Back to Blog
Announcements

hCaptcha Now Supports Privacy Pass

November 4, 2019

Share
Online privacy is important to us at hCaptcha, and we are always looking for ways to strengthen this fundamental human right.
The Privacy Pass extension in action

Most of the Internet is monetized through ads, which become more valuable the more you know about the viewer. We offer a true alternative, letting publishers monetize traffic via the work their users do while proving their humanity.

This does not require storing eternal web browsing history for users, associating your online behavior with your identity and demographic details, or other practices the online ad vendors who also offer captcha services engage in every day.

Our goal is simply to ensure security for the publishers using our service while compensating them for the work done by their users.

That is why we are pleased to announce we now support the emerging Privacy Pass standard for secure and anonymous proofs of humanity, in partnership with Cloudflare.

“We have enjoyed working with hCaptcha on support and standardization for Privacy Pass. We appreciate their third party review of Privacy Pass security and ideas for extending the protocol.”

— Alex Davidson, Cryptography Engineer, Cloudflare

The Privacy Pass user installs a browser extension (Chrome or Firefox) that gives them a local cryptographic wallet. They then answer one or more hCaptcha challenges in order to earn blindly signed “passes” that may be anonymously redeemed when a website using hCaptcha challenges their humanity, without their browser needing to interact directly with the hCaptcha service.

This means a Privacy Pass user’s browsing history and IP remain private to them: unless the site sends that information to us, we will never see any data.

The blind signing procedure is designed to ensure passes redeemed can not be linked to those that are signed. This is done via a privacy-preserving cryptographic protocol based on Verifiable, Oblivious Pseudorandom Functions (VOPRFs) built from elliptic curves to enforce unlinkability.

We are working together with Cloudflare to help review and standardize Privacy Pass and its cryptographic components for IETF submission, improve the open source browser extension, and assist other browser makers with engineering support for their implementations.

You can see more details on our Privacy Pass web page.

If privacy is important to you, give it a try today and let us know what you think!

— the hCaptcha privacy team


Subscribe to our newsletter

Stay up to date on the latest trends in cyber security. No spam, promise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Back to blog

Attack Prevention

Passkeys Offer Both Benefits and New Attack Surfaces

Be careful when implementing passkeys. They can offer a more secure alternative to passwords when implemented correctly, but provide many ways for implementers to shoot themselves in the foot.

March 12, 2024

Announcements

As Google raises prices on reCAPTCHA, hCaptcha remains the ROI leader

Google has raised reCAPTCHA prices yet again, nearly eliminating its free tier. hCaptcha delivers higher performance and better ROI with unchanged tiers.

January 30, 2024

Research

Report: Cybercrime Groups choose Black Friday and Cyber Monday to Debut New Attacks

November brings discounts from popular retailers, and for many merchants the 24th to 27th is a substantial percentage of their annual sales. Here are some of the attack trends we saw in 2023.

November 30, 2023