Cloudflare says it’s time to end CAPTCHA ‘madness’, launches new security key-based replacement

Cloudflare, which you may know as a provider of DNS services or the company telling you why the website you clicked on won’t load, wants to replace the “madness” of CAPTCHAs across the web with an entirely new system.

CAPTCHAs are those tests you have to take, often when trying to log into a service, that ask you to click images of things like busses or crosswalks or bicycles to prove that you’re a human. (CAPTCHA, if you didn’t know, stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”) The problem is, they add a lot of friction to using the web and can sometimes be difficult to solve — I’m sure I’m not the only person who has frustratingly failed a CAPTCHA because I didn’t see that corner of a crosswalk in one image.

In a blog, Cloudflare says it aims to “get rid of CAPTCHAs completely” by replacing them with a new way to prove you are a human by touching or looking at a device using a system it calls “Cryptographic Attestation of Personhood.” Right now, it only supports a limited number of USB security keys like YubiKeys, but you can test Cloudflare’s system for yourself right now on the company’s website.

I tried it out, and it worked great. All I had to do was click the prominent “I am human (beta)” button on the site, then follow a few prompts to select my security key, then tap it, and then allow the site to access the make and model of the key. When I did, the system waved me through (though it just took me back to the blog).

The whole process took all of a few seconds, and I have to admit that it was really nice not to puzzle over grainy images of busses and bus-looking objects. And in addition to the speed of it all, this new method could have a major accessibility benefit, as those with visual disabilities may not be able to complete CAPTCHAs in their current form.

Here is the company’s “elevator pitch” of what’s going on behind the scenes to establish that you’re a human via its new method:

The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.

You can read a much more extensive explanation on the company’s blog.

While it’s all an intriguing idea, it may not be the end to CAPTCHAs as we know it just yet. For one thing, you probably won’t see the prompt in many places, as Cloudflare says this is only an experiment right now, available “on a limited basis in English-speaking regions.” And in its current state, it only works with a limited set of hardware: YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys.

Cloudflare promises it will “look into adding other authenticators as soon as possible.” That could possibly expand to your phone: Cloudflare suggests the possibility of tapping a phone to their computer to pass a wireless signature using NFC. Google can now treat both iPhones and Android phones as physical security keys; If Google and Apple got on board with Cloudflare’s method, it could significantly reduce the barrier to entry to using it, since smartphones are much more common than security keys.

However, Cloudflare’s system may actually be a worse solution, according to one critic. As Ackermann Yuriy (CEO of the consulting firm Webauthn Works) points out, “attestation does not prove anything but the device model,” meaning that it doesn’t actually prove if someone using a device for authentication is, in fact, a human.

Cloudflare essentially admits this itself in its own blog, saying that a drinking bird (those bird toys that dip their beaks into water repeatedly) could press a touch sensor on a security key, thereby passing the authentication test. If the point of CAPTCHAs is to prevent bot farms from overrunning websites, we may need to consider whether bot farms equipped with with jury-rigged security key devices (or worse) will take advantage.

Cloudflare isn’t always positively associated with CAPTCHAs; in a recent example, the company moved from Google’s reCAPTCHA to a service from hCaptcha in April 2020, and some people weren’t fans:

CAPTCHAs also assume that website owners want to allow relatively anonymous traffic, but anonymous identity may be irrelevant if an website has your actual identity through login information you’ve provided. And with the recent push against ad targeting, driven in large part by Apple’s huge new privacy feature in iOS 14.5 that asks users if they want to let each app track them around the web, it’s possible that website providers will move more toward logins anyway.

Though it certainly sounds like a hassle to have to potentially deal with even more logins (which is much easier to do with a great password manager!), that shift could, counterintuitively, have the potential benefit of pushing us toward a passwordless future even sooner. If more services are pushing for direct logins, that could lead to more of them supporting security keys instead of a password. And more sites supporting security keys could put pressure on others to support them as well, like the trend we see toward two-factor authentication with phones.

