STOP USING hCAPTCHA

A big percentage of sites where I am seeing hcaptcha, were setup by myself. I’m a systems engineer and I set cloudflare on dozens of clients a week, The security settings are medium, WAF is enabled for some countries, show captcha chanllenge once a day.

I can whitelist my IP, but that is only valid for the sites I have access to.

The issue to me, is frequency.
I can solve hcaptchas successfully in one site, switch to another, same account, same settings, and bam. Captcha.

Solving captchas one, on any cloudflare site should be enough to know that I am human for at least a few hours or a day, on any other cloudflare site.

I don’t care what Google does with my data because I only provide what I want to provide, and even then, I am more than happy when they suggest me stuff that I wouldn’t find otherwise, such as news according to my interests.

As for recaptcha, I am also happy supporting google, or whoever would use it for machine learning. Better technology, regardless of who owns it, benefits everyone in the future.

And no, I am not going to install privacy pass just for this. Maybe if cloudflare creates an extension with some other features, I would consider, but not going to clutter my browser with more extensions, just because of hcaptchas.

Hi, hCaptcha in fact supports many different levels of difficulty, from “no-captcha” reputation-based behavior to quite difficult “always on” challenges.

You can see some of the details here: https://medium.com/@hCaptcha/how-hcaptcha-difficulty-settings-work-13d84279d378

We want people to have a low frustration experience, so we work with all of our customers to optimize this over time.

1 Like

I implemented hCaptcha in my website and it is much quicker and fluent of an experience for my users. I absolutely think hCaptcha is comparable to reCAPTCHA.

Can you give Privacy Pass a try? It addresses that cross-site annoyance while preserving your privacy.

Registered just to upvote this thread. hCaptcha is very annoying, not only that it is showing much more than reCaptcha used to, but it’s images are also bad quality. There are some images that you don’t even know if that is a dog or a motorcycle. The images seems like they were taken from random facebook users which uses a nokia from 2008 to take photos. At least google had good quality photos taken by them and I actually could understand what is in the photo.

1 Like

I never liked recaptcha, but the fact is that hCAPTCHA is even worse!
First, it always ask to solve 2 different set of picture, so what ? Are bot intelligent to solve one, but not two ? So i’m annoyed ?

Second, there is multiple site i use (who moved to hCAPTCHA because of cloudflare) where i keep the page open and refresh something like every 15/20 minutes, and guess what ? I get the hCAPTCHA request again!

Third, the picture are not clear, so, sometimes, you just have to do more than two solves! (yes, don’t forget the 2 one you forced to do!!!)

Four, it’s slow compared to recaptcha

I always thinked : what can i hate more than recaptcha request when browsing ? i thought nothing can make me more annoying, i was wrong, someone made it !!! Congrats !!

I don’t see any problem with trying to build a product to replace a clandestine privacy snoop. But I think I can sum up the issues expressed by people in this thread, that also I feel agreeable to.

  1. Visually the sentiment is that the image container for each image is hard to distinguish autonomously by a person. Attempting to resize the images while adding grey borders in each box leads to a non-instantaneous mental transaction of where the image starts, and where it ends. Example:

Top left image, bottom grey border of that tile. Followed by white from the background, then resuming into grey and then the image. I’m not qualified beyond my own experience to say, but personally I found that to be non-instantaneous compared to google’s solution. My advice would be to eliminate as much color transitions as possible to make mentally distinguishing the boundaries of each image as fast as possible.

  1. This may be your own design choice and I respect that, but I feel the extra images describing what ‘a car’ looks like is unnecessary visual clutter than causes a slowdown in task recognition (coming off the back of recaptcha I do confess.)

  2. Achieving point 1 may require changing aspect ratios of the sample images, which may be impossible, but must be looked at to achieve removing that border. The colors cause visual clutter.

  3. Communicate information with the least amount of visual aids needed. For example, google have expressed this by making the subject matter bold. An example for the above use case would be:

Please click each image containing a car

  1. The image load time is not terrible considering how fast you needed to scale, but you must look into ways of reducing every single possible millisecond. Image load times where as high as 800ms. Inspecting this in chrome’s developer tools indicated that cloudflare’s cache was missing the image in question.

