I have been looking forward to the practical application of the Private Access Token and the human-robot distinction solution integrated with PAT, so I am excited that the Turnstile is finally rolling out. I already fully integrated Turnstile into my Telegram Bot, Telegram Watchdog (
https://github.com/tg-watchdog/tg-watchdog), and found some interesting situations that made me write this post.
I found that there are some indicators in Turnstile analysis, and those indicators make me puzzled.
What’s different between “Visitor Solve Rate” and “API Solve Rate”? Is it means that the users used my bot to solve their PAT challenge in an interactive way (“check box”)? Or does it have another meaning? And, what is the difference between “Challenges Issued” and “Widgets Displayed”? I was trying to find the explanation on the documents of Turnstile, but I cannot find those explanations.
Previously, I was using Friendly Captcha for CAPTCHA verification, and I can show you my Friendly Captcha statics:
As you can see, everyone who gets into the verification can pass Friendly Captcha. (I recognize that it is the normal situation, for my bot used the web app feature by Telegram, which still cannot be accessed by the bot.)
And here is the statics I swap to Turnstile in the past serial (> 12 and < 24) hours after the integration of Turnstile live on my bot:
As you can see, there are over 60 users who cannot pass the Turnstile. However, I haven’t received the report from my user related to Turnstile. Is there any difference between the two analysis algorithms between Turnstile and Friendly Captcha? Like, the data from Friendly Captcha is logged from backend server verification, not the frontend requests.
As we know, the Private Access Token, which is the fundamental technology of Turnstile, needs to be supported by device manufacturers like Apple or Google.
However, there are some problems related to it. In Mainland China, Google Play Services have been banned, and every manufacturer like Huawei or Xiaomi should support the PAT one by one. Or, can the Linux distribution DIY computer be supported by PAT?
If PAT cannot accept those devices for policy reasons or just DIY-ish, can Turnstile verify those devices? How? If Turnstile has no fallback verification, should I prepare a fallback option myself?
I think those are my questions to Turnstile for now. Thanks for your reading time, and waiting for your reply!