Back to Blog

hCaptcha Now Supports Privacy Pass

November 4, 2019

Online privacy is important to us at hCaptcha, and we are always looking for ways to strengthen this fundamental human right.
The Privacy Pass extension in action

Most of the Internet is monetized through ads, which become more valuable the more you know about the viewer. We offer a true alternative, letting publishers monetize traffic via the work their users do while proving their humanity.

This does not require storing eternal web browsing history for users, associating your online behavior with your identity and demographic details, or other practices the online ad vendors who also offer captcha services engage in every day.

Our goal is simply to ensure security for the publishers using our service while compensating them for the work done by their users.

That is why we are pleased to announce we now support the emerging Privacy Pass standard for secure and anonymous proofs of humanity, in partnership with Cloudflare.

“We have enjoyed working with hCaptcha on support and standardization for Privacy Pass. We appreciate their third party review of Privacy Pass security and ideas for extending the protocol.”

— Alex Davidson, Cryptography Engineer, Cloudflare

The Privacy Pass user installs a browser extension (Chrome or Firefox) that gives them a local cryptographic wallet. They then answer one or more hCaptcha challenges in order to earn blindly signed “passes” that may be anonymously redeemed when a website using hCaptcha challenges their humanity, without their browser needing to interact directly with the hCaptcha service.

This means a Privacy Pass user’s browsing history and IP remain private to them: unless the site sends that information to us, we will never see any data.

The blind signing procedure is designed to ensure passes redeemed can not be linked to those that are signed. This is done via a privacy-preserving cryptographic protocol based on Verifiable, Oblivious Pseudorandom Functions (VOPRFs) built from elliptic curves to enforce unlinkability.

We are working together with Cloudflare to help review and standardize Privacy Pass and its cryptographic components for IETF submission, improve the open source browser extension, and assist other browser makers with engineering support for their implementations.

You can see more details on our Privacy Pass web page.

If privacy is important to you, give it a try today and let us know what you think!

— the hCaptcha privacy team

Subscribe to our newsletter

Stay up to date on the latest trends in cyber security. No spam, promise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Back to blog