Leading CDN provider Cloudflare has launched Turnstile, a free alternative to the "terrible user experience" currently offered by CAPTCHA services used by websites to verify genuine users online.
Announcing Turnstile in a blog post (opens in a new tab), the company claimed that its CAPTCHA alternative will also increase user privacy on the web because sites that use it won't have to provide user data to Cloudflare.
Cloudflare's CAPTCHA replacement will use private access tokens, which allow users of supported operating systems to prove their humanity "without completing CAPTCHAs or submitting personal data." The company previously announced in June 2022 (opens in a new tab) that iOS and macOS devices would be the first to benefit from the technology when visiting sites hosted on Cloudflare's network.
Remove the CAPTCHA
Cloudflare claims to have reduced the number of CAPTCHA users viewed online by 91% by using a managed challenge platform(opens in a new tab) that pulls more data from a web browser before deciding whether or not to offer a CAPTCHA puzzle .
Turnstile opens up this platform to any website owner who wants to use it. Migrating from an existing CAPTCHA system, such as Google's reCAPTCHA, which currently enjoys a 98% market share (opens in a new tab), is as easy as creating a Cloudflare account and redeeming the HTML code.
At first glance, Turnstile is a fairer CAPTCHA system for several reasons.
For website owners, it offers an alternative to Google's stranglehold on CAPTCHA services, though this doesn't affect Google's staggering popularity as a search engine, where it's free to use its reCAPTCHA technology to verify users.
For users, Cloudflare says Turnstile avoids a serious privacy breach that security researchers say Google is committing with the latest version of reCAPTCHA, by weighing the presence of a first-party cookie in a browser when deciding whether a user is malicious or not He accuses Google of passing the collected data to his ad-selling business, though Google denies this.
Checking the weight of cookies can cause headaches for users who use firewalls to protect against cookie hijacking attacks, in which malicious actors attempt to use cookies to gain access to web applications. Users who simply clear their cookies regularly to avoid being tracked across the internet also have a hard time using reCAPTCHA.
Allowing operating systems to help verify users before they are presented with CAPTCHA puzzles should also make the online browsing experience much less harsh in the future.
Being a privacy-focused solution meant to improve the user experience, it's hard to see Cloudflare's turnstile as anything more than a good thing right now.