Cloudflare offers many features for webmasters and site owners. One of the features acts like a firewall. It blocks known malicious traffic automatically, allows traffic by humans, and displays a captcha if traffic is encountered that could be malicious or legitimate.
Captcha, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, are displayed in the latter cases as a verification step. Ideally, captchas are designed so that humans can pass them easily while bots will fail to pass them.
Cloudflare has been using Google’s reCAPTCHA service (which Google acquired in 2009). Up until now, use of reCAPTCHA was free for the companies that implemented it. Google did get something in return as it used the service to train visual identification systems. The choice made sense from a business perspective as it was free, scaled thanks to Google’s vast network of servers, and was effective (according to Cloudflare).
Privacy concerns were raised even in the early days as Cloudflare customers were concerned that reCAPTCHA was operated by Google. Additionally, Cloudflare noticed that reCAPTCHA was having issues in some regions such as China as Google services are often (or always) blocked there.
Plans formed to switch to a different provider. Google announced in 2020 that it would start to charge for the use of reCaptcha. Cloudflare started to look at other captcha providers to find a suitable alternative as it would be too expensive to continue using Google’s solution.
Cloudflare picked hCaptcha and provides several reasons for that:
- The company does not sell personal data and collects only minimal data.
- Performance was “as good as or better than expected”.
- Includes solutions for visually impaired and “other users with accessibility challenges”.
- Supports Privacy Pass.
- The solution works in regions in which Google is blocked.
- The hCaptcha team “was nimble and responsive”.
The business model of hCaptcha is similar to that of Google. The company charges customers that need “image classification data” or tasks. The company pays publishers who install the solution on their sites.
Both companies agreed on a different business model because of Cloudflare’s scale. Cloudflare decided to pay hCaptcha and push most of the technical load on its own platform to make sure that the solution will scale well.
It remains to be seen how well the switch from using Google’s captcha solution to the new solution will go. Privacy conscious Internet users will probably like the decision because Google will no longer have anything to do with the display of captchas on sites that use Cloudflare.