Google’s reCAPTCHA service, which tries to verify whether you’re a human or bot, is getting dropped from millions of websites due to cost and privacy concerns.
The decision comes from Cloudflare, a major internet infrastructure provider that serves 26 million websites. For years now, the company has been using reCAPTCHA to prevent automated bots and other malicious actors from abusing customer websites.
But on Wednesday, Cloudflare CEO Matthew Prince said the company was dumping the service partly because Google is now charging website owners to use it. “In our case, that would have added millions of dollars in annual costs just to continue to use reCAPTCHA for our free users,” Prince wrote in a blog post.
At the same time, Cloudflare’s own customers have been worried about the privacy implications of using reCAPTCHA. Google’s service is perhaps best known for asking you to pick out the correct objects in an image grid.
reCAPTCHA test asking you to pick out the right objects
However, reCAPTCHA also works by collecting data from your computer, which gives Google a view into user traffic. Over the years, the view has grown larger and larger as more websites have adopted reCAPTCHA to stop spammers.
“We chose reCAPTCHA because it was effective, could scale, and was offered for free — which was important since so many of Cloudflare’s customers use our free service,” Prince said. “(But) since those early days, some customers have expressed concerns about using a Google service to serve CAPTCHAs. Google’s business is targeting users with advertising. Cloudflare’s is not.”
To fill the void, the company has settled on an alternative, called hCaptcha. It too will ask you to pick out objects in an image grid to test whether you’re a human or a bot. However, you won’t have to worry about the data ending up in the hands of an advertising tech giant.
hCaptcha test example.
“They collect only minimum necessary personal data, they are transparent in describing the info they collect and how they use and/or disclose it, and they agreed to only use such data to provide the hCaptcha service to Cloudflare,” Prince said.
In fact, Cloudflare has decided to pay hCaptcha for the service. “While that has imposed some additional costs, those costs were a fraction of what reCAPTCHA would have. And, in exchange, we have a much more flexible CAPTCHA platform and a much more responsive team,” he added.
According to Cloudflare, hCaptcha should also perform as well as Google’s reCAPTCHA service, or even better. But not everyone agrees. Opinion in Cloudflare’s forum is mixed on the change.
“hCaptcha is really annoying,” wrote one user. “With Google captcha I’d almost never have to complete the select images challenge, and if I did, the challenge would be easier and faster to complete.”
But others support the change. “Companies like Google sell user data and hCaptcha is a great alternative. Privacy matters and Cloudflare as a privacy supporting company shouldn’t be using ReCaptcha anywhere,” wrote another user.
Google did not immediately respond to a request for comment. However, the company has previously said user behavior data collected from reCAPTCHA is only used for security purposes.