Cloudflare drops Google’s reCAPTCHA due to privacy Problems

VIX9eN1 400x400
VIX9eN1 400x400

Cloudflare announced that it has moved from Google’s reCAPTCHA to hCaptcha, an independent alternative CAPTCHA provider focused on user privacy.

CAPTCHAs (short for Completely Automated Public Turing Test to Tell Computers and Humans Apart) are so-called “challenges” displayed by Cloudflare to a site’s visitors with the end goal of blocking malicious bot activity if the service detects unusual behavior not consistent with human traffic.

Generally, they are prompts asking visitors to enter the same squiggly letters displayed in a box or to various objects such as cars or traffic lights, to differentiate between legitimate and automated web traffic.

Among the things Cloudflare’s CEO Matthew Prince added to hCaptcha ‘pros’ column, he mentioned that the new CAPTCHA provider:

  • Doesn’t sell personal data
  • Has similar or better performance (both in speed and solve rates)
  • Provides a robust solution for visually impaired and other users with accessibility challenges
  • Supports Privacy Pass to reduce the frequency of CAPTCHAs
  • Works in regions where Google is blocked
  • Has a responsive support team

Privacy concerns, one of the reasons behind the switch

“We recently migrated the CAPTCHA provider we use from Google’s reCAPTCHA to a service provided by the independent hCaptcha,” Prince said.

“We’re excited about this change because it helps address a privacy concern inherent to relying on a Google service that we’ve had for some time and also gives us more flexibility to customize the CAPTCHAs we show.”

Prince said that customers have expressed concerns about using Google’s reCATPCHA service since Cloudflare adopted it as the company’s initial CAPTCHA service.

This happened because of Google’s main focus of targeting users with advertising, in direct opposition to Cloudflare’s privacy commitments.

“We also had issues in some regions, such as China, where Google’s services are intermittently blocked. China alone accounts for 25 percent of all Internet users,” he added.

“Given that some subset of those could not access Cloudflare’s customers if they triggered a CAPTCHA was always concerning to us.”

Cloudflare was considering moving away from reCAPTCHA due to these concerns but it wasn’t able to do it until now because of the company’s focus on adding new features and capabilities.

Pricing, another reason for the move

On top of the privacy issues that were piling up, Google also recently decided to start charging for its CAPTCHA service according to Price.

“Earlier this year, Google informed us that they were going to begin charging for reCAPTCHA,” Prince added. “That is entirely within their right. Cloudflare, given our volume, no doubt imposed significant costs on the reCAPTCHA service, even for Google.”

“In our case, that would have added millions of dollars in annual costs just to continue to use reCAPTCHA for our free users. That was finally enough of an impetus for us to look for a better alternative.”

This was a drastic change when compared to the previous CAPTCHA licensing deal Cloudflare had with Google where the latter used data collected from the former’s platform to train its visual identification systems.

“When we were looking for a CAPTCHA for Cloudflare, we chose reCAPTCHA because it was effective, could scale, and was offered for free — which was important since so many of Cloudflare’s customers use our free service,” Prince further explained.

According to Prince, Cloudflare will pay hCaptcha to make sure that they had enough resources for scaling their infrastructure for the incoming traffic.

As he also added, even with these additional costs invested in hCaptcha, “those costs were a fraction of what reCAPTCHA would have.”