While we’re not at that passwordless future just yet, Cloudflare’s potential replacement for the CAPTCHA could be a first step in that direction.

Repost: Original Source and Author Link


Photoshop’s sky replacement tool makes it easier to fake a perfect sunset

Adobe is preparing to add an AI-powered sky replacement tool to Photoshop that makes it easier to swap out the sky in any picture with just a few clicks. The company previewed the tool on YouTube ahead of its Adobe Max conference, scheduled for October 20th–22nd.

The tool uses machine learning to automatically identify the foreground and background of a picture, saving people from creating complicated masks to separate the two. You can load in a number of dramatic preset skies, and the algorithms will automatically tweak the warmth and temperature of the foreground to match the new sky. If you add in a warm, golden sunset, for example, it’ll update the coloring of the rest of your picture to match.

Adobe isn’t the first company to offer this sort of tool. AI-powered picture editor Luminar has offered one-click sky replacement since last year, for example. But it is the latest example of Adobe enhancing its premier picture editor with the help of machine learning.

The Verge’s art crew had mixed feelings about the tool. They thought the color-matching looked well-done but were cautious about evaluating the feature from a simple demo video. Like any company demoing a new product, Adobe is only going to pick the most flattering examples. They did also note, though, that Adobe’s automatic cutout tools generally work pretty well and would definitely make this sort of edit a lot easier.

A sky replacement feature could be particularly useful for Instagram influencers, always looking to create the perfect travel shot. Last year, one influencer was criticized after it was spotted that she was using fake clouds in her photos. She later said that she had always been open about editing her images but perhaps needed more variety. “Maybe I just need to change the sky I pick — but I kinda like the one I use!” she added. Photoshop could help.

Adobe didn’t say when this new feature would be added to Photoshop, but you can expect to hear more details at the company’s upcoming Max conference.

Repost: Original Source and Author Link

Tech News

MacBook Pros that don’t charge past 1% get free battery replacement

Every so often, we hear about software updates that bring their own set of bugs even as they fix others. Most of the time, these bugs only affect software features but there are rare times that they may affect even a device’s hardware. The past few days have been a stressful one for MacBook Pro owners exactly because of that rare case of bad luck over battery issues and Apple is now offering free battery replacements for those affected by a highly inconvenient bug.

When Apple released macOS Big Sure 11.2 last week, some MacBook Pro owners suddenly discovered they could no longer charge their batteries. It took a few days but Apple finally rolled out a fix in Big Sur 11.2.1 and a Catalina 10.15.7 supplemental update to make sure that other MacBook Pros won’t even reach that point. Unfortunately, it might have been too late for some who have run into a worse scenario.

Apple acknowledged that a very small number of 2016 and 2017 MacBook Pro models now can’t even charge past 1%. Even if these were functioning perfectly before, they are now faced with a “Service Recommended” warning. This could make it impossible for affected users to even update their MacBook Pros at this point.

Apple is now announcing a free battery replacement offer to MacBook Pros that were affected by this strange bug. Given the age of the devices, they are naturally outside of warranty coverage. That said, only these specific models are eligible for the offer:

• MacBook Pro (13­-inch, 2016, Two Thunderbolt 3 Ports)
• MacBook Pro (13-­inch, 2017, Two Thunderbolt 3 Ports)
• MacBook Pro (13-­inch, 2016, Four Thunderbolt 3 Ports)
• MacBook Pro (13-­inch, 2017, Four Thunderbolt 3 Ports)
• MacBook Pro (15-­inch, 2016)
• MacBook Pro (15-­inch, 2017)

Owners are advised to check their model number and battery health to verify they can claim the free replacement and contact Apple support. Those that aren’t affected are also advised to update to the latest Big Sur and Catalina versions anyway to make sure they don’t end up on the same boat as these.

Repost: Original Source and Author Link