Cloudflare he said this week an ambitious new project called Turnstile, which seeks to replace the CAPTCHAs used across the web for verification.
It will be available to all sites free of charge, Cloudflare customers or not. Turnstile will give you the choice of a rotating suite of “browser challenges” to test whether a website's visitors are humans or bots.
CAPTCHAs, the challenge-response tests we all encounter when filling out forms, have been around for decades. But the rise of cheap labor, CAPTCHA bugs and automated solvers have begun to poke holes in the system.
Several websites offer human and AI-powered CAPTCHA solving services for as little as $0,50 per thousand CAPTCHAs solved, and some researchers claim that attacks using AI can solve CAPTCHAs used by the world's most popular websites.
For those who remember Cloudflare used to use CAPTCHA too. But according to CTO John Graham-Cumming, the company was never quite satisfied with that. In a conversation he had with TechCrunch, Graham-Cumming listed several disadvantages of CAPTCHA technology, such as accessibility (some disabilities can make it impossible to solve a CAPTCHA), culturality (CAPTCHAs require familiarity with objects such as taxi cabs USA) and the problems CAPTCHAs cause in mobile data plans.
Turnstile automatically selects a challenge for the browser based on "telemetry and user behavior during a session." Cloudflare states that it does not use other factors such as login cookies.
After running non-interactive JavaScript challenges to collect signals about the visitor and the browser environment and using artificial intelligence models to identify characteristics of visitors who have passed a challenge in the past, Turnstile adjusts the difficulty of the challenge to the request.