iOS 16: CAPTCHA bypass feature will soon be improved
The functionality of iOS 16 to bypass CAPTCHAs, these codes to type manually on websites, could soon work before more websites thanks to Cloudflare.
It has now been several weeks since Apple rolled out iOS 16 to compatible iPhones. This new update has brought many features of all kinds, but above all the possibility for Internet users to bypass CAPTCHAs to save a few seconds on certain applications or websites.
For this, Apple has basically partnered with the two major content delivery networks that most modern websites use to verify whether the user is human or not, Fastly and Cloudflare. When you land on a compatible website that would normally ask you to fill out a CAPTCHA to verify if you are human, your iPhone can respond for you with what Apple calls private access tokens. These will prove that you are trustworthy, and you will no longer have to enter indecipherable text or select images to show that you are human.
Bypassing CAPTCHAs may soon work on more websites
Cloudflare has just announced the arrival ofa free “Turnstile” API for businesses so their websites and apps can eliminate CAPTCHAs on devices that have built-in features like iOS 16 automatic verification.
Turnstile will use Cloudflare’s Managed Challenge system, which relies on user behavior, browser data and, on Apple devices, private access tokens, to distinguish human visitors from bots and scripts. Cloudflare claims that its Managed Challenge system has reduced the CAPTCHAs displayed to its clients’ visitors by 91% in one year.
The system therefore automatically performs one of the many ” non-intrusive browser challenges based on telemetry and client behavior during a session “. The latter takes place in the background while the user sees a verification animation on the web page. Contrary to reCAPTCHA, a similar solution from Google that involves sharing its data with the company, Turnstile uses data it has access to through collaborations with device manufacturers to perform the validation. Cloudflare can therefore “ confirm data without collecting, touching or storing it “.