Some Questions Related to Data Report and Availabilty of Turnstile

I have been looking forward to the practical application of the Private Access Token and the human-robot distinction solution integrated with PAT, so I am excited that the Turnstile is finally rolling out. I already fully integrated Turnstile into my Telegram Bot, Telegram Watchdog (https://github.com/tg-watchdog/tg-watchdog), and found some interesting situations that made me write this post.

Indicators of Turnstile Analysis

I found that there are some indicators in Turnstile analysis, and those indicators make me puzzled.

What’s different between “Visitor Solve Rate” and “API Solve Rate”? Is it means that the users used my bot to solve their PAT challenge in an interactive way (“check box”)? Or does it have another meaning? And, what is the difference between “Challenges Issued” and “Widgets Displayed”? I was trying to find the explanation on the documents of Turnstile, but I cannot find those explanations.

The Success Rate

Previously, I was using Friendly Captcha for CAPTCHA verification, and I can show you my Friendly Captcha statics:

https://sm.ms/image/dkeb3Th8JGPNpB4

As you can see, everyone who gets into the verification can pass Friendly Captcha. (I recognize that it is the normal situation, for my bot used the web app feature by Telegram, which still cannot be accessed by the bot.)

And here is the statics I swap to Turnstile in the past serial (> 12 and < 24) hours after the integration of Turnstile live on my bot:

https://sm.ms/image/msfXvMw2cbtHu9E

As you can see, there are over 60 users who cannot pass the Turnstile. However, I haven’t received the report from my user related to Turnstile. Is there any difference between the two analysis algorithms between Turnstile and Friendly Captcha? Like, the data from Friendly Captcha is logged from backend server verification, not the frontend requests.

PAT Supporting Situation

As we know, the Private Access Token, which is the fundamental technology of Turnstile, needs to be supported by device manufacturers like Apple or Google.

However, there are some problems related to it. In Mainland China, Google Play Services have been banned, and every manufacturer like Huawei or Xiaomi should support the PAT one by one. Or, can the Linux distribution DIY computer be supported by PAT?

If PAT cannot accept those devices for policy reasons or just DIY-ish, can Turnstile verify those devices? How? If Turnstile has no fallback verification, should I prepare a fallback option myself?

I think those are my questions to Turnstile for now. Thanks for your reading time, and waiting for your reply!

Hi @astrian, thanks for the detailed message!

PAT Supporting Situation

Turnstile supports PAT, but doesn’t rely exclusively on this to make decisions. Turnstile is compatible with desktop browsers, Android/iOS browsers, and more – regardless of PAT. You do not need to prepare a fallback option yourself.

What’s different between “Visitor Solve Rate” and “API Solve Rate”?

During a full “Turnstile” session, a visitor will see a widget on a page (issued / viewed), solve it (Visitor solve), and send the token to the website. The website will then validate this token against our API (API Solve).
A visitor may solve the challenge but never submit the form, in which case the API Solve wouldn’t happen.

I believe Friendly Captcha counts very differently, but I’m not a Friendly Captcha expert – “Puzzle requests” only counts when humans start interacting with the CAPTCHA, likely with an intent to solve it and submit the form. (With Turnstile, users may not intend to submit the form)

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.