Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use.

I’ve actually noticed this in some websites the past ~two months. It’s neat to have a captcha that finally doesn’t need slowly clicking images to pass through.

  • 30mag@lemmy.worldEnglish
    22·
    1 year ago

    For Turnstile, the actual act of checking a box isn’t important, it’s the background data we’re analyzing while the box is checked that matters. We find and stop bots by running a series of in-browser tests, checking browser characteristics, native browser APIs, and asking the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser.

      • Skull giver@popplesburger.hilciferous.nl
        12·
        1 year ago

        Cloudflare is rather late with this to be honest, Google has had interaction free reCAPTCHA for ages.

        User simulation is something these automated tools are designed to detect. It’s also why attempts to remove identification mechanisms are treated with more suspicion.

        For example, very few bots actually have real, usable GPUs, relying on software rendering instead. This can be detected and kept in mind with a bunch of other signals. Running Selenium on your desktop will make you hard to detect, but running it in the cloud (even when proxied through a botnet like the big scrapers) will make bots quite obvious.

        I think CAPTCHA is fighting a losing battle, and I think in the future remote attestation technology will determine whether you have access to certain websites or not. This technology has already been built into Safari and it’s on its way to becoming an internet standard, so I kind of expect CAPTCHAs to disappear in a couple of years.