Online privacy is important to us at hCaptcha, and we are always looking for ways to strengthen this fundamental human right.
Most of the Internet is monetized through ads, which become more valuable the more you know about the viewer. We offer a true alternative, letting publishers monetize traffic via the work their users do while proving their humanity.
This does not require storing eternal web browsing history for users, associating your online behavior with your identity and demographic details, or other practices the online ad vendors who also offer captcha services engage in every day.
Our goal is simply to ensure security for the publishers using our service while compensating them for the work done by their users.
That is why we are pleased to announce we now support the emerging Privacy Pass standard for secure and anonymous proofs of humanity, in partnership with Cloudflare.
“We have enjoyed working with hCaptcha on support and standardization for Privacy Pass. We appreciate their third party review of Privacy Pass security and ideas for extending the protocol.”
— Alex Davidson, Cryptography Engineer, Cloudflare
The Privacy Pass user installs a browser extension (Chrome or Firefox) that gives them a local cryptographic wallet. They then answer one or more hCaptcha challenges in order to earn blindly signed “passes” that may be anonymously redeemed when a website using hCaptcha challenges their humanity, without their browser needing to interact directly with the hCaptcha service.
This means a Privacy Pass user’s browsing history and IP remain private to them: unless the site sends that information to us, we will never see any data.
The blind signing procedure is designed to ensure passes redeemed can not be linked to those that are signed. This is done via a privacy-preserving cryptographic protocol based on Verifiable, Oblivious Pseudorandom Functions (VOPRFs) built from elliptic curves to enforce unlinkability.