It is just the main problem is that recaptha can just not work AT ALL (reject to work) if your score is too low like with Tor.
Yes, and it’s quite unfortunate. We’re seeing a significant increase in legitimate, anonymized traffic from privacy-conscious users. Many of those people also prefer to avoid Google and clear their cookies regularly, making it difficult for a service like reCAPTCHA to establish trust based on anything other than IP address.
When reCAPTCHA works, it works great. When it doesn’t, it’s a royal PITA.
I specifically searched for this as I know what cloudflare is, and for example btdig and some other sites still have recaptcha, so I was very surprised about what the heck is this new captcha and maybe how to turn the old on. Then I just saw a show here… Could not stop myself.
According to a comment on Hacker News that appeared to be from a Cloudflare employee, Google decided to start charging Cloudflare for reCAPTCHA. They claimed that for free Cloudflare accounts alone, it’d cost Cloudflare $10M+/yr. They also claimed that Cloudflare pays hCaptcha, not the other way around. Here’s the exact quote:
FYI: hCAPTCHA don’t pay us. We pay them.
ReCAPTCHA decided to start charging for their service (which they have every right to do, but it was a surprise). Just to use ReCAPTCHA on our Free customers would have cost us $10M+/year, which was untenable. We’d been concerned about the privacy issues around using a Google service for some time, and this was the kick in the butt we needed to move off of them.
hCAPTCHA has been incredibly responsive so far to improving their service, something even at our scale we had a tough time getting from the ReCAPTCHA team.
Ultimately, we’re working toward entirely eliminating visual/audio CAPTCHAs. But, until then, we are enjoying working with the hCAPTCHA team.