February 24, 2024

Technology Websites

I Need Technology Websites Right

Why captchas are getting harder

That might solve some problems, but it would create others. The more complicated the challenge, the more cumbersome it is to do what you want to do on the web. And some approaches might shut some users out. “It’s actually really hard to build a challenge like this that is friendly to the whole human population,” Jess Leroy, senior director of product management at Google Cloud, wrote in an e-mail. “There are many reasons why something that may be obvious or easy to one person may be difficult to another.” Those include disabilities and cultural differences.

In the long term, we may see captchas abandoned altogether. Companies such as Google and Cloudflare have already quietly switched to “invisible” challenges, which monitor online fingerprints of human behavior, like cursor motions or browsing behavior, to differentiate a person from a bot. If these sorts of signals convince the software you are human, you won’t have to solve a captcha. 

This approach raises privacy concerns: such signals can allow advertisers and websites to track what you are doing online. An alternative could come from a coalition of companies, including Google, Fastly, Cloudflare, and Apple, that has developed a more privacy-friendly mechanism called Privacy Pass. Before we even open a browser and run into a captcha challenge, we perform numerous actions on our phones and computers—like unlocking them with our faces—that are hard for a bot to imitate. On a Privacy Pass–enabled website, our devices take all that information and attest for us—allowing us to skip the captcha altogether. This data never leaves your device and isn’t shared with the website. Apple calls these signatures Private Access Tokens (PATs) and already leaves the feature on by default on iPhones running at least iOS 16. 

Most captcha providers, like hCaptcha and Cloudflare, now support PATs as well. Cloudflare’s CTO, John Graham-Cumming, said in July that more than half of requests from iOS devices used PATs. Leroy says that Google’s Chrome and Android teams are “working on similar technologies.” 

But don’t expect captchas to disappear anytime soon. While Privacy Pass may prove a reliable alternative, captchas remain popular. Ting Wang, an information science and technology professor at Penn State University, predicts they will “continue to exist as a cheap, platform-­agnostic, and universal verification solution.”

Shubham Agarwal is a freelance tech journalist.