of CAPTCHA by 91%, and because of the use of non-conversational verification, past visitors spend an average of 32 seconds to verify Reduced to about 1 second with significant results.