Here is a new Alternative to CAPTCHA Called Turnstile

IT company Cloudflare, on September 28, announced its product Turnstile in a blog post as an alternative to the Fully Automated Public Turing Test to Differentiate Computers and People – commonly called CAPTCHA. According to Cloudflare, Turnstile not just saves and gives a better user experience but also improves data privacy.

The term CAPTCHA was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper, and John Langford of Carnegie Mellon University. It is a program that protects websites against bots.

If you are a frequent user of the internet, there is very little possibility that you might have missed CAPTCHA — those curvy, distorted letters and numbers that you need to identify and type in before you book a railway ticket, or those fire hydrants, boats, airplanes or bicycles you have to select from grids before moving forward on a website are all forms of CAPTCHA that make sure that the user accessing the website is a human and not a bot.

Cloudflare claims that, unlike CAPTCHA, Turnstile uses non-intrusive browser challenges, and browsed a pivoting suite. These challenges are based on telemetry (automatic collection and transmission of information remotely, for monitoring) and client behavior displayed during a session, instead of cookies like the login cookie.

In June 2022, the company declared the utilization of Private Access Tokens for some operating systems (OS), including recent versions of macOS and iOS. Users can prove that they are humans without finishing CAPTCHA if they are on an OS that supports Private Access Tokens.

Private Access Tokens work on the rule of requesting the device manufacturer to take care of parts of the approval process since they already possess part of the data expected to validate the device, thus not interrogating a device directly. These Private Access Tokens are incorporated into Turnstile. It has to look at some parts of session data, like headers, user agents, and browser characteristics, to validate users, but Private Access Token limits the amount of data collected (in cases of macOS and iOS, it asks Apple to validate the device).

Turnstile also incorporates machine learning (ML) models that detect common features among visitors who have previously passed a test, Cloudflare said.