Toward the end of September 2022, Cloudflare breathlessly announced the introduction of Turnstile, a free “user-friendly, privacy-preserving alternative to CAPTCHA”
In the announcement, CF compares Turnstile favorably to traditional, old-school CAPTCHA. The comparisons seem accurate, but irrelevant as traditional CAPTCHAs have largely fallen out of fashion in favor of less obtrusive solutions like invisible reCAPTCHAs and CF’s own Javascript challenge. The announcement offers no comparison to these more modern solutions. It makes an unconvincing privacy claim – basically saying I can trust CF but not Google with my data. Maybe so but Google already spies/steals my data in many other ways, one more ain’t likely to hurt. Any advantage of the new Turnstile service remains elusive.
Is Turnstile somehow more effective? Dunno, but not according to hCaptcha (who offers competing products, so take their criticism with a big grain of salt): “in our research, paid services offered by cybercriminals charge less to bypass Turnstile than to “solve” a CAPTCHA or to bypass reCAPTCHA v3, and can do so at a much higher speed. This indicates that as of December 2022, Turnstile currently offers weaker bot mitigation than modern humanity verification challenges or other passive alternatives.”
So, unless more information becomes available, I don’t see the point of Turnstile.
