document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #26014 from lkxed/20220609-Cloudflare-Has-Something-New-to-Replace-Annoying-CAPTCHAs-on-the-Internet

Browse Source 
[提交译文][news]: 20220609 Cloudflare Has Something New to Replace Annoying CAPTCHAs on the Internet.md
This commit is contained in:
六开箱 2022-06-12 11:56:23 +08:00 committed by GitHub
commit 9d23126c21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 86 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
sources/news/20220609 Cloudflare Has Something New to Replace Annoying CAPTCHAs on the Internet.md
View File

@ -1,86 +0,0 @@
[#]: subject: "Cloudflare Has Something New to Replace Annoying CAPTCHAs on the Internet"
[#]: via: "https://news.itsfoss.com/cloudflare-pat/"
[#]: author: "Jacob Crume https://news.itsfoss.com/author/jacob/"
[#]: collector: "lkxed"
[#]: translator: "lkxed"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Cloudflare Has Something New to Replace Annoying CAPTCHAs on the Internet
======
Dont want to complete CAPTCHA challenges to prove that you are a human? Cloudflare might have a solution for that.
![cloudflare][1]
Cloudflare, the internet services giant, has [just announced][2] Private Access Tokens. These aim to reduce the number of CAPTCHAs you see on the web while improving your privacy.
As you may have found out, CAPTCHAs are a horrible experience on mobile. They often end up occupying the entire screen and can be impossible to complete at times.
As an alternative, websites can elect to collect uniquely identifying data to prove that you are a human. Of course, from a privacy standpoint, this practice is terrible, leaving many privacy-valuing companies with little to prevent them from bot attacks.
Fortunately, the release of Private Access Tokens, or PATs, is set to change this.
### What Impact Will Private Access Tokens Have?
In short, PATs will:
* Reduce the number of CAPTCHAs on supported devices
* Increase user privacy
* Allow website owners to ensure that visitors are coming from actual devices
However, diving in a little deeper, we can see that PATs are much more impactful than at first glance. With traditional CAPTCHAs, there are multiple entities that can access your data.
Firstly, the website you are visiting knows your IP address and the URL you are visiting. Of course, this data is the minimum required to establish a connection. Additionally, for more advanced functionality, websites are also sent some user agent data, which is not uniquely identifiable.
However, the second party, the CAPTCHA provider, can collect a lot more data. Like with the website you want to visit, it knows your IP address, user agent data, and the URL you visit. Unfortunately, they also collect additional data, like your device information and interaction data. When tied back with previous times you have completed a CAPTCHA, they can build up an astonishingly detailed profile of you.
Fortunately, PATs by Cloudflare prevent such data from being collected, by ultimately bypassing the CAPTCHA altogether.
### How Do PATs Work?
![][3]
Unlike the CAPTCHA method of aggregating as much data as possible, PATs decentralize the data so that no single party can uniquely identify you. Before you mention data sharing, Cloudflare has specifically mentioned that data is not shared between parties.
When you go on to a website utilizing Cloudflare and PATs, a total of three parties will handle different portions of your data.
1. The website. This will only know your IP, URL, and user agent, which again, is required for establishing a connection.
2. Your device manufacturer. This will only know the device data required to verify that your device is genuine. They will NOT know what website you are visiting, or your IP address. After verifying your device, they will generate a token, which will be sent to Cloudflare.
3. Cloudflare. Cloudflare will receive the token, which does not contain any of your device data, only a guarantee of sorts from the manufacturer that it is genuine. The only other data they know is the website you are visiting, which is required to serve you the content.
The result of this is a system that gives Cloudflare confidence in you being a human, without ever having to touch your data.
### Supported Operating Systems: No Linux?
As you may have realized, PATs need specific operating system features to work. Currently, they are only present on the latest operating systems by Apple, namely iOS and iPadOS 16, as well as macOS Ventura. This is because Apples operating systems run on a limited set of hardware, making device verification significantly easier.
Linux, on the other hand, is a general-purpose operating system designed to run on a wide range of hardware. As a result, I dont expect to see it support PATs in the near future.
Going back to Apple, it occurs to me that PATs could also cause some issues with consumers right to repair their devices. If, for example, I replaced a worn-out iPhone battery with a non-genuine one, would this be flagged by the PAT system?
What about Linux Phones? Manufacturers of these, like Pine64 and Purism, may not have the infrastructure to support such a system. Will it be possible to use PATs on these?
In the [announcement post][4], Cloudflare mentions:
> We are actively working to get other clients and device makers utilizing the PAT framework as well. Any time a new client begins utilizing the PAT framework, traffic coming to your site from that client will automatically start asking for tokens, and your visitors will automatically see fewer CAPTCHAs.
So, we hope to see it being adopted by more devices, and operating systems. What do you think about PATs by Cloudflare? Let me know your thoughts in the comments down below.
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/cloudflare-pat/
作者:[Jacob Crume][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lkxed
[1]: https://news.itsfoss.com/wp-content/uploads/2022/06/cloudflare-private-access-tokens.jpg
[2]: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/
[3]: https://news.itsfoss.com/wp-content/uploads/2022/06/PAT-Data-transfer-chart-1024x650.png
[4]: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/

86
translated/news/20220609 Cloudflare Has Something New to Replace Annoying CAPTCHAs on the Internet.md Normal file
View File

