Pixel Envy

Written by Nick Heer.

Cloudflare Announces Switch From Google’s reCAPTCHA to hCAPTCHA

Matthew Prince and Sergi Isasi of Cloudflare:

Earlier this year, Google informed us that they were going to begin charging for reCAPTCHA. That is entirely within their right. Cloudflare, given our volume, no doubt imposed significant costs on the reCAPTCHA service, even for Google.

Again, this is entirely rational for Google. If the value of the image classification training did not exceed those costs, it makes perfect sense for Google to ask for payment for the service they provide. In our case, that would have added millions of dollars in annual costs just to continue to use reCAPTCHA for our free users. That was finally enough of an impetus for us to look for a better alternative.

Lindsey O’Donnell, Threatpost:

Google initially provided reCAPTCHA for free in exchange for data from the service, which was used to train its visual identification systems. But according to Prince, earlier this year Google said they plan to start charging for reCAPTCHA use. According to The Register, Google said there’s no charge for reCAPTCHA unless customers exceed one million queries per month (or 1,000 API calls per second).

I had never heard of hCAPTCHA before seeing it across Cloudflare protected websites, but it is promising to see alternatives to Google-owned properties used at such a large scale. Cloudflare has a pretty good track record when it comes to privacy, too, so their vote for a specific alternative is a good endorsement.

In general, it is a good thing to see fewer elements of the web’s infrastructure being controlled by the same handful of companies. I am painfully aware of how limited that line of argument is when the company that runs hCAPTCHA is touting in its press release that Cloudflare controls 12% of the web’s traffic. But, still, at least all that traffic is not being protected by the web’s biggest advertising network, too.