Cloudflare Wants To Kill CAPTCHAs For The Waste Of Time And Frustration They Cause
When you log onto a service, make a purchase, or do something else on the web, you have a decent chance of running into a CAPTCHA. Everyone knows what they look like, and it can be incredibly obnoxious: “Select all the buses. Click on bikes. Does this photo have traffic lights?” CAPTCHAs do not even work all the time, leading to even more frustration. Now, Cloudflare says it is time to “end this madness” by eliminating them entirely.
Secure CDN and DNS services provider Cloudflare posted a blog about CAPTCHAs and how they are the bane of human existence on the internet. Cloudflare did some quick napkin math, assuming it takes a user on average 32 seconds to complete a CAPTCHA, there are 4.6 billion global Internet users, and each user sees a CAPTCHA approximately once every ten days. With this data, they calculated that about 500 human years are wasted every single day on CAPTCHAs. Granted, you could reduce the time to complete a CAPTCHA, but we believe we see more CAPTCHAs than once every ten days, so the math makes sense.
To tackle this massive time wastage problem and the simple fact that people dislike CAPTCHAs, Cloudflare is launching an experiment to entirely eliminate CAPTCHAs. The premise revolves around the fact that “a real human should be able to touch or look at their device to prove they are human, without revealing their identity.” What is great is that this is already entirely possible with USB security keys such as YubiKey that have been around for some time. Furthermore, phones and computers are beginning to come equipped with this ability by default.
From the user’s perspective, the new experiment, called Cryptographic Attestation of Personhood, begins when a user accesses a website protected by the technology. The user is served a challenge where they are prompted to click a button and insert a security device. The user would then elect to use a Hardware Security Key and plugs it into their computer or taps it to their phone using NFC technology. After that, a “cryptographic attestation is sent to Cloudflare, which allows the user in upon verification of the user presence test.”
Cloudflare reports that this flow only takes five seconds, which is much faster than the former CAPTCHA. It also protects the user’s privacy “since the attestation is not uniquely linked to the user device.” While there is much going on in the background, this simple replacement for CAPTCHA will save time and frustration in the long run. Hopefully, we will begin to see more widespread usage of this in the near future. Until then, let us know what you think of CAPTCHAs and their replacement in the comments below.