The story begins with a small man, named Jack of all Trades:
Once upon a time, there was a man named Jack of All Trades who owned a small e-commerce store that sold handmade crafts. Jack had heard about the benefits of using Cloudflare's Turnstile and Google's reCAPTCHA to protect his website from bots and other malicious activity.
Initially, Jack decided to use Goggle's reCAPTCHA as it was widely popular and easy to implement. However, he soon started receiving complaints from his users that the reCAPTCHA was difficult to solve and often resulted in them being blocked from accessing the website.
Feeling frustrated, Jack decided to switch to Cloudflare's Turnstile. With Turnstile, he was able to customize the challenge that users would face, and he found that his users were much happier with the experience. Additionally, Turnstile provided him with more granular control over the types of traffic allowed onto his website, helping to keep out malicious bots and other unwanted traffic.
One day, Jack received a notice from the data protection authorities that his website was being investigated for a possible data breach. The authorities had found that several of his users' personal information had been compromised, including their names, addresses, and payment information.
Despite being concerned, Jack was relieved to find out that the data breach had not originated from his website. The authorities traced the breach back to a third-party service that he had previously used, which had not taken adequate measures to protect their users' information.
Thanks to the protection provided by Cloudflare's Turnstile, none of his users' information was accessed by the malicious bots that had attempted to attack his website. This incident made Jack realize the importance of privacy and security for both his business and his users.
In the end, Jack continued to use Cloudflare's Turnstile for his website's security needs, knowing that it would help protect his users' privacy and sensitive information.
But what can, or cannot, Cloudflare Turnstile add to Jack's of all Trades story?
What they say, is this: There is no point in rehashing the fact that CAPTCHA provides a terrible user experience. It's been discussed in detail before on this blog, and countless times elsewhere. The creator of the CAPTCHA has even publicly lamented that he “unwittingly created a system that was frittering away, in ten-second increments, millions of hours of a most precious resource: human brain cycles.” We hate it, you hate it, everyone hates it. Today we’re giving everyone a better option.
Turnstile is our smart CAPTCHA alternative. It automatically chooses from a rotating suite of non-intrusive browser challenges based on telemetry and client behavior exhibited during a session. Cloudflare's talked in an earlier post about how they’ve used our Managed Challenge system to reduce our use of CAPTCHA by 91%. Now anyone can take advantage of this same technology to stop using CAPTCHA on their own site.
And they continue that: UX isn’t the only big problem with CAPTCHA, so is privacy?
While having to solve a CAPTCHA is a frustrating user experience, there is also a potential hidden tradeoff a website must make when using CAPTCHA. If you are a small site using CAPTCHA today, you essentially have one option: an 800 pound gorilla with 98% of the CAPTCHA market share. This tool is free to use, but in fact it has a privacy cost: you have to give your data to an ad sales company.
| Source | Percentage |
|---|---|
| Firewall and Bot Rules | 54.8% |
| IP Firewall | 18.6% |
| Security Level | 16.8% |
| DDoS | 6.3% |
| Rate Limiting | 1.7% |
| WAF Rules | 1.5% |
| Other | 0.3% |
According to security researchers, one of the signals that Google uses to decide if you are malicious is whether you have a Google cookie in your browser, and if you have this cookie, Google will give you a higher score. Google says they don’t use this information for ad targeting, but at the end of the day, Google is an ad sales company. Meanwhile, at Cloudflare, we make money when customers choose us to protect their websites and make their services run better. It's a simple, direct relationship that perfectly aligns our incentives.
-
The Little DevineProduct on sale$29.99 Inc GST -
Giggle with Goggle T-ShirtProduct on sale$72.00 Inc GST -
Connect 10W ~ 20W Power Wi-Fast Device ChargerProduct on sale$56.00 Inc GST
In short: reCaptcha? We hate it, you hate it, everyone hates it. reCaptcha is SO 2009! Today exist much better options (not to exclude Turnstile by the way)..
Less data collection, more privacy, same security?
In Turnstile's example, if following: Private Access Tokens are built directly into Turnstile. While Turnstile has to look at some session data (like headers, user agent, and browser characteristics) to validate users without challenging them, Private Access Tokens allow us to minimize data collection by asking Apple to validate the device for us. In addition, Turnstile never looks for cookies (like a login cookie), or uses cookies to collect or store information of any kind. Cloudflare has a long track record of investing in user privacy, which they will, supposedly as promised, continue with Turnstile.
Once you’ve deployed Turnstile, you can go back to the dashboard and see analytics on where you have widgets deployed, how users are solving them, and view any defined actions.
Why are they giving this away for free?
They are they and this is this. If this is who they are or if they are what this is there's a conflict between object and subject of this conversation. Or did we just get it wrong and it is who they are, this isn't, and what this is, they aren't? Not sure, but most be somewhere. Jack of all Trades rarely looses his glasses, which he needs to properly read. But if he does, as he did, then he knows where he lost them. The last time it was in a lake next to Quilpy, Australia. The glasses are still there where he lost them. Well in the mud.
While this is sometimes hard for people outside to believe, helping build a better Internet truly is, by the statement, Cloudflare's mission. This isn’t the first time they’ve built free tools that they think will make the Internet better, and it won’t be the last. It's really important to them.
So whether or not you’re a Cloudflare customer today, if you’re using a CAPTCHA, try Turnstile for free, instead. You’ll make your users happier, and minimize the data you send to third parties.
Visit this page to sign up for the best invisible, privacy-first, CAPTCHA replacement and to retrieve your Turnstile beta sitekey.
And hereby, we believed them. But only if for the moment. Try it.
Some parts of this record were rather combined, but not declined, from an excellent article from CloudFlare's Turnstile Team at BLOG.CLOUDFLARE.COM, here >
Interested in integrating Cloudflare's Turnstile with your website or a web application?
Look no more! At thelematics.com, a boutique digital agency, we're powered by CONNECT, 2u2 Web Technologies, and we will help you integrate Cloudflare Turnstile, a free service that protects your website from spam and abuse. Please note, a booked support session with our team will be required if you decide to use us to help you with the Turnstile.
Interested in integrating Cloudflare's Turnstile with your website or a web application?
Look no more! At thelematics.com, a boutique digital agency, we're powered by CONNECT, 2u2 Web Technologies, and we will help you integrate Cloudflare Turnstile, a free service that protects your website from spam and abuse. Please note, a support session with our team will be required only if you decide to use us to help you with the Turnstile.