iOS 16 has a new Automatic Verification feature that can bypass CAPTCHA prompts by automatically and privately verifying a user’s device and Apple ID account via iCloud. The feature is designed to eliminate the need to tap on images of traffic lights or decipher squiggly text to prove that you are a real human being and not a robot.
Automatic Verification is limited to websites and apps that support Private Access Tokens, but adoption of the feature should get a big boost thanks to Cloudflare, which today announced that it is making a free API called Turnstile available to any website looking to eliminate CAPTCHAs — even if the website is not a Cloudflare customer.
Cloudflare explained how the technology works in a blog post:Private Access Tokens are built directly into Turnstile. While Turnstile has to look at some session data (like headers, user agent, and browser characteristics) to validate users without challenging them, Private Access Tokens allow us to minimize data collection by asking Apple to validate the device for us. In addition, Turnstile never looks for cookies (like a login cookie), or uses cookies to collect or store information of any kind. Cloudflare has a long track record of investing in user privacy, which we will continue with Turnstile.Turnstile is available in beta starting today via the Cloudflare dashboard or a sign-up form. As websites begin to adopt Turnstile, the prevalence of annoying CAPTCHAs across websites and apps will decrease over time.
Automatic Verification is enabled by default on iPhones running iOS 16 and can be found in the Settings app under Apple ID → Password & Security → Automatic Verification. The feature is also supported on iPadOS 16.1 and macOS Ventura, which both remain in beta testing and will be released in October, according to Apple.
(Thanks, Scott Buscemi!)
This article, “iOS 16 Feature for Bypassing CAPTCHAs Will Soon Work With Many More Websites” first appeared on MacRumors.com
Discuss this article in our forums