However, after several decades, it appears as if captcha’s dominance over the internet could be waning. Apple has decided to give the technology the boot, and its impact on things like email analytics and ad tracking have already had an impact. At its Worldwide Developers Conference (WWDC) in June, the company announced it would be replacing captchas with Private Access Tokens. “Sometimes a captcha is just a button to press,” says Apple engineer Tommy Pauly. “But others can be a challenge to fill out.”
Apple’s alternative, Privacy Access Tokens, tackle the underlying issue captchas try to solve—identifying inauthentic behavior—but in a more user-friendly way. “Captchas often lead to a slower and more complex user experience,” says Pauly. “When I do the exact same thing on the iOS 16 phone that supports Private Access Tokens, I get right through. This is going to save a lot of people a lot of time, and your customers will appreciate being trusted.” The Privacy Access Token concept was developed in collaboration with Google, Cloudflare, and Fastly.
Khedouri says the Privacy Access Token isn’t the end of the captcha—far from it. “Privacy Access Tokens are basically just a rebranding of the Privacy Pass, of which we are one of the creators,” he says. “We’ve been working on this for many years now.”
Instead, he believes that the future of captchas is bright, in large part because hCaptcha is trying to rework it from users feeling like they’re doing unpaid labor for Big Tech companies to a moment of fun. “We don’t want to bore you to death,” he says. “We actually would like the experience to be pleasant.” To try and achieve that, Khedouri and Intuition Machines are taking the tests out of the realms of the ordinary and into the extraordinary. “It’s like a game,” he says. hCaptcha is testing a number of different puzzle variants for users to solve, and among the most popular are animal-based ones—unsurprisingly, he says. “The internet is primarily used to transmit pictures of animals.”
Although that’s the goal, users’ frustrations around trying to identify which dogs are smiling and which aren’t suggest we’re not there yet. The new generation of captchas may be more fantastical, but they’re still solutions to which we don’t always know the answer, and which we resent having to do. But we’re thinking about it the wrong way if we’re actually trying to find the ground truth of smiling dogs, says Khedouri. “Think about it this way: The goal of a captcha is that you do what people do,” he explains. We’re not actually meant to find the right answer: We’re just meant to answer the question in the same way as other people. “If people are mostly making the same kinds of errors, that’s fine,” he says. hCaptcha’s solve rate meets a 99 percent benchmark, according to Khedouri, meaning that out of 100 users, 99 can solve the query within two tries.
But for those with disabilities who already struggle with the existing generation of captchas, adding a whimsical, fictionalized element to the problem-solving is another frustration to pile on top of an already tricky challenge to daily browsing. Preexisting captchas have been shown to be harder to solve for people with learning difficulties. People with learning difficulties struggle enough to identify which parts of an image contain a sidewalk and which don’t; asking them to pick out the horses made of clouds from the elephants made of clouds could be a step too far.
Despite that, and despite Apple’s attempt to sidestep them, captchas will remain on the internet, Khedouri predicts. “As long as there are things that people can do quickly and easily that machines cannot do easily, then you will see some form of humanity verification,” he says.
In many ways, trying to rid the internet of the baffling mini-tests is fighting a battle we already lost long ago. “It’s very hard with these kinds of processes to backtrack and eliminate them from use once they’re ubiquitous,” says Le Moignan. “It’d take cohesive will in what’s an inherently fragmentary ecosystem of players, data generation, and processes. Ultimately you can’t opt out, so the user is over a barrel. You can’t, as a user, go ‘Not today, Satan, no captchas from me.’”