Disclaimer: I've been an engineer at hCaptcha for a few years now building out the service. I'm just as interested in you as hearing about customer and user success/pain stories!
> Worth noting that this title is primarily due to Cloudflare having switched to them from ReCAPTCHA, and Cloudflare is... well, relatively popular, to say the least.
That's definitely a part of it, but we also have a number of other large sites and services that use hCaptcha to protect against bots, and more that get added every day because of our more advanced bot detection special sauce.
> I'm curious what kind of data may exist on the experience of switching for larger providers; do the users like it? how much more/less time do they spend solving? do they care, let alone even notice that it's not Google's ReCAPTCHA?
From what we've seen, the integration process is generally smooth, especially if you're a previous reCAPTCHA user, since we keep the interface and workflow largely the same.
Solving is roughly the same although we have a number of other protections that irritate bot maintainers and get activated when we detect them.
Not sure if the majority of people are aware of the change, I'm sure some technically savvy people pick up on it more than not.
> Regardless, as ReCAPTCHA is not only terribly annoying but also built for surveillance from the ground up, I still view this as a good improvement.
That's actually one the top reasons we've had a lot of customers come over to us; we put a heavy emphasis on user privacy / security, including adopting/supporting privacy-preserving protocols (PrivacyPass, Tor), and minimal retention of data (see our data privacy policy on our site).
Your CAPTCHA accessibility leaves much to be desired. You require screen reader users to register an account to create a magic cookie that itself requires Safari users to disable security protections in their browser in order to use -- and then it doesn't actually work.
Please do better. You're blocking off a non-trivial amount of the Internet to blind users. You will eventually be sued for this.
We actually spend quite a lot of time on this, and regularly work with blind users to test and improve these flows.
Most vision-impaired users have no issue in our testing, and it is a much more accessible option than audio challenges, which discriminate against those with auditory processing impairments.
> If you are using the very latest version of Safari on either the recently released OS X 10.15 or iOS 13.4, Apple has just changed the behavior of Safari related to third-party cookies, blocking all of them by default. We are implementing a solution, but in the meantime please visit Safari Preferences, Privacy section, and uncheck "Website tracking: Prevent cross-site tracking" to enable the accessibility cookie to function as expected. [0]
So while you're patting yourself on the back for not "being like Google", your accessibility workaround exposes blind users to third party trackers like Google.
Using any kind of privacy/adblock extension that supports domain-level whitelisting (e.g. uBlock Origin) works fine, and this is what we suggest in the accessibility FAQ. Apple didn't build fine-grained controls into their browser before making this recent change, unfortunately.
That said, we're working with the browser makers on native support for our next gen privacy-preserving approach to this via Privacy Pass.
I usually just bounce when I see a captcha (if I get one, I usually get a string of them, so I don’t bother).
However, I checked secondary markets where you can pay a human to solve a captcha.
It takes a professional captcha solver 70 seconds to solve an hCaptcha but only 15-20 seconds to solve a reCaptcha. Is that typical? That seems horrible.
The market rate for a captcha solution is 1-3 cents, which is clearly worth it, until you think of the ethics of paying someone slave wages so you can browse the internet slowly, but at least without breaking concentration.
Have you considered a more ethical approach, like micropayments that go to charity or something?
Love the response, happy to see that it's going well then! After reading a lot of feedback I got from 'You (probably) don’t need ReCAPTCHA' (https://nearcyan.com/you-probably-dont-need-recaptcha/), it started to seem pretty obvious to me that there was an open market space for some better competitors, so I'm glad hCaptcha got around to being adopted with such success sooner rather than later. Hopefully the challenges of the future go just as smoothly as things are going in the present.
> Worth noting that this title is primarily due to Cloudflare having switched to them from ReCAPTCHA, and Cloudflare is... well, relatively popular, to say the least.
That's definitely a part of it, but we also have a number of other large sites and services that use hCaptcha to protect against bots, and more that get added every day because of our more advanced bot detection special sauce.
> I'm curious what kind of data may exist on the experience of switching for larger providers; do the users like it? how much more/less time do they spend solving? do they care, let alone even notice that it's not Google's ReCAPTCHA?
From what we've seen, the integration process is generally smooth, especially if you're a previous reCAPTCHA user, since we keep the interface and workflow largely the same.
Solving is roughly the same although we have a number of other protections that irritate bot maintainers and get activated when we detect them.
Not sure if the majority of people are aware of the change, I'm sure some technically savvy people pick up on it more than not.
> Regardless, as ReCAPTCHA is not only terribly annoying but also built for surveillance from the ground up, I still view this as a good improvement.
That's actually one the top reasons we've had a lot of customers come over to us; we put a heavy emphasis on user privacy / security, including adopting/supporting privacy-preserving protocols (PrivacyPass, Tor), and minimal retention of data (see our data privacy policy on our site).