With the release of iOS 16 this year, Apple is taking steps to eliminate the need for those pesky CAPTCHAs on the web. A new feature called Private Access Tokens will use a combination of your device and Apple ID details to tell a website that you’re a legitimate user rather than a bot. In turn, this allows you to completely bypass the CAPTCHA step.
No more CAPTCHAs in iOS 16
The feature, which was spotted on Reddit over the weekend and by AppleInsider, was detailed by Apple during a WWDC 2022 session titled “Replacing CAPTCHAs with a Private Access Token”. In its explanation to developers, Apple explains:
Private access tokens are a powerful alternative that helps you identify HTTP requests from legitimate devices and people without compromising their identity or personal information. We’ll show you how your application and server can take advantage of this tool to add trust to your online transactions and maintain privacy.
As you’d expect from Apple, this process is done with confidentiality in mind. Servers are a blessing to request tokens using a new HTTP authentication method called “PrivateToken”. These tokens are then used as part of a cryptographic process to confirm to the server that the “client has passed an attestation check”.
Apple explains that these cryptographic situations cannot be linked, meaning that “servers that receive tokens can only verify that they are valid, but they cannot discover client identities or recognize clients over time. “.
The process considers the certificates stored in your iPhone, iPad, or Mac Secure Enclave, then verifies that the Apple ID associated with those certificates is in good standing.
Apple notes that companies such as Fastly and Cloudflare are already developing support for this new Privacy Pass standard. In fact, both of these companies have already activated their issuer services. Other companies will be able to sign up later this year through Apple’s website.
This new “Auto Check” feature is enabled by default in early betas of iOS 16, iPadOS 16, and macOS Ventura. You can find it by going to your Apple ID settings, choosing “Privacy & Security,” then looking for the new “Automatic Verification” toggle at the very bottom.
Apple’s explanation to the user says: Bypass CAPTCHAs in apps and on the web by allowing iCloud to automatically and privately verify your device and account.
Since services like Cloudflare and Fastly have already enabled support for this new Privacy Pass standard, you should already be able to bypass CAPTCHAs on websites and apps that rely on these CDNs.
FTC: We use revenue-generating automatic affiliate links. After.
Check out 9to5Mac on YouTube for more Apple news: