iOS 16 Will Let iPhone Users Bypass CAPTCHAs in Supported Apps and Websites (macrumors.com) 34
Tapping on images of traffic lights or deciphering squiggly text to prove you are human will soon be a much less common nuisance for iPhone users, as iOS 16 introduces support for bypassing CAPTCHAs in supported apps and websites. From a report: The handy new feature can be found in the Settings app under Apple ID > Password & Security > Automatic Verification. When enabled, Apple says iCloud will automatically and privately verify your device and Apple ID account in the background, eliminating the need for apps and websites to present you with a CAPTCHA verification prompt.
I'll leave it off (Score:1, Interesting)
Apple vouching that I'm a human: OK
Apple handing over my Apple ID: Not so much.
Now, if I could use it only on the apps and web sites that I'm "logging into" with my Apple ID today anyways, that's going to be fine.
Re:I'll leave it off (Score:5, Informative)
If you watch the video from apple, they will step you through the IETF standards they are using to accomplish this.
iCloud is involved to say "this person is a human."
iCloud does not give out any information that uniquely identifies you, or even your phone.
All it's doing is proving you are a real human, not a bot.
Re: (Score:3)
Re: (Score:3)
Re: I'll leave it off (Score:2)
It sounds a bit like the assumption is that spammers will never have iphones and won't figure out a way to farm them.
I remember about 10 years ago some wow gold farmers complaining about how they could no longer compete with some others that built a complete replacement of the wow client, which means they were also able to emulate all of the anti-botting security features enough to fool the servers. This gave them the ability to instantiate hundreds of clients on a single VM instead of just two or three, be
Re: (Score:2)
Again, if you watch the video ...
For this to work, your device has to have an iCloud account. Apple doesn't share any of the details of this iCloud account with the web site, but seems to consider this a "good indicator that this device is attached to a person."
They also have systems on their end that can look for "bot like behavior."
So if you setup a "farm" of iPhones (each with an iCloud account), in theory ... apple could build systems to detect bot-like-behavor (many many token requests on the same iCl
Re: I'll leave it off (Score:2)
That's kind of like saying that you can easily detect data exfiltration by watching for large data transfers. The reality is that these people tend to be very patient; they'll do it slowly over a long period of time. In this case that would translate to executing only occasional behaviors that are suspect, in addition to adding random benign behaviors to simulate an actual person using the device for other things.
Trust me, it's been done. And done. And done. And done.
Re: (Score:2)
iCloud is involved to say "this person is a human."
iCloud does not give out any information that uniquely identifies you, or even your phone.
iCloud is not designed to uniquely identify you to external parties the same way as cookie is not designed to track you across multiple sites and profile your browsing activities. Yet here we are.
Re: (Score:1)
I'll have to go back and read the standard, but I don't see why they need an iCloud or other login in the first place.
Apple can get enough information from the phone to uniquely identify it.
If the objection is "an iCloud ID requires you to go though a CAPTCHA or something similar" then fine, make me go through such a thing ONE TIME on a given device (or once per week/month/reboot/whatever per device) to prove I am a human, but don't make me sign in with my Apple ID.
Re: (Score:2)
Apple can get enough information from the phone to uniquely identify it.
Great, let's assume they can 100% identify a genuine iPhone. So? Have you seen the pictures of click farming? They have like 100-200 phones on a panel for one person to monitor. Now tell me again how merely having a genuine iPhone is enough to prevent fraudulent usage.
Re: (Score:3)
There are probably some additional elaborations to deal with considerations I'm not thinking of; but if captcha-users are willing to accept your apple ID from Apple as sufficient proof to bypass a captcha they should also be willing to accept an Apple-provided assertion that you are someone with an Apple ID in de
Re: (Score:2)
As an android user, I don't see any ads while charging, or at all in general usage.
There are a couple "service offers" you see while setting up the phone/first time you use a feature... like there was some Samsung / Microsoft deal for OneDrive to backup your data that they show you, or an offer for SiriusXM the first time you launch Samsung Music. (Although I don't use samsung music). And there's a few 'features' of some apps that are basically ad delivery... like some versions of the phone app has a places
Re: (Score:2)
"Why? There are services that will solve captchas for you for a few cents per captcha. They even offer APIs to integrate into your bots."
I'd buy one.
Where i live the taxis aren't yellow, the hydrants aren't red nor yellow, so it doesn't check if it's a human, it checks if it's an American human.
Re: (Score:2)
If older devices are supported, and instrumenting them up enough to work around dead screens and the like doesn't invalidate the feature, I don't doubt that there will be some creative and impressively low cost iDevice farms put together; but it will stil
Novel way to verify web client is human (Score:2)
Rare Useful Feature (Score:3)
It is very rare that a new OS has a feature that I would find useful. Hell, it's rare for a new OS to debut a feature that I can imagine ANYBODY having any use for. But this seems like an actual, bonafide useful feature. Congratulations, Apple!!
That will work for about a week (Score:3)
Until the scammers find out how to pretend to be human, then the whole shit is back to square one.
Re: (Score:2)
"Until the scammers find out how to pretend to be human, "
American human, 194 countries have no yellow taxis, they don't recognize taxis in blurry stamp-sized photos.
Re: (Score:2)
Unlike American humans, others around the world got used to the US-centric approach the average US company takes to things like that. By now we actually adjusted to miles, Fahrenheit and the rest of the bullshit the US is so enamoured with.
If it serves our purpose, we can pretend that it matters. Like, well, with anything US.
Re: (Score:2)
This reminds me of a story about chimpanzee intelligence. Apparently an IQ test asked subjects to identify preferred homes. Chimps selecting trees were marked down on this and other questions with similar issues. Turns out our IQ tests have a pro-human bias.
Ew, no (Score:2)
Re: (Score:2)
Google has been doing this for years. When you encounter a Google Captcha, if you are logged into your Google account then that is used as a strong signal that you are a real human. In most cases you don't need to do anything, that's enough to pass the test.
Re: (Score:1)
if you are logged into your Google account
Some of us don't stay logged into accounts longer than needed for the task at hand.
Re: (Score:2)
Then Apple's clone won't help you either.
Re: (Score:2)
Actually, there is a way to make this work that doesn't use or share your device ID with the web site checking to see if you are human.
And, actually, it's based on an ITRF standard.
If you'd watch Apple's video, you could learn how!
So.... (Score:1)
Robotic finger? (Score:1)
So how do I block this? (Score:1)
If I put a CAPCHA on the entrance to my website, it is because I need to verify that they are real people. IDGAFF if they are using the latest super shiny iThing other than it might mean that they are more likely to spend money without too much consideration.
If you remove the usefulness to websites of that method of verification, they will have to think of something else. Alternatively, they will have to think of a way of detecting and preventing this particular fraud.