UPDATED 12:20 EDT / SEPTEMBER 28 2022

APPS

Cloudflare releases Turnstile, an ‘invisible’ alternative to CAPTCHAs

CAPTCHAs, which force people to click buttons to prove they’re not robots in order to access web pages and services, often get in the way of getting to sites and services. To fix this, Cloudflare Inc. said today, it’s testing out a new solution named Turnstile that may do away with these frustrating visual puzzles with a simple snippet of code.

By now, everyone who has ever visited a web page has encountered a CAPTCHA. They’re the visual challenges that pop up that say “Prove you’re not a robot,” and either ask you to click a button or pick out all the red cars or click on the boats or crosswalks in a series of images. The objective is to prove that an actual human is on the other side of the screen.

As a “smart alternative” to CATCHAs, Turnstile tests the browser instead of the person and it does so by shifting through a set of different challenges that look for proof that the visitor is a human by poking at the software being used. At first, the challenges are simple, but behind the scenes is a machine learning model that works to detect “nonhuman” behavior that increases the challenges if the visitor behaves strangely.

Turnstile works invisibly using JavaScript so visitors are not aggrieved by something interactive that gets in their way and annoys them like traditional puzzle-solving CAPTCHAs. It begins by running a series of noninteractive tests on the browser that gather signals about the browser, such as proof-of-work and proof-of-space. It probes for web application programming interfaces and watches for human behaviors.

The technology behind Turnstile is an adaptation that powers the company’s “Managed Challenge,” which Cloudflare used to reduce the number of CAPTCHAs that it displays to visitors to its customers’ web pages. According to Cloudflare, it used the same technology to reduce the total number of visual puzzles annoying people down by 91%, with an objective of reaching 1% by the end of the year.

“By skipping the visual puzzle step for almost all visitors, we are able to reduce the visitor time spent in a challenge from an average of 32 seconds to an average of just one second to run our noninteractive challenges,” Cloudflare’s team said in a blog post.

By getting rid of CAPTCHAs, companies will also greatly reduce the number of people abandoning their websites, as Cloudflare discovered that visitors were 31% less likely to abandon pages using the new technology than with traditional CAPTCHAs.

The company also said Turnstile can take advantage of new private access tokens built into upcoming versions of macOS and iOS to reduce the amount of personalized data being sent, increasing security and privacy for users. Through collaboration with device manufacturers, Turnstile can validate users as humans without collecting or touching the data. That allows Cloudflare to minimize data collection while still validating devices.

Cloudflare has made it easy to implement Turnstile with just a line of code added to a website in place of the old CAPTCHA code. Users can implement it today by creating a Cloudflare account, navigating to the Turnstile tab and generating a site key and secret key, and getting the code.

Image: Cloudflare

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU