In my book, CAPTCHAs are only second to pop-up ads when it comes to things that annoy me on the internet. Usually, both just pop up unexpectedly onto your screen when you are minding your own business and proceed to interrupt whatever it is you are doing. Now Cloudflare wants to get rid of them-they say they have something better. I doubt it.
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, quite the mouthful if you ask me. Somebody really wanted their acronym to spell the word CAPTCHA. They have evolved over the years and these days they involve you clicking on fire-hydrants, cross-walks (American for zebra-crossing), stairs (American for steps) and traffic lights (American for robots).
You often see CAPTCHAs when you submitting online forms. They serve as a way of preventing spam responses. In the early days, they involved you looking a deformed text and entering it into a textbox. Google has cleverly harnessed CAPTCHAs for their own profit. First, they started using CAPTCHAs to scan books into text and later on it was to train their AI to be able to identify objects.
Their developer-friendly reCAPTCHA API has been integrated with many projects too. It cleverly authenticates and certifies you as a human in the background most of the time. This means that for the bulk of the time you don’t even have to prove you are human. Once you prove you are human on one site you do not normally have to prove you are human on another site. If you are a VPN user, however, you will spend about 10% of your time solving CAPTCHAs.
Cloudflare says they have a better way
Cloudflare is a CDN and DDoS protection company. If you don’t know that means just think of them as being the company you see in error messages when some sites fail to load. They also make extensive use of CAPTCHAs to authenticate and ensure traffic to a given side is bona fide and not an attack.
They are proposing a new method to prove that you are human. It’s called Cryptographic Attestation of Personhood. They have launched a beta site here, where you can test it yourself. The system involves you entering a USB with a security key into your computer and touching it. Those who use Yubi Keys are familiar with this manner of authentication.
I cannot personally test the new system because I don’t have a supported USB key. However, those with the requisite hardware who have tried the system says it works like a charm. All you have to do is insert your USB, click the I am human button on the site, touch your USB key and you will be waived through. It surely sounds much nicer than staring at grainy images and clicking on robots (traffic lights as Google insists on calling them).
I am not sure this is the way though. I am already sick and tired of buying accessories in order to have a standard experience on my laptop and phone. This proprietary USB stick will just be another additional cost centre to me and again let me say I am sick of it all. Even if you can afford to buy a USB Security Key it means more money flowing out of poor countries like Zimbabwe going to Western behemoths that keep coming up with ways to siphon money out of pockets.
I am sure my sentiments are shared by countless others. There is a reason why not many people have a Yubi or FIDO key. I am almost certain that’s not going to change anytime soon. A piece of innovation that would depend on people purchasing even more hardware is bound to fail. I could be wrong but I doubt it.
Personally, I would rather spend a few minutes a week clicking at those horrible hydrant images than shell out US$45 to buy an overpriced USB stick. Knowing how Zimbabwean businesses operate those stick will probably sell for more than US$100 when they land.
2 comments
It’s an expensive a solution for a slightly irritating problem. Most of the world uses their phone to browse the and most people don’t have phones that support USB OTG not to mention the fact that US$45 would constitute a very high % of the price of their phone. So at best this is a niche product that is not relevant to most people. Basically a First World Solution to a Real World Problem.
Uh, you do realize this works with iPhones and Androids with their built-in secure elements, right? No extra hardware to buy. Maybe actually read the spec before having strong opinions about things you have little understanding of?