Specifics:
etag:“98b4c0e129e9c3398c6371f7617cb477”
cf-ray:583dddc2bf44a717-DUB
cf-cache-status: MISS

Waiting (TTFB): 846.12ms
Image: https://imgs.hcaptcha.com/eJkC4PTMzd+wjDOgeFjw9gOeIeT3PkGhhHl0B3zG2JE2e2QjtMFe7QkXJkbfpHvEiQ6x6ftAKAqB485nIbBrNJ6GpLc8c/Qn0eyfbCXrcotDJLAbGprC6Ylfdcl807BI1t/RVpHtSkiePyTED2N0NqXueZPmaA==kHZ7e/Z/WTGxfZrz

My Specifics:
Connection to the DUB datacenter: <9ms, Bandwidth: 1gbp/s fiber optic.

However, images that where cached loaded in <40ms. So the issue primarily is that the images you are supplying are not being correctly cached by cloudflare.

That is my issues so far, good job starting out on the project as I have had to live with the mental burden of what google uses its recaptcha data for.

1 Like

First of all, thank you for this thoughtful and comprehensive comment.

Taking this in reverse order:

5. Regarding cache miss images being (occasionally) slow for users on some continents, we have been working on this, and just made some changes that should resolve this in the next few hours.

4. We are in fact considering something along those lines. I should note that when we ran experiments on this before, we also got some feedback saying the opposite :slight_smile:

1-3. There are a few different goals to balance here in terms of potentially hiding useful cues at the edge of the image (if zooming/cropping) vs aesthetics vs cognitive load. Definitely something we’re still experimenting with to improve the experience.

4 Likes

For me hcapatha is better than reCapatha
But we need non-js capatha

2 Likes

You’ve made some interesting and good points. However, regarding replacing Visual Cues/aids of cars with the written word “car” may make hCaptcha less accessible to persons with various disabilities - having to read “car” as opposed to seeing actual visual examples places a difficult to break boundary for those with visual disabilities that prohibit reading and for persons with cognitive disabilities that interfere with reading.

1 Like

That’s very true, and it’s something to take into consideration. Maybe the real issue I was having was the cognitive load of having three images instead of say, one? Hence I felt having the subject matter in bold to be something to relieve that, instead of itself being the solution.

My real issue has been the actual presentation of the images themselves, but I’m sure the people at hcaptcha will come up with something great at the end of this!

1 Like

I don’t know what you mean, hcaptcha looks perfect for me, except the fact that it asks for images that doesn’t exist, please cloudflare, make a paid option where the user can pay for Google Recaptcha instead of using this bullshit…

The image in the center is the cockpit of a motorcycle, really hard to see, though :confused: agreed.

That’s 100% right. We don’t want those monopoly companies everywhere.
We want privacy for us and for all our clients! We don’t want to force any client to send personal data to Google, Facebook, Microsoft and co.

hcaptcha has been a pain in my ■■■ for many sites i visit. most people only like it because its not google. i have a message for those people, do you know why googles on top? because they were better than the other companies and hating recaptcha because it made by google makes no sense, and no the little recaptcha box does not collect your browsing history. The only people who like hcaptcha are the type of people that use a vpn in their own homes, it makes no sense. if the site you are connecting too has s valid ssl certificate that your browser trusts then all your data will be encrypted. cloudflare switched to hcaptcha because they wanted to make extra money. and why do people care if they are helping a bot learn things, the bot is google’s recaptcha learning who is and who isn’t human because with programs becoming more advanced, the bot behind google recaptcha needs to learn more. the data that google take from you is perfectly legal and not too private and i am fine if you use firefox or microsoft edge, just don’t be a complete moron that thinks that google is bad because they are google. if hcaptcha took the same information or even more 50% of people who hate google would still say that they want hcaptcha because its not google. and google allowing signed in users to pass recaptcha fast does not mean they want you to have a google account. the company can program that in for google users because they manage their users. they can do the same with a microsoft account because they don’t manage that data. for 50% of the people here supporting hcaptcha please do some research before saying that hcaptcha is better

Hcaptcha service does not work in Iran and people are faced with this error:
image
But using VPN, this service works.

Sorry for my bad english.

1 Like

Hi there,

Would you mind sending your IP to [email protected] and following the instructions in https://www.hcaptcha.com/reporting-bugs to make a network recording?

We just tried this from a few proxies in Iran and saw no issues, so it could be an issue with a single ISP, or something local to you.

3 Likes

Agreed. I tried about ten times but still failed the images.

This :poop: is not even IPv6!!! What??? Why???

1 Like

That hCaptcha is a horrible s h i t, it’s useless and not user friendly.
Please add option to: i can use my own reCaptcha code. I can pay for that, becouse recaptcha is WORKING and userfriendly.