A new iOS 16 feature called Private Access Tokens will use data from iPhone users to eliminate the need for CAPTCHA on the web.
The feature combines details about the user’s device and Apple’s ID to report a website that is a legitimate user and not a robot.
The new feature is enabled by default in the first beta versions of iOS 16, iPadOS 16 and macOS Ventura. Users interested in enabling the feature can do so by navigating to their Apple ID settings, where they select “Privacy and security” and then search for the new “Auto-check” button at the bottom.
Servers will now request tokens that use the new HTTP authentication method called “PrivateTokens,” which are used as part of a cryptographic process to confirm to the server that “the client has been able to pass an accreditation check.”
Apple goes on to explain that cryptographic processes are not linked, which means that “servers that receive tokens can only verify that they are valid, but cannot discover client identities or recognize clients over time.”