22 votes

Cloudflare moves from reCAPTCHA to hCaptcha

9 comments

  1. [4]
    Akir
    Link
    I'm glad that they are switching away from reCAPTCHA. Frankly, reCAPTCHA is garbage. It's fine if you are logged into a Google account, but if you are not (and doubly so if you are avoiding...

    I'm glad that they are switching away from reCAPTCHA. Frankly, reCAPTCHA is garbage. It's fine if you are logged into a Google account, but if you are not (and doubly so if you are avoiding Google's tracking), it's the single most annoying and frustrating pieces of software that you can't functionally opt-out of. I've had times when it kept me waiting forever because it kept showing me new images to click, all hidden behind the slowest fade-in and fade-out transitions I have ever seen. And most of the times I have had to go through six or more challenges just for them to decide I'm a human being.

    16 votes
    1. UniquelyGeneric
      Link Parent
      The worst is knowing that the same company you're trying to avoid being tracked online by, is now harvesting your frustration for its image training it will use to profit from your labors. To add...

      The worst is knowing that the same company you're trying to avoid being tracked online by, is now harvesting your frustration for its image training it will use to profit from your labors. To add more insult to injury, many times I've found that I have to dumb myself down and click what the ML thinks the answer is because it isn't sophisticated enough to contextualize smaller details or the edge of an object that spilled over into the next frame. All this just to prove I'm not a bot and bump up the price of the webpage's ads, filling someone else's pockets.

      It's almost Kafkaesque, and makes me feel like it's the machines that are controlling us, not the other way around.

      13 votes
    2. kfwyre
      Link Parent
      Ugh, yes. There have been so many times that I legitimately could not pass, and it would start me over again and again. I felt like I was being gaslit by my computer into questioning my...

      Ugh, yes. There have been so many times that I legitimately could not pass, and it would start me over again and again. I felt like I was being gaslit by my computer into questioning my personhood: maybe I'm not actually the human I thought I was?

      A workaround is to use the audio prompt instead of the images. For whatever reason, that one always works smoothly for me. I will say that the image one seems to have gotten better recently for me. I used to expect to fail almost every time, but now it only happens every so often.

      6 votes
    3. joplin
      Link Parent
      Here's what I don't get. This is supposed to help with some sort of machine learning on images or something. Does it? I swear that 90% of the time when I get one of these damn things, it's showing...

      Here's what I don't get. This is supposed to help with some sort of machine learning on images or something. Does it? I swear that 90% of the time when I get one of these damn things, it's showing me the exact same images. The traffic lights one, for example, comes up most often, and it's the same traffic lights. Or the one where it's store fronts and one of the images has Asian script in it. IS that a store? I don't know because I can't read any Asian scripts. But it comes up every time that set of images is shown.

      3 votes
  2. [4]
    bhrgunatha
    Link
    Not just being signed in, but using the wrong browser. Since Cloudflare is so widespread now I've been hit harder and harder over the last year or two (using Firefox). I think google is...

    Not just being signed in, but using the wrong browser.

    Since Cloudflare is so widespread now I've been hit harder and harder over the last year or two (using Firefox). I think google is deliberately targetting Firefox. I hope this reduces the burden for us.

    5 votes
    1. joplin
      Link Parent
      It's the same with Safari on macOS. That and private browsing, which I always do by default. You won't accept cookies? You must be up to no good. It's fucking ridiculous.

      It's the same with Safari on macOS. That and private browsing, which I always do by default. You won't accept cookies? You must be up to no good. It's fucking ridiculous.

      8 votes
    2. UniquelyGeneric
      Link Parent
      I use Firefox, on Linux, through a VPN, with many privacy/script blockers on. I recognize that my choices would increase some friction with using the Internet, but I must stick out like a sore...

      I use Firefox, on Linux, through a VPN, with many privacy/script blockers on. I recognize that my choices would increase some friction with using the Internet, but I must stick out like a sore thumb because the reCAPTCHA's cannot flag me enough.

      It's actually one of the main reasons I stopped using Google Search and switched to DDG, and I have not looked back.

      6 votes
    3. skybrian
      (edited )
      Link Parent
      I think it's more likely to be a side-effect of Firefox ramping up privacy controls. There is less signal, so the algorithm can't easily tell you're not a bot and has to start from scratch. You...

      I think it's more likely to be a side-effect of Firefox ramping up privacy controls. There is less signal, so the algorithm can't easily tell you're not a bot and has to start from scratch. You might take it as a sign that the privacy controls are working.

      It seems like there will need to be some trusted service that gathers information only to vouch that the user is still not a bot? Google can do it if they recognize your browser somehow, but that's not acceptable to many users.

      It's sort of like having a good credit rating. If nobody knows who you are, you don't have one.

      6 votes
  3. skybrian
    Link
    From the blog post: [...]

    From the blog post:

    Earlier this year, Google informed us that they were going to begin charging for reCAPTCHA. That is entirely within their right. Cloudflare, given our volume, no doubt imposed significant costs on the reCAPTCHA service, even for Google.

    Again, this is entirely rational for Google. If the value of the image classification training did not exceed those costs, it makes perfect sense for Google to ask for payment for the service they provide. In our case, that would have added millions of dollars in annual costs just to continue to use reCAPTCHA for our free users. That was finally enough of an impetus for us to look for a better alternative.

    We evaluated a number of CAPTCHA vendors as well as building a system ourselves. In the end, hCaptcha emerged as the best alternative to reCAPTCHA. We liked a number of things about the hCaptcha solutions: 1) they don't sell personal data; they collect only minimum necessary personal data, they are transparent in describing the info they collect and how they use and/or disclose it, and they agreed to only use such data to provide the hCaptcha service to Cloudflare; 2) performance (both in speed and solve rates) was as good as or better than expected during our A/B testing; 3) it has a robust solution for visually impaired and other users with accessibility challenges; 4) it supported Privacy Pass to reduce the frequency of CAPTCHAs; 5) it worked in regions where Google was blocked; and 6) the hCaptcha team was nimble and responsive in a way that was refreshing.

    [...]

    We worked with hCaptcha in two ways. First, we are in the process of leveraging our Workers platform to bear much of the technical load of the CAPTCHAs and, in doing so, reduce their costs. And, second, we proposed that rather than them paying us we pay them. This ensured they had the resources to scale their service to meet our needs. While that has imposed some additional costs, those costs were a fraction of what reCAPTCHA would have. And, in exchange, we have a much more flexible CAPTCHA platform and a much more responsive team.

    4 votes