No more reCAPTCHAS: Cloudflare launches alternative to prove that you are not a robot

If you are tired of images of traffic lights or boats to verify that you are not a bot, Cloudflare  already has an alternative in mind.


Cloudflare , one of the largest content delivery companies on the Internet.

It has announced a new CAPTCHA technology  called Turnstile so that a user can prove to a website that they are not a robot. With this alternative, the selection of images of bridges, traffic lights, cars and the like will not be necessary for a page to detect automated bots .

The “Fully Automated Public Turing Test to Tell Computers From Humans” ( CAPTCHA ) has become a necessary system for websites to prevent the presence of bots. However, authenticating your identity is still very annoying for most Internet users.

What is Turnstile and how does it work?

At first glance, Turnstile  is a simple widget embedded in a web page that displays a “verifying…” message for a few seconds before displaying “success!” without having to choose photos of boats or bridges. However, what happens behind this technology is somewhat more complex.

Turnstile is defined as a new online demonstration technology of the human condition and is based on the use of Cloudflare ‘s Managed Challenge system so that a website can distinguish human visitors from bots and scripts that try to invade it. To do this, it can perceive and collect ‘signals’ of user behavior, data from the browser used and private access tokens in the case of iOS apps.

Cloudflare mentions that using this new technology it was able to reduce the number of CAPTCHAS displayed to visitors to its clients’ web pages by 91% during 2021. Turnstile runs “a series of small non-interactive JavaScript challenges ” that investigate the visitor also adding a “proof of work, exploration of web APIs and other challenges to detect peculiarities of the browser and human behavior” .

The system determines the appropriate challenges for the visitor and is able to learn thanks to machine learning , thus updating its criteria by incorporating common characteristics of users who have gone through the tests before.

A non-Google alternative

While Turnstile seeks to please users who are fed up with images of traffic lights and boats, the main reason Cloudflare wants to put this system in place is because they don’t trust Google ‘s reCAPTCHA .

“Using this tool ( reCAPTCHA ) is free but it actually comes at a cost to privacy: you have to provide your data to an advertising sales company. According to security researchers, one of the signals that Google uses to decide if you are malicious is to check if you have a Google cookie in your browser. If you do, Google will give you a higher score. Google denies that they use this information for advertising purposes, but Google is ultimately an advertising sales company ,” the firm said.

Cloudflare mentioned that those webmasters who wish to apply Turnstile to their pages can do so for free as a customer or not by doing the following:

  • Create a Cloudflare account and go to the “Turnstile” tab on the navigation bar to get a Site Key and Secret Key.
  • Copy the Cloudflare JavaScript from the control panel and paste it in the space of your JavaScript CAPTCHA above.
  • Update the server-side integration by replacing the old siteverify URL with the Cloudflare URL .