How iOS 16 bypasses CAPTCHAs on iPhone

EPN in Eastern Ukraine People are very worried This will

iOS 16 allows you to say goodbye to most CAPTCHAs! A new option allows iPhone users to prove that they are not robots without answering the questionnaire.

A new feature of the iOS 16 update has been spotted by Internet users of the social network Reddit. This option allows iPhone users to bypass the famous CAPTCHAswhich slow down web browsing.

As a reminder, CAPTCHAs (“Completely Automated Public Turing test to tell Computers and Humans Apart”) allow a website or an application to ensure that a visitor is a human rather than a computer bot. The process requires identifying certain elements on a set of everyday images, such as traffic lights, stairs, cars, bicycles or boats.

Sometimes you have to recognize a set of letters instead. This task is basic for a human being, but not for most computer programs. This challenge-response is one of the famous Turing test that differentiate humans from computers. These days, most websites use it to protect themselves against malware.

iOS 16 shows websites you’re not a robot

To allow iPhones to skip this verification process, Apple uses a “private access token.” The Cupertino giant detailed how the option works at WWDC 2022, the annual conference dedicated to developers. On his websiteApple specifies for application developers:

“Private access tokens are a powerful alternative that helps you identify HTTP requests from legitimate devices and people without compromising their identity or personal information. We’ll show you how your application and server can take advantage of this tool to add trust to your online transactions and preserve your privacy.”

Concretely, iOS 16 relies on iCloud to check if the certificates stored in your iPhone and the associated Apple ID are in order. If so, the operating system will issue a private access token. Thanks to this token, the server of the website will be informed that “the client was able to pass an attestation verification”. Clearly, Apple acts as a trusted third party between the Internet user and the website.

Unsurprisingly, Apple’s system emphasizes privacy. As Apple points out, “servers that receive tokens can only verify that they are valid, but they cannot discover client identities or recognize clients over time.” The entire process is encrypted. No information about your smartphone, your account or your browsing history filters.

Read also: iOS 16 will allow you to create a 3D plan of your interior by scanning it with your iPhone

How to Bypass CAPTCHAs on iOS 16

© 01Net

If you have iOS 16 beta installed on your iPhone, the “Auto Check” feature is enabled by default. Note that the feature is also integrated into the macOS Ventura and iPadOS 16 update. We explain how to access it on your iPhone:

  • Open the app Settings
  • Press your Apple ID (top of screen)
  • Go into Password and Security
  • Check the box Automatic validation at the bottom of the interface
  • Popular services like Fastly and Cloudflare have already committed to supporting the workaround option developed by Apple. Both companies will automatically implement private tokens on all of their customers’ websites. Millions of applications and websites will support this new feature. In a blog postCloudflare also explains that all visitors “using an iOS or macOS device will automatically start seeing fewer CAPTCHAs once they upgrade their operating system”.

    Companies are therefore ready for the large-scale deployment of iOS 16, macOS Ventura and iPadOS 16. For the record, Apple will deploy the final version of the updates in the course of next fall.

    Fastly and Cloudflare reveal that Google has also worked on the Privacy Pass protocol, on which Apple’s private tokens are based. “We worked with our friends at Apple, Cloudflare, and Google to develop and standardize the technology behind private access tokens,” Fastly says.

    De facto, we can hope that an iteration of the functionality will end up doing its entry on Android or other Google solutions in the years to come. For now, the protocol is already available on Chrome as an extension. Unfortunately, user feedback suggests the extension isn’t quite there yet.

    Source :