[miohtama]

If you read the article you realise you need a valid, unique, device

> In June, we announced an effort with Apple to use Private Access Tokens. Visitors using operating systems that support these tokens, including the upcoming versions of macOS or iOS, can now prove they’re human without completing a CAPTCHA or giving up personal data.

> By collaborating with third parties like device manufacturers, who already have the data that would help us validate a device, we are able to abstract portions of the validation process, and confirm data without actually collecting, touching, or storing that data ourselves. Rather than interrogating a device directly, we ask the device vendor to do it for us.

The trick is that bot farms do not have access to correctly provisioned mobile phones (for now). Thus anyone with a valid mobile device gets a pass.