IT company announces Turnstile as an alternative to CAPTCHA

According to Cloudflare, Turnstile not only saves and provides a better user experience but also enhances data privacy.

Published - October 05, 2022 06:24 pm IST

Photo for representation

Photo for representation | Photo Credit: Bijoy Ghosh

IT company Cloudflare, on September 28, announced its product Turnstile in a blog post as an alternative to Completely Automated Public Turing Test to Tell Computers and Humans Apart – commonly called CAPTCHA. According to Cloudflare, Turnstile not only saves and provides a better user experience but also enhances data privacy.

The term CAPTCHA was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University. It is a program that protects websites against bots.

If you are a frequent user of the internet, there is very little possibility that you might have missed CAPTCHA — those curvy, distorted letters and numbers that you need to identify and type in before you book a railway ticket, or those fire hydrants, boats, aeroplanes or bicycles you have to select from grids before moving forward on a website are all forms of CAPTCHA that make sure that the user accessing the website is a human and not a bot.

Why Turnstile?

Cloudflare claims that, unlike CAPTCHA, Turnstile uses “non-intrusive browser challenges”, chosen from a rotating suite. These challenges are based on telemetry (automatic collection and transmission of data remotely, for monitoring) and client behaviour exhibited during a session, rather than cookies like the login cookie.

In June 2022, the company announced the use of Private Access Tokens for some operating systems (OS), including recent versions of macOS and iOS. Users can prove that they are humans without completing CAPTCHA if they are on an OS that supports Private Access Tokens.

Private Access Tokens work on the principle of asking the device manufacturer to take care of parts of the validation process since they already possess part of the data required to validate device, thus not interrogating a device directly. These Private Access Tokens are built into Turnstile. It has to look at some parts of session data, like headers, user agent, and browser characteristics, to validate users, but Private Access Tokens minimise the amount of data collected (in cases of macOS and iOS, it asks Apple to validate the device).

Turnstile also includes machine learning (ML) models that detect common features among visitors who have previously passed a challenge, Cloudflare said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.