Super Follows and Ticketed Spaces

Cloudflare wants to end Captcha and thus rid us of one of the heaviest aspects of the Internet




Cloudflare is testing security keys to eventually eliminate one of the heaviest aspects of surfing the Internet: Captcha. These systems that you often find on web pages are used to catch bots crawling websites. They tell you to look at images divided into squares and select those fractions where a specific object appears (cars, traffic lights ...).


To highlight the amount of time that is wasted with these tests, Cloudflare said it has done calculations on it. Their conclusions: if we spend an average of 32 seconds to complete a Captcha, if we have to do one of these tests every 10 days and on the Internet there are 4.6 billion Internet users worldwide, approximately 500 human years are lost every day - just to demonstrate our humanity".




In the words of the leader of this project against Captcha within Cloudflare, Thibault Meunier, this is "crazy."



The solution: security keys that prove that we are human




Firefox Xdpgbp8qdc




The idea of ​​Cloudflare is that you can use security keys as a way to show that we are human. The tests it performs are of a system that will also waste time, but it is estimated that only five seconds at a time.



According to Meunier, Cloudflare is going to start with security keys like the YubiKey range, HyperFIDO keys, and Thetis FIDO U2F keys. They are physical authentication devices such as a "cryptographic attestation of the person". It works like this. A user is questioned on a website about whether he is human or not. The user would click a button and is then asked to use a security device to prove their identity.



A hardware security key would then be plugged into the PC (USB) or touched a mobile device that can be connected to computers via wireless NFC and a cryptographic certificate is sent to the website. For Cloudflare, in addition to saving time, its system "protects the privacy of users, since the attestation is not tied exclusively to the user's device."




Pmjnwohczn




According to the Meunier, "all device manufacturers that Cloudflare relies on are part of the FIDO Alliance. As such, each of these hardware devices shares its identifier with others manufactured in the same batch. From Cloudflare's perspective, your key looks like all the other keys in the lot. "



The test being performed is based on the Web Authentication Attestation API (WebAuthn). Everyone browsers on Ubuntu, macOS, Windows and iOS 14.5, as well as Chrome on Android v.10 +, they are supported.



Cloudflarechallenge.com can be accessed to test the system.