If you have been on the internet then the thing called CAPTCHAs must have annoyed at least one time or the other. “Click on all the traffic lights” or those random upper case, lower case, numbers that you invariably get wrong to prove that you are a human and not a robot is something most people on the web are familiar with. CAPTCHAs, however, could be a thing of the past if Apple’s new Private Access Token feature becomes mainstream, according to a report by AppleInsider.
What is a CAPTCHA?
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a well-known security measure which is also known as challenge-response authentication. Generally, a CAPTCHA ‘test’ comprises two parts — numbers that look like a distorted image with random sequence of letters, and a text box. To prove you are human, you need to get the CAPTCHA code right. The idea is to to protect users from spam and the test proves that it is a human and not a computer that is attempting to break into a site or a password protected account.
What are Private Access Tokens?
At WWDC 2022, Apple gave developers a demo of Privacy Access Tokens. On its developer portal, Apple explained, “Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone’s identity. This proof can help you reduce how often you show CAPTCHAs to people. Apple has a developer challenge where it asks developers to test features on their servers and Privacy Access Token was one such feature at WWDC 2022.
What is the difference between Private Access Tokens and CAPTCHA?
When you use CAPTCHA, according to Cloudflare, the website you visit knows the URL, your IP, and some additional user agent data. Furthermore, the CAPTCHA provider knows what website you visit, your IP, your device information, collects interaction data on the page, and ties this data back to other sites where they have seen you. In other words, user data isn’t really safe.
With Private Access Tokens, the website knows only your URL and IP, which it has to know to make a connection. The device manufacturer knows only the device data required to attest your device, but can’t tell what website you visited, and doesn’t know your IP, explains Cloudflare.