(no title)
eatbots | 4 years ago
Every popular online service today is being continuously attacked. Bad actors get a lot of economic value from credential stuffing, account takeovers, and fake registrations, especially on email services.
This is why CAPTCHAs exist. They are one of the better tools in the defender's arsenal to increase the cost of attacks.
Building and maintaining a good CAPTCHA service is both hard and requires a high level of continuous development, since every day people are waking up and trying to figure out how to break it.
This means almost every company that tried building their own in the past has switched to either hCaptcha or Google, since it is not practical for even large companies to maintain their own solution these days.
Why was ProtonMail originally using Google? Probably because for many years it was the only plausible option until hCaptcha came around, and they needed to protect their users.
We're working with them now to switch over to the enterprise version of hCaptcha, which:
1) includes privacy-preserving features that let them decide exactly what user data hCaptcha sees and when, and 2) guarantees what happens to any data received via a data processing agreement, and 3) isn't run by an ad network.
hCaptcha doesn't care who you are and ensures all data is ephemeral, since unlike Google we're not trying to sell ads targeting you.
(disclosure: work there)
10000truths|4 years ago
I’m under the impression that the bottleneck isn’t “high level of continuous development” so much as it is just having a large enough data set of Internet activity to conduct statistical analyses on. Cloudflare and Google are obviously in a good position for this, since a significant amount of Internet traffic goes through them. But I can’t create a startup to invent the next Captcha unless I magically discover a flash drive containing a giant corpus of HTTP requests made by billions of modern devices around the planet.