iOS 16 Will Let iPhone Users Bypass CAPTCHAs in Supported Apps and Websites

[MacRumors]

Tapping on images of traffic lights or deciphering squiggly text to prove you are human will soon be a much less common nuisance for iPhone users, as iOS 16 introduces support for bypassing CAPTCHAs in supported apps and websites.

The handy new feature can be found in the Settings app under Apple ID > Password & Security > Automatic Verification. When enabled, Apple says iCloud will automatically and privately verify your device and Apple ID account in the background, eliminating the need for apps and websites to present you with a CAPTCHA verification prompt.

Apple recently shared a video with technical details about how the feature works, but simply put, Apple's system verifies that the device and Apple ID account are in good standing and presents what is called a Private Access Token to the app or website. This new system will offer a better user experience for tasks such as signing into or creating an account, with improved user privacy and accessibility compared to CAPTCHAs.

"Private Access Tokens are a powerful alternative that help you identify HTTP requests from legitimate devices and people without compromising their identity or personal information," said Apple, in the description of a WWDC 2022 video related to the topic.

Cloudflare and Fastly have already announced support for Private Access Tokens, meaning that the ability to bypass CAPTCHAs could be coming to millions of apps and websites powered by those platforms, and the feature will roll out more widely over time.

In the first betas of iOS 16 and iPadOS 16, Automatic Verification is enabled by default. Apple said the feature is also supported on macOS Ventura. All of the software updates are currently in beta and will be released later this year.

Article Link: iOS 16 Will Let iPhone Users Bypass CAPTCHAs in Supported Apps and Websites

 

[jz0309]

That’ll be cool, more on macOS for me.

 

[ian87w]

Interesting. Hopefully it reaches wide support, although I doubt that some companies would. Eg I don’t think Google would support this as solving captcha is a way to train Google’s AI, or so I’m told…

 

[Sciomar]

That will be very awesome, I dislike some of those CAPTCHAs. They don't always load correctly or register and I get locked in a loop.

 

[TheYayAreaLiving 🎗️]

Nice! this will save up so much time. It's a nice welcoming feature.

 

[CapitalIdea]

Time for the EU to threaten to fine them for monopolizing convenience.

 

[jav6454]

I feel this feature is nice, but people (websites mostly) will still complain.

 

[xxray]

Does this have any privacy implications though?

 

[WWPD]

That's disappointing, I always liked playing the "click pictures of crosswalks" as a mini-game. I wish someone would make an app with nothing but captchas.

 

[dannyyankou]

I think Apple must read my posts or something lol. I posted this all the way back in November-

Ooh I just thought of a good idea. You know those annoying Captcha's we all have to put up with? Apple should partner with those companies to use Face ID for "human" verification instead. I'm sure it would be very easy to implement.

 

[LoveTo]

But it was never about human verification. I recall watching a video that Google had found a way to verify human activity with just the mouse movements and other parameters. Captchas were still reintroduced so they can train their car driving AIs for free. That’s why the captchas always only have images related to driving/roads/backgrounds.

 

[Macative]

I feel this feature is nice, but people (websites mostly) will still complain.

Why? The web forms use captcha to fight bots and spam. They don't care how they get it. Just that it's legitimately identifying a real person.

It is captcha providers that might object, like Google, who only provides free captcha as a way of getting the world to train their object recognition AI.

 

[throwaway572937]

This is a welcome change, but honestly 99% of my internet usage experience was improved with (1) content blocking and (2) getting that app that removes AMP links. With that, I'm a happy camper.

 

[bored]

I think Apple must read my posts or something lol. I posted this all the way back in November-

Yup. When I worked at Apple, we all read MacRumors to know what the other departments were doing. Otherwise with all the secrecy, we learned about new products at the keynotes, like everyone else.

 

[munpip214]

Next up, please hide all of those cookie preference popups and disable all but necessary.

 

[icymountain]

Good idea.
Usually, when asked to do some of these stupid puzzles, I just leave the website... People should be ashamed of putting these up.

 

[jav6454]

Why? The web forms use captcha to fight bots and spam. They don't care how they get it. Just that it's legitimately identifying a real person.

It is captcha providers that might object, like Google, who only provides free captcha as a way of getting the world to train their object recognition AI.

Until devices are started to be used for spam

 

[maternidad]

Does this have any privacy implications though?

It seems to have been made with privacy in mind. Look at the video linked; it says that Private Access Tokens can not be used to identify users and that the process does not reveal what website a user is trying to access.

 

[RogerDoger2801]

This is awesome! Would love to see something similar done with phone calls and texts 😭 spam is out of control, a setting that I could activate to only receive calls that come with a token that verifies it’s an iCloud confirmed device in good standing (or a similar android type confirmation) would be a blessing to cut down on the robo dial spoofers

 

[icymountain]

Next up, please hide all of those cookie preference popups and disable app but necessary.

I use the "Hush" Safari extension. You set it up once to reject cookies and most of the time you will not have to fill in anything. I could not live without now!

 

[BeatCrazy]

Good idea.
Usually, when asked to do some of these stupid puzzles, I just leave the website... People should be ashamed of putting these up.

I hate them too, but recently had to build a website where I needed to implement Google’s eCAPTCHA.

Basically if the browser detects certain characteristics, you’ll need to solve the captcha. This was necessary because we had too many instances of scripts/bots trying to blast our text entry fields, and ruining it for everyone.

 

[0194839]

I commend Apple for this.. those damn traffic lights. Looking forward to a captcha traffic light free society.

 

[iDento]

This is awesome! Would love to see something similar done with phone calls and texts 😭 spam is out of control, a setting that I could activate to only receive calls that come with a token that verifies it’s an iCloud confirmed device in good standing (or a similar android type confirmation) would be a blessing to cut down on the robo dial spoofers

I had to use a text blocking app with 30$ annual subscription to stop all the crap I get in my Messages.

Real problem is, those people would stop sending us spam if it didn’t work for them.

 

[nutmac]

This is what I love about major iOS releases.

For the first few days, most users are obsessed over tentpole features. In the case of iOS 16, this would no doubt be customizing the Lock Screen, iCloud Shared Photos Library, redesigned Home app, and Focus mode 2.0.

But it's these smaller features that ultimately add up to "I can't go back to using the old iOS" for me, provided the iOS is stable enough.

 

[FelixDerKater]

Are those 20 extra pixels of white part of the crosswalk?