Skip to main content

This new iOS 16 feature will rid the web of pesky CAPTCHA verification puzzles

With the release of iOS 16 this year, Apple is taking steps towards eliminating the need for those pesky CAPTCHAs around the web. A new feature called Private Access Tokens will use a combination of details about your device and your Apple ID to inform a website that you are a legitimate user rather than a robot. In turn, this allows you to completely bypass the CAPTCHA step.

No more CAPTCHAs in iOS 16

The feature, which was spotted on Reddit over the weekend and by AppleInsider, was detailed by Apple in a WWDC 2022 session titled “Replace CAPTCHAs with Private Access Token.” In its explanation to developers, Apple explains:

Private Access Tokens are a powerful alternative that help you identify HTTP requests from legitimate devices and people without compromising their identity or personal information. We’ll show you how your app and server can take advantage of this tool to add confidence to your online transactions and preserve privacy.

As you should expect from Apple, this process is done with privacy in mind. Servers are a able to request tokens using a new HTTP authentication method called “PrivateToken.” These tokens are then used as part of a cryptographic process to confirm to the server that the “client was able to pass an attestation check.”

Apple explains that these cryptographic situations are unlinkable, which means “servers that receive tokens can only check that they are valid, but they cannot discover client identities or recognize clients over time.”

The process factors in certificates stored in your iPhone, iPad, or Mac Secure Enclave, then verifies that the Apple ID associated with those certificates is in good standing.

Apple notes that companies including Fastly and Cloudflare are already developing support for this new Privacy Pass standard. In fact, both of those companies have already enabled their issuer services. Other companies will be able to sign up later this year through Apple’s website.

This new “Automatic Verification” feature is enabled by default in the first betas of iOS 16, iPadOS 16, and macOS Ventura. You can find it by navigating to your Apple ID settings, choosing “Privacy and Security,” then looking for the new “Automatic Verification” toggle at the very bottom.

Apple’s user-facing explanation says: Bypass CAPTCHAs in apps and on the web by allowing iCloud to automatically and privately verify your device and account.

Because services like Cloudflare and Fastly have already enabled support for this new Privacy Pass standard, you should already be able to bypass CAPTCHAs on websites and apps that rely on those CDNs.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications