“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire
Based.
This is the best summary I could come up with:
“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire, a former Facebook engineer who now heads up Proton’s machine learning team, wrote in a blog post.
This is usually presented to the user in the form of a visual or cognitive challenge, one that is relatively easy for a human to complete but difficult for a machine.
CAPTCHAs, while generally effective, come with trade-offs in terms of usability, accessibility, cultural biases, and annoyances that businesses would prefer not to impose on their users.
This is why companies such as Apple and Cloudflare have sought ways to tell the difference between humans and bots automatically using alternative mechanisms, such as through device and telemetry data.
And while there are other alternative CAPTCHA services out there, given Proton’s core raison d’être, it clearly does make sense to develop its own — as resource-intensive as that may be.
“In this manner, a botnet that can bypass the initial proof of work but struggles with the visual challenges will be met with increasingly complex computations.
The original article contains 642 words, the summary contains 179 words. Saved 72%. I’m a bot and I’m open source!
Seems pretty cool. The visual challenges look less annoying than the “select all squares with a…” type that Google usually use. Also uses proof-of-work which is also useful when dealing with large bot nets
Finally.
I already have a very good privacy-respecting email provider (Runbox). But if I was on the market for one, this post instantly disqualifies Proton for me.
Captchas need to die a fiery death, and the motherfuckers who foist it on me can go fuck themselves with a wire brush, regardless of whether the captchas are from Google, hCaptcha or anybody else. I’m not paying for that garbage.
is there any way to weed out the bots? or do you not think it necessary?
(Not suggesting this over captcha)
- Ask questions for a personalized answer like you get on Lemmy sign ups. A human will have to verify each request, or… you can put an AI bot to judge whether your response is botlike or human.
- Require you to sign in and verify yourself with a valid identity
- Require you to sign in and pay to use whatever
All options I can think of without captcha are either unscalable or require you to give up privacy.
My email provider, Runbox, doesn’t seem to think fucking captchas are necessary. There isn’t a single one in sight anywhere on their pages and services. How come?
Capchas are often hidden, only bothering the user when they’re not suspected to be a human. Popularity might also play a role. I’ve personally never heard of Runbox, maybe they’re not big enough to attract bots? Also possible that they’re a paid email provider?