Not sure how I feel about it. Feels a bit dystopian for Apple to decide if I’m a human or not, as long as I pay the Apple tax?
I just imagine some video cams with robotic fingers attached to a device and automate browsing this way? sounds viable and there must already be some device farms even with human operators?
Cloudflare is working on getting other platforms on board. There are no perfect solutions, and I think this is better than deciding whether one is human based on whether they can see or hear.
Thanks for bringing in an extra perspective. I think I may have come across too negative. I initially felt excited about it, I hate captchas and deal with bots frequently and hate them even more. It’s all a trade-off, and this one seems a reasonable one at the moment. Yet I think we need to be careful not to take it too far. If my device manufacturer decides if I’m legit for me, and the largest proxy decides to cut me off based on that decision, that’s a pretty scary thought.
Like any attestation scheme, it doesn't prove anything about the humanity of the button-presser, only that software, hardware, or flesh triggered an action in iOS.
8 comments
[ 10.7 ms ] story [ 493 ms ] threadI just imagine some video cams with robotic fingers attached to a device and automate browsing this way? sounds viable and there must already be some device farms even with human operators?
hCaptcha's announcement goes into a bit more detail on the tradeoffs: https://www.hcaptcha.com/post/announcing-support-for-private...
The main benefit over traditional hardware attestation is that RSA blinding is used to avoid linkability to a single device.