A new iOS 16 feature called Private Access Tokens will use iPhone user data to eliminate the need for CAPTCHA on the web.
The feature combines details about the user’s device and Apple ID to inform a website that it is a legitimate user and not a robot.
The new feature is enabled by default in the first betas of iOS 16, iPadOS 16, and macOS Ventura. Users interested in enabling the feature can do so by navigating to their Apple ID settings, where they select “Privacy and Security” and then search for the new “Automatic Verification” button at the bottom.
Servers will now request tokens that use the new HTTP authentication method called “PrivateTokens,” which are used as part of a cryptographic process to confirm to the server that the “client was able to pass an attestation check.”
Apple goes on to explain that the cryptographic processes are not linked, which means that “servers that receive tokens can only verify that they are valid, but they cannot discover client identities or recognize clients over time.”