I think we’re all familiar with the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test—the typical Internet user encounters one every 10 days. The test is meant to verify you as a human user (as opposed to a bot), but to be frank with you, I can’t even count the number of times that I’ve failed a CAPTCHA test due to a misclick. In fact, Cloudflare recently estimated that around 500 human years are wasted every single day—just to prove “humanity”.
The DNS experts recently shared an experimental verification method to “end this madness” and replace CAPTCHAs, unveiling a system that utilises trusted USB keys to help users prove… that they are human. In the future, Cloudflare says that phones and computers will come with this ability by default, too.
“Today marks the beginning of the end for fire hydrants, crosswalks, and traffic lights on the Internet.”
This system essentially supports a number of USB security keys (such as YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys), and relies on Web Authentication Attestation. This is basically an API that has already been implemented as a standard on many modern web browsers and operating systems, and it uses the cryptography capabilities of devices to authenticate users on the web.
Technical jargon aside, this is Cloudflare’s elevator pitch:
“The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.”
Cloudflare says that privacy is still at the forefront of their thinking, and the aim of the experimental method isn’t to know which human you are, merely that you are actually a human user. This means that the attestation process does not include biometric authentication, although Cloudflare still needs to know who the manufacturer of your device is to authenticate you.
However, Cloudflare admits that there is still room for error/abuse when it comes to its new system, such as the possibility of “automated button-pressing systems”. Something like a drinking bird mechanism could feasibly press a capacitive sensor, and essentially authenticate the system. Still, this would still be slower compared to professional CAPTCHA-solving services, and Cloudflare says that there are existing safeguards in place to mitigate the consequences here.
In any case, the project is still at the experimental stage, and only USB and NFC security keys work for now. You can try out the Cryptographic Attestation of Personhood here, and provide feedback here. Or, if you think you have the skills to help the team get rid of CAPTCHAs forever (that’s the dream, isn’t it), the Cloudflare team is actually hiring now.
So, what do you think?
[ SOURCE ]
Visitors heading to Plaza Mont Kiara can now charge up their EV with the latest…
EVPower has turned on a total of 4x EV Charge Points at Institut Jantung Negara…
Aside from the Poco C81 Pro, the Xiaomi sub-brand has also launched a budget tablet,…
Qualcomm has officially unveiled its Snapdragon X2 Series platform in Malaysia. The new series expands…
Poco has launched its latest budget smartphone, the Poco C81 Pro, in Malaysia. With a…
Ever wished you could just tap in with your credit card at an MRT or…
This website uses cookies.