- Cloudflare wants to replace the current CAPTCHA system across the internet.
- Instead of clicking on image boxes of a bus, you will need to touch or look at a device.
- This new system will need an extra piece of hardware though.
If you are reading this, chances are you have visited most websites on the internet. Some of these websites cannot identify if you are a human. So, in the most ironic way, the website asks you to prove you are a human by tapping on image boxes with a traffic light or a bus or a tractor, and whatnot. These are called CAPTCHAs, short for Completely Automated Public Turing test to tell Computers and Humans Apart. Cloudflare is now set to replace CAPTCHAs across the entire internet.
Cloudflare is the DNS service provider for a major portion of websites on the internet. It is also the company that tells you why a website will not open on your device because of some security reason. And because the company is so much involved in the internet, it wants to change the way we, humans, prove that we are not robots.
According to Cloudflare, the current CAPTCHA system is a bit cumbersome and most people find it annoying. Remember that CAPTCHA that you failed to pass because you failed to see a portion of the traffic light in a separate box. Moreover, most users may not be familiar with the object to point out in CAPTCHA just because they are not culturally aware of them.
"CAPTCHAs are effectively businesses putting friction in front of their users, and as anyone who has managed a high-performing online business will tell you, it's not something you want to do unless you have no choice," Cloudflare said in a blog post.
So, if not CAPTCHAs, then what? Cloudflare says it wants to bring a new system that would require a human to verify themselves by touching or just looking at a device. This system may be called Cryptographic Attestation of Personhood. Now, this system would require certain hardware partners, like YubiKeys, because a physical device is involved. Cloudflare has even put up a website that lets you test your physical device with a security key right away.
This is how the Cryptographic Attestation of Personhood would work:
- The user accesses a website protected by Cryptographic Attestation of Personhood, such as cloudflarechallenge.com.
- Cloudflare serves the challenge.
- The user clicks "I am human (beta)" and gets prompted for a security device.
- The user decides to use a Hardware Security Key.
- The user plugs the device into their computer or taps it to their phone for wireless signature (using NFC).
- A cryptographic attestation is sent to Cloudflare, and it allows the user to pass through after verification.
Cloudflare's solution makes a lot of sense and saves time, even though it requires an extra piece of hardware that would cost some money. The current web-powered human verification system may be annoying, but it is cost-effective. Cloudflare has also shared some insights about CAPTCHAs. There are 4.6 billion internet users in the world. It takes an average of 32 seconds for a user to complete a CAPTCHA, according to Cloudflare, and that an average internet user sees one CAPTCHA in around 10 days. And using this math, Cloudflare managed to find out that around 500 human years are wasted every single day.