We have no doubt that our smartphone will increasingly be the key to the world that guarantees our identity. As such, Apple wants to not only transform the iPhone into a personal and non-transferable computer, but also the passport to move around freely without being subject to constant CAPTCHA checks when browsing the internet. iOS 16 brings the solution to the annoying “I’m not a robot” tests!
Apple has created a mechanism capable of informing websites that the user is, in fact, a legitimate user and not a robot. This in turn allows CAPTCHA steps to be automatically skipped.
Those who thought iOS 16 was just a "repaint" on iOS 15 are sorely mistaken. Apple has dozens of new features and some of them will change the way the user interacts with the cyber world.
We have already seen several new features in the first beta of the new iOS and much remains to be seen.
No more CAPTCHAs in iOS 16
The feature, which was spotted on Reddit, was detailed by Apple in a WWDC 2022 session titled “Replace CAPTCHAs with Private Access Token”. To programmers, Apple explains:
You Private Access Tokens are a powerful alternative that helps you identify HTTP requests from legitimate devices and people without compromising your identity or personal information. We will show you how your application and your server can take advantage of this tool to add trust to your online transactions and preserve privacy.
As expected from Apple, this process is done with privacy in mind. Servers are a boon for requesting tokens using a new HTTP authentication method called "PrivateToken". These tokens are then used as part of a cryptographic process to confirm to the server that the "client was able to pass an authenticity check".
Apple explained that these cryptographic situations are unbindable, meaning that "servers receiving tokens can only verify that they are valid, but cannot discover client identities or recognize clients over time."
Process factors in certificates stored on iPhone, iPad, or Mac Secure Enclavethen verify that the Apple ID associated with these certificates is in good standing.
Apple notes that companies, including Fastly and Cloudflare, are already developing support for this new Privacy Pass. In fact, both companies have already enabled their services. Other companies will be able to apply later this year through Apple's website.
This new "Auto Scan" feature is enabled natively in the early betas of iOS 16, iPadOS 16, and macOS Ventura. You can find it by navigating to the Apple ID settings, under the "Password and Security" option, and then going to the end of that menu, you will find the "Auto Confirmation" option.
In the explanation, Apple says "Bypass CAPTCHA in apps and on the web by allowing the iCloud service to automatically and privately confirm your device and your account".
Therefore, services like Cloudflare and Fastly, which have already enabled support for this new Privacy Pass standard, should already be able to bypass CAPTCHAs on websites and applications that rely on these CDNs.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,'script','https://connect.facebook.net/en_US/fbevents.js');
fbq('init', '1664527397186427'); // Insert your pixel ID here.
fbq('track', 'PageView');
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/pt_PT/sdk.js#xfbml=1&version=v2.3&appId=122308327859118";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));