@ -0,0 +1,86 @@
[#]: subject: "Cloudflare Has Something New to Replace Annoying CAPTCHAs on the Internet"
[#]: via: "https://news.itsfoss.com/cloudflare-pat/"
[#]: author: "Jacob Crume https://news.itsfoss.com/author/jacob/"
[#]: collector: "lkxed"
[#]: translator: "lkxed"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Cloudflare 有了一个新东西,它可以替代互联网上烦人的验证码
======
不想通过正确输入 <ruby>验证码<rt>CAPTCHA</rt></ruby> 来证明自己是个人类吗Cloudflare 可能有了一个解决方案。
![Cloudflare][1]
互联网服务巨头 Cloudflare在 6 月 9 日)[刚刚宣布了][2] <ruby>私有访问令牌<rt>Private Access Tokens</rt></ruby> 功能。这项功能旨在减少你在网络上看到的验证码数量,同时改善你的隐私。
你可能已经发现,验证码在移动设备上是一种可怕的体验。通常,它们会最终会占据整个屏幕,有时甚至也无法完成。
作为替代方案,网站可以选择收集唯一识别数据,以证明你是人类。当然,从隐私的角度来看,这种做法是很糟糕的。如果这么做,许多重视隐私的公司都几乎无法避免 <ruby>僵尸攻击<rt>bot attacks</rt></ruby>
幸运的是私有访问令牌PATs的发布将改变这一点。
### 私有访问令牌会产生什么影响?
简而言之,私有访问令牌能够做到下面这些事:
* 在支持设备上减少验证码数量
* 增强用户隐私
* 允许网站所有者确保访问者来自真实设备
然而,深入观察,我们可以看到私有访问令牌的影响力远不止于此。若使用传统的验证码,就有多个实体可以访问你的数据。
首先,你正在访问的网站知道你的 IP 地址和你正在访问的 URL。当然这些数据是建立连接所需的最低要求。此外对于更高级的功能网站还会发送一些用户代理数据还好这些数据并不是唯一可识别的。
然而,另一方,也就是验证码提供者,却可以收集更多的数据。与你要访问的网站一样,它也知道你的 IP 地址、用户代理数据和你访问的 URL。不幸的是除此之外他们还会收集其他数据例如你的设备信息和交互数据。如果把这些信息与你之前完成验证码的时间联系起来你就会惊讶的发现他们可以建立一个非常详细的属于你的个人资料。
幸运的是,有了 Cloudflare 的私有访问令牌,你就可以完全绕过验证码,从而阻止验证码提供者收集此类数据。
### 私有访问令牌是如何工作的?
![][3]
验证码的理念是集中尽可能多的数据私人访问令牌则恰恰相反它将数据去中心化因此任何一方都无法唯一识别你。在你提到数据共享之前Cloudflare 就已经特别指出了,数据不会在各方之间共享。
当你访问使用 Cloudflare 和私人访问令牌的网站的时候,共有三方将处理你的数据的不同部分。
1. 网站。它只会知道你的 IP、URL 和用户代理,这也是建立连接所必需的。
2. 你的设备制造商。他们只会知道那些用于验证设备是否真实所需的设备数据,而不会知道你正在访问哪个网站,或你的 IP 地址是什么。验证了你的设备后,他们将生成一个令牌,该令牌将发送到 Cloudflare。
3. Cloudflare。他们将收到这个令牌令牌中不包含你的任何设备数据只有制造商对它是正品的“保证”。他们知道的唯一其他数据就是你正在访问的网站同样这是为你提供内容所必需的。
通过这种方式Cloudflare 无需接触你的数据,就可以对“你是一个人”充满信心。
### 支持的操作系统:没有 Linux
你可能已经意识到,私人访问令牌需要特定的操作系统功能才能工作。目前,它们仅存在于苹果最新的操作系统上,即 iOS 和 iPadOS 16以及 macOS Ventura。这是因为苹果的操作系统只在有限的硬件上运行设备验证会更加容易。
另一方面Linux 是一种通用操作系统,旨在在各种硬件上运行。因此,我认为,在可预见的未来,它都不会支持私人访问令牌。
回到苹果,我想到私人访问令牌也可能导致消费者维修设备的权利出现一些问题。例如,如果我用第三方的非正品电池更换了老旧的 iPhone 原装电池,私人访问令牌系统会特殊对待这种情况吗?
如果是 Linux 手机呢?这些制造商,如 Pine64 和 Purism可能没有支持这样一个系统的基础设施。是否可以在这些上使用私人访问令牌呢
Cloudflare 在 [公告帖][4] 中提到:
> 我们正在积极努力让其他客户和设备制造商也使用私人访问令牌框架。每当新客户开始使用它时,从该客户进入你网站的流量将自动开始要求令牌,你的访问者将自动看到更少的验证码。
因此,我们希望看到它被更多的设备和操作系统采用。你如何看待 Cloudflare 的私人访问令牌呢?在下面的评论中发表你的看法吧!
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/cloudflare-pat/
作者:[Jacob Crume][a]
选题:[lkxed][b]
译者:[lkxed](https://github.com/lkxed)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lkxed
[1]: https://news.itsfoss.com/wp-content/uploads/2022/06/cloudflare-private-access-tokens.jpg
[2]: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/
[3]: https://news.itsfoss.com/wp-content/uploads/2022/06/PAT-Data-transfer-chart-1024x650.png
[4]: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/