Encrypted email provider Proton has built its own CAPTCHA service

Image Credits: Oleksandr Hruts / Getty Images

Proton, the Swiss company that develops privacy-focused online services such as email, has developed its very own CAPTCHA service to help discern between genuine login attempts and bots — and it touts the new system as the world’s first CAPTCHA that is “censorship resistant.”

The company said it has already been testing its CAPTCHA system for several months, and has now transitioned to its home-grown solution entirely.

“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire, a former Facebook engineer who now heads up Proton’s machine learning team, wrote in a blog post. “Our primary goal was to provide a system that doesn’t compromise on privacy, usability and accessibility, or security.”

CAPTCHAs, a contrived acronym that stands for the decidedly less-punchy “completely automated public Turing test to tell computers and humans apart,” have long been used on the web to prevent bots from creating multiple accounts with a specific service, or illicitly trying to access someone else’s account through credential stuffing. This is usually presented to the user in the form of a visual or cognitive challenge, one that is relatively easy for a human to complete but difficult for a machine.

CAPTCHAs, while generally effective, come with trade-offs in terms of usability, accessibility, cultural biases, and annoyances that businesses would prefer not to impose on their users. This is why companies such as Apple and Cloudflare have sought ways to tell the difference between humans and bots automatically using alternative mechanisms, such as through device and telemetry data.

And then there is the elephant in the room that is data privacy, with some CAPTCHA services — notably Google’s ReCAPTCHA — collecting hardware and software data. And for a company such as Proton, which has built an entire business off the back of privacy-focused tools such as email, a VPNpassword manager, cloud storage, calendar, and password manager, it doesn’t make a whole heap of sense to compromise its reputation through relying on such third-party…