Bit of a kerfuffle on the Cloudflare Community forum lately, over Cloudflare’s switch from Google’s reCAPTCHA to Intuition Machines’ hCaptcha.
Usually the user simply has to check the box and wait a bit while their humanness is (somewhat ironically) cyber-verified. Occasionally though, suspect users are served with a visual captcha to solve.
Most of the detractors opine that hCaptcha is slower and more difficult to solve. Some even throw in compelling arguments like “My girlfriend thinks so too”.
Others defend the switch, some claiming that Intuition Machines is more socially responsible, collecting and selling less user data.
Cloudflare explains that “Google informed us that they were going to begin charging for reCAPTCHA.” OK, so it is a business decision. Google is absolutely within their right to charge for a service they provide, and Cloudflare is absolutely within their right to decline and use an alternative service. It all makes perfect sense and is all that needs to be said.
But Cloudflare couches economics as a secondary argument, propagandizing the switch as a moral imperative:
… some customers have expressed concerns about using a Google service to serve CAPTCHAs. Google’s business is targeting users with advertising. Cloudflare’s is not. We have strict privacy commitments. … our customers were concerned about feeding more data to Google.
So, after many years of feeding data to Google, the good people at Cloudflare experienced a moral epiphany at exactly the same time it made business sense to switch to a different service. Sorry, not buying it. This is a big steamy load of sanctimonious Silicon Valley elitist pandering.
Back to the kerfuffle …
I did a bit of informal testing. For me, hCaptcha performance seems a bit uneven, and on average a bit slower than reCAPTCHA. And hCaptcha generally required me to solve two captchas vs. one with reCAPTCHA. So, the performance and difficulty arguments seem to be valid. My dog thinks so too.
But – to me it’s not a big deal. Very few of my users will ever see a captcha. And some of those served a captcha will be naughty bots. Serving two captchas rather than one, while inconvenient for innocent humans, seems like a prudent second chance at thwarting human-like bots.
The social responsibility argument – hCaptcha/Intuition Machines collects and sells less user data than reCAPTCHA/Google – is a bit like praising John Dillinger for robbing fewer banks (24) than Pretty Boy Floyd (30).
So, for me it comes down to this tie-breaker: I like Google’s text, “I am not a robot”, better that hCaptcha’s “I am human”.
I have a major complaint about Cloudflare’s captcha implementation, regardless of whether it uses reCAPTCHA or hCaptcha or any other captcha. It is effing scary, causing unsuspecting users to run screaming from their keyboards and cower under their beds.
Cloudflare’s captcha page includes a *big* orange triangle with a giant bang symbol, along with text strongly – and incorrectly – implying that my PC is infected with malware.
For this reason I never use Cloudflare’s captcha. Instead I use Cloudflare’s comparatively user-friendly JavaScript challenge, or in some cases an outright block. When I need a captcha I use Google reCAPTCHA directly, not Cloudflare’s implementation.
