Last updated: October 13, 2023

Summary

Privacy Pass is an emerging standard for preserving user privacy that we are developing in conjunction with Apple, Cloudflare and others.

Browser integrations provide users with the ability to create and sign cryptographically blind tokens for websites that support the Privacy Pass protocol. The blinding procedure means that signed and redeemed tokens are cryptographically unlinkable from hCaptcha's perspective, and thus user privacy is preserved.

Current Status

We started our collaboration on Privacy Pass many years ago, and were the first humanity verification service to support it in production. This experience has helped shape our work in standardizing the protocol through the IETF, and our conversations with other implementers like Apple.

With Privacy Pass well on its way to standardization and variants like Private Access Tokens now natively supported by both hCaptcha and browsers like Safari on many devices, we are focused on working with browser makers to ensure hCaptcha is natively supported in each browser's Privacy Pass implementation.

This means we have ended support for our stand-alone beta browser extension as of November 1, 2023, though it may be revived in a new form and republished in the future for our next set of experiments in privacy-preserving technologies.

Thank you to all the participants in our beta program!

Your feedback has helped us refine privacy-preserving technologies that are now widely used every day across the web.

Developers and cryptographers:

If you would like to track the standardization effort, efforts are currently underway at IETF CFRG to standardize the Oblivious Pseudorandom Functions underlying the cryptographic security of Privacy Pass. The protocol itself is going through the draft process as well.

FAQ


Q: What other applications of Privacy Pass are you working on?
A: We are very interested in Privacy Pass for the Accessibility ("a11y") use case. Previously popular options like audio captchas discriminate against many a11y users. We believe combining our current a11y approach with Privacy Pass issuance will allow a11y users to browse safely, secure in the knowledge that their traffic is more private, while restricting the abuse by bot operators that inevitably occurs when a11y options are available.

Q: Do other online security services support Privacy Pass?
A: hCaptcha is the first service of its kind that supports Privacy Pass. However, we expect other services to recognize the advantages of increasing user privacy online, and expect that in the future more will undertake implementations as the IETF standards that we are helping to develop are formally adopted.