Cloudflare recently made the audacious claim: We could all do something better with our lives than deciding which images contain pedestrian crossings or brake lights or clicking the “I’m not a robot” checkbox. Now, the cloud company is offering a free CAPTCHA alternative, the turnstile, available to anyone, Cloudflare customer or not, and specifically emphasizes Google’s role in the existing “prove you are human” hegemony.
Turnstile uses Cloudflare’s Managed Challenge system, which takes guidance from user behavior, browser data and, on Apple devices, private access tokens to distinguish human visitors from bots and scripts. Cloudflare says its Managed Challenge system was able to reduce 91 percent of the CAPTCHA served to visiting customers over the course of a year.
Cloudflare says that besides being annoying and wasting time, CAPTCHAs (which stands for “Fully Automated Public Turing Test to say Computers and Humans Apart”) are largely controlled by Google via the reCAPTCHA service. Google’s service announced in 2017 that it would become largely invisible in newer versions, using the same browser and Cloudflare’s humanity behavior guidelines it advertises to eliminate even the non-robot checkbox. One aspect of that proof that security researchers have apparently figured out: logging into a Google account.
“Google says it doesn’t use this information for ad targeting, but at the end of the day, Google is an ad sales company,” says the Cloudflare post.
Google bought reCAPTCHA in 2009 and used it early on to troubleshoot problems such as digitizing books, house numbers in Street View, and as you can probably guess, identifying objects such as stairs, palm trees, taxis, and the like in image recognition tools. Cloudflare notes that CAPTCHA’s ubiquity is one of its strengths as it has a constant, constantly updated resolution and behavior database to rely on.
Google reCAPTCHA offers an “invisible” mode in V2 from 2017 and V3 that “will never disturb users”. Most internet users still see their fair share of photo picker grids and anti-robotic checkboxes, possibly due to sites and developers not upgrading to newer versions – or potentially appearing to be “suspect” by an unknown algorithm.
Cloudflare, originally a content delivery network that evolved into security, hosting and just about every other aspect of cloud computing, cites its mission to “help build a better internet” as the reason it is giving away a free verification service. The company, whose reverse proxy service is used by around 20 percent of all sites, has recently made headlines due to a lengthy debate about the Kiwi Farms hate site opting out of and the decision not to pull out of Russia after it invaded Ukraine.