This is unrelated, but can you please get rid of hCaptcha? It is an awful experience and it feels like there is a conflict of interest with including it vs captcha. You are now incentivized to push more users towards fraudulent vs non-fraudulent to make more money. I'm not saying that's what is happening, but it is a slippery slope.
I already dislike Captcha, but hCaptcha is somehow much worse.
No chance we go back to ReCAPTCHA. We’d been concerned with the privacy implications of using a Google service for years. Then Google changed their policy to switch ReCAPTCHA from being free to a paid service. They have every right to do that, but it would have imposed >$10M in costs just to support our free customer base, which was untenable. That was the kick in the butt we needed to finally get off Google’s service. We moved to hCAPTCHA as at least a stopgap. Ultimately, our goal is to eliminate any overt CAPTCHA entirely. However, I will say I’ve been very impressed with hCAPTCHA’s responsiveness and willingness to rapidly innovate based on feedback from users — something that, even at our scale, we had a hard time getting from Google.
Thanks for the quick response! I'm definitely interested in eliminating CAPTCHA entirely. I was really hopeful for the Javascript check y'all were doing, but it looks like there were too many ways around that.
In case it isn’t clear from our website, hCaptcha offers both bot prevention and traffic monetization options. Cloudflare does not use our service for traffic monetization, so neither company has an incentive to make it difficult for humans to pass the captcha.
Websites that use hCaptcha for monetization can adjust difficulty settings and the types of data labeling jobs their users will see. The value hCaptcha derives from human data labeling is provided broadly as a service to other companies, not just to provide training data for our own autonomous vehicle division. Since we are growing capacity like crazy and have a broad footprint of sites primarily interested in bot prevention and not traffic monetization, hCaptcha can offer the lowest cost data labeling to everyone. hCaptcha is also privacy-focused and doesn’t track you around the internet to show you advertisements. We support the privacy-pass extension and have an accessibility option which sends you to a cookie via email (because we can’t just cookie you when you log into our email service).
I wasn't aware they moved to hCaptcha. On one hand, I understand it to some degree, since it's a way to offset the losses caused by malicious actors who are using captcha farms, and they can dedicate those additional resources to better detection and blocking. But as you say, it gives them an awful incentive, and just feels slimy in general.
It also potentially provides an incentive to profit from the growing interest in privacy and anonymization among the general public. The more who people who start using Tor or certain VPNs to mask their activity (as opposed to those using them for malicious purposes - the number of such people may not be growing nearly as quickly), the more they profit.
This is unrelated, but can you please get rid of hCaptcha? It is an awful experience and it feels like there is a conflict of interest with including it vs captcha. You are now incentivized to push more users towards fraudulent vs non-fraudulent to make more money. I'm not saying that's what is happening, but it is a slippery slope.
I already dislike Captcha, but hCaptcha is somehow much worse.