I think we’re all familiar with the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test—the typical Internet user encounters one every 10 days. The test is meant to verify you as a human user (as opposed to a bot), but to be frank with you, I can’t even count the number of times that I’ve failed a CAPTCHA test due to a misclick. In fact, Cloudflare recently estimated that around 500 human years are wasted every single day—just to prove “humanity”.
The DNS experts recently shared an experimental verification method to “end this madness” and replace CAPTCHAs, unveiling a system that utilises trusted USB keys to help users prove… that they are human. In the future, Cloudflare says that phones and computers will come with this ability by default, too.
“Today marks the beginning of the end for fire hydrants, crosswalks, and traffic lights on the Internet.”
This system essentially supports a number of USB security keys (such as YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys), and relies on Web Authentication Attestation. This is basically an API that has already been implemented as a standard on many modern web browsers and operating systems, and it uses the cryptography capabilities of devices to authenticate users on the web.
Technical jargon aside, this is Cloudflare’s elevator pitch:
“The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.”
Cloudflare says that privacy is still at the forefront of their thinking, and the aim of the experimental method isn’t to know which human you are, merely that you are actually a human user. This means that the attestation process does not include biometric authentication, although Cloudflare still needs to know who the manufacturer of your device is to authenticate you.
However, Cloudflare admits that there is still room for error/abuse when it comes to its new system, such as the possibility of “automated button-pressing systems”. Something like a drinking bird mechanism could feasibly press a capacitive sensor, and essentially authenticate the system. Still, this would still be slower compared to professional CAPTCHA-solving services, and Cloudflare says that there are existing safeguards in place to mitigate the consequences here.
In any case, the project is still at the experimental stage, and only USB and NFC security keys work for now. You can try out the Cryptographic Attestation of Personhood here, and provide feedback here. Or, if you think you have the skills to help the team get rid of CAPTCHAs forever (that’s the dream, isn’t it), the Cloudflare team is actually hiring now.
So, what do you think?
[ SOURCE ]
TNB Electron turns on yet another EV charging location at one of TNB's own premises.…
GXBank recently marked its second anniversary with more than one million Malaysians onboard, cementing its…
Realme has just launched a new budget-oriented mid-range smartphone in Malaysia, the Realme C85 5G.…
This post is brought to you by sooka. sooka pulled a lively crowd to Pavilion…
Infinix has just announced its strategic partnership with Pininfarina for its upcoming flagship smartphones, revealed…
During Proton's Tech Showcase, the national carmaker has also highlighted its digital and connected automotive…
This website uses cookies.