Sydney, Australia, September 29, 2022 — Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced Turnstile, a simple, private way to replace CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and help validate humanity across the Internet. Now any site owner can replace CAPTCHAs through a simple API, whether they’re a Cloudflare customer or not.
CAPTCHA has long been regarded as a terrible user experience that sacrifices privacy by harvesting user data. They typically come in the form of a challenge that is meant to be difficult for a computer to pass but simple for a human, such as identifying stretched letters or numbers, or things like crosswalks or stop signs. It is estimated that collectively, humans waste 500 years a day trying to solve CAPTCHAs. In addition to being the speed bump of the Internet, the tests have been critiqued for their lack of accessibility, assuming all Internet users have the physical and cognitive capabilities to solve them. Privacy is also at risk; for example, Google’s reCAPTCHA, which dominates the market, may ask for users to log in to their Google account as a form of verification. No one should have to give up private information when simply trying to prove they are not a robot. Cloudflare’s solution is a drop-in replacement for reCAPTCHA that preserves the user’s privacy.
“Cloudflare is taking one of the most hated pieces of Internet technology, and making it easier, more secure, and more private for everyone to use,” said Matthew Prince, co-founder and CEO of Cloudflare. “Similar to our 220.127.116.11 app that makes every user and the Internet safer, we’re excited to share Turnstile with developers of any size and anywhere, for an improved and more private end user experience.”
How It Works
Turnstile is a smarter, invisible CAPTCHA alternative. The solution automatically chooses from a rotating suite of browser challenges that work behind the scenes, looking for signals there is a human user. Turnstile can fine-tune the difficulty of the challenge, presenting harder challenges to visitors that exhibit non-human behaviours. Additionally, Turnstile recognizes Private Access Tokens from users on the latest versions of macOS or iOS, allowing Turnstile to validate a device with the help of the device vendor, and without collecting, touching or storing user device data.
Turnstile now has the same stable solve rate as previously used CAPTCHAs. With this technology, Cloudflare reduced their own use of CAPTCHA by 91% and reduced the visitor time spent in a challenge from an average of 32 seconds to an average of just one second to run the non-interactive challenges. Turnstile is now available for any developer to use on their site, regardless of if they are a Cloudflare customer.
To learn more about Turnstile, visit our blog, and read more on Cloudflare’s innovation around CAPTCHAs:
- Announcing Turnstile, a user-friendly, privacy preserving alternative to CAPTCHA
- Private Access Tokens: eliminating CAPTCHAs on iPhones and Macs with open standards
- The end of the road for Cloudflare CAPTCHAs
Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Seattle, WA, Washington, D.C., Toronto, Dubai, Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo.
This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Turnstile and Cloudflare’s other products and technology, the potential benefits to customers of using Turnstile and Cloudflare’s other products and technology, the timing of when Turnstile and the various features included in Turnstile will be available in beta form, or generally available, to current and potential Cloudflare customers, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form
10-Q filed on August 4, 2022, as well as other filings that Cloudflare may make from time to time with the SEC.
The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.