Skip to main content

iOS 16 will let you bypass CAPTCHAs on some apps and websites

iOS 16 will let you bypass CAPTCHAs on some apps and websites

/

It can automatically identify that you’re a real human

Share this story

Illustration of a glowing apple on a blue, dotted background
Using tech called “Private Access Tokens.”
Illustration by Alex Castro / The Verge

When iOS 16 comes out later this fall, you may notice that you don’t have to deal with as many annoying CAPTCHAs asking you to slide a puzzle piece or distinguish between a hill and a mountain. That’s because Apple’s introducing a feature for its iPhones and Macs called Automatic Verification, which let some sites know that you’re not a bot without you actually having to do anything (via MacRumors).

Apple has worked with two major content delivery networks, Fastly and Cloudflare, to develop the system. When it launches with iOS 16 and macOS Ventura, sites that use either of the services to defend against spam should be able to take advantage of the system and stop showing you so many CAPTCHAs. If you’re attentive to how many sites go down when either Fastly or Cloudflare start to have issues, you’ll know that’s a solid chunk of the internet that may become significantly less annoying (especially to those who see CAPTCHAs more often than average because they use a VPN or clear their cookies frequently).

A basic diagram of how Apple’s system works.
A basic diagram of how Apple’s system works.
Image: Apple

While this is far from the first attempt to ditch CAPTCHAs, Apple’s scale means we may really see some headway this time. The underlying system, which Apple calls Private Access Tokens, is vaguely reminiscent of its system to replace passwords. Here's a very simplified idea of how it works: your device looks at a variety of factors to determine whether you’re a human. When you go to a website that would normally ask you to fill out a CAPTCHA, that site can ask your phone or computer if a human is using it. If your device says yes, you’ll be let right on through.

If you want to do a deep-dive on details about the tech, you can watch Apple’s WWDC session on it, read Apple Insider’s explainer, and check out Fastly’s article about it.

As with most new tech it pitches, Apple has a privacy story to go along with. The company says that while your Apple ID is being used as proof that you’re an actual person, your phone or computer isn’t sending out the data (like your email address or phone number) that’s associated with it. The only thing the site gets is what’s essentially a thumbs-up from Apple. Similarly, Apple only knows that your device is asking it to confirm whether you’re a human; it doesn’t get info about who wants to know.

Thankfully for Android and Windows users, Apple isn’t the only one working on this tech. According to Fastly, Google also helped develop it, and the concept of having a trusted party vouch that you’re a human is being built into internet standards. Google started building a similar system into Chrome around two years ago and while it seems to be focusing mostly on third-party issuers instead of doing verification itself, I can definitely see it making a system similar to Apple’s for its users down the line.