Cloudflare on CAPTCHAs: "it's time to end this madness"

by Mark Tyson on 17 May 2021, 11:11

Quick Link: HEXUS.net/qaeqle

Add to My Vault: x

Based on Cloudflare's data it takes the average person 32 seconds to complete a CAPTCHA challenge such as 'click on all the pictures with bicycles'. With 4.6 billion internet users worldwide and the typical person seeing a CAPTCHA once every 10 days this equates to an incredible headline on the Cloudflare blog asserting "Humanity wastes about 500 years per day on CAPTCHAs". For reference, CAPTCHA is an abbreviation of 'Completely Automated Public Turing test to tell Computers and Humans Apart'.

Unfortunately - due to the bad faith actors of the connected world - spammers, hackers and so on, CAPTCHAs are deemed necessary by some entities / organisations to save their online resources from misuse. One very contemporary reason I have been seeing more CAPTCHAs than ever is due to PC hardware shortages and their battles with scalpers. I've been faced with these 'are you human?' gateway pages when visiting places like Scan.co.uk, eBuyer, and so on recently.

Like most people I find CAPTCHAs irksome but while understanding their necessity it is good to hear that new technologies might be on the way, technologies that reduce the friction considerably. The Google 'noCAPTCHA reCAPTCHA' API seems to have faded – probably because Google decided to start charging for its use. But not to worry as Cloudflare is on the case…

On the Cloudflare blog Thibault Meunier boldly writes that "We want to get rid of CAPTCHAs completely". Meunier goes on to reason that "a real human should be able to touch or look at their device to prove they are human, without revealing their identity," and proposes the use of trusted USB keys (like YubiKey) to kick the time-consuming inspection of photos for fire hydrants into the bin of history.

Cloudflare asserts that you will be able to get through one of its 'Cryptographic Attestation of Personhood' tests in five seconds, with at most three clicks. It has tested the process using YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys - and they work on all browsers on all modern platforms (Android users are restricted to Chrome only for now). If you are concerned about privacy, Cloudflare says its system wants to make sure you are human, "but we're not interested in which human you are".

If you have one of the hardware keys mentioned above you can go and try the Cloudflare Challenge. I visited the site on my laptop with built-in fingerprint reader that is good for Windows Hello, but it threw up an error message after requesting I scan my fingerprint (like the exmaple above). Cloudflare says this is normal behaviour for this 'experimental project' as only USB or NFC security keys work today. Importantly, it is looking into "adding other authenticators as soon as possible," which would elevate its experiment from being mildly interesting to very interesting.



HEXUS Forums :: 31 Comments

Login with Forum Account

Don't have an account? Register today!
Given Google are the main supplier here, they aren't doing it for the good of your health.
They're massively useful for training machine learning algos though.
kalniel
They're massively useful for training machine learning algos though.

So that when the machines take over they know where we hide?
frozen-monkey
So that when the machines take over they know where we hide?

All I'll say is avoid stairs, bridges and pedestrian crossings.. ;)
Please select all squares with terminator T-2000s