Turnstile is presented as “an easy-to-use, privacy-preserving alternative” to CAPTCHA. According to a press release, it will remove the interactive challenges used to authenticate people, which Cloudflare says normally take 32 seconds to pass, and reduce the entire process to one second.
An interaction-free test that reduces confirmation time to one second
Instead of presenting a user with a visual puzzle, Turnstile applies one of the many browser challenges it spins to search for human behavior, increasing the difficulty if a visitor exhibits “non-human behavior.” Turnstile uses JavaScript-based challenges that read the web browser environment for signals indicating that a person is entering the site, cycle through tests such as proof of work, proof of space and web API searches. It also uses machine learning models to compare previously successful challenges with new ones, speeding up the process.
While hardware keys can work well, they require that users always have access to them. So the company has also created a version that can ‘ask’ a trusted device (smartphone or otherwise) whether it is indeed not controlled by a bot.
Cloudflare’s Turnstile is now available in beta, free to use, and you don’t need to use the company’s other web services or send your traffic through its network. The process to set it up is detailed on Cloudflare’s website and involves replacing your current CAPTCHA JavaScript with one that calls the Turnstile API.