hCaptcha Runs On 15% Of the Internet


In a blog post, hCaptcha announced that its bot detector is running on about 15% of the internet, adding they they “took most of this market share directly from Google reCAPTCHA.” From the post:

Competing with Google and other Big Tech companies seems like a tall order: their monopolistic market power, platform effects and army of highly paid developers are generally considered too powerful to tackle for anyone but other tech giants such as Facebook or Amazon. Our story shows that it doesn’t have to be that way – you can beat Big Tech by focussing on privacy. Consider Google reCAPTCHA, which consumes enormous amounts of behavioral data to determine whether web users are legitimate humans or bots. At hCaptcha, we have deliberately taken a very different approach, using privacy-preserving machine learning techniques to identify typical bot behaviors at high accuracy, all while consuming and storing as little data as possible.

Google is an ad company, and their security products look very much like their ad products: they track user behavior on every page of a website and across the web. We designed hCaptcha to be as privacy-friendly as possible from day one. This led to a completely different approach to the problem. As it turns out, tracking users across the web and tying their web history to their identity is completely unnecessary for achieving good security. The many companies that have switched over to hCaptcha often report equal or better performance in bot detection and mitigation despite our privacy focus.

A growing number of critics have pointed out that Google’s disregard for user privacy should concern customers looking to protect their websites and apps. At the same time, stopping bots from accessing publisher sites can reveal ad fraud, pitting Google’s reCAPTCHA product directly against their ad business, which produces over 80% of their revenue. Every bot Google detects should be earning zero ad dollars. Google’s company incentives are thus poorly aligned with the users of their security services, and this may be one explanation for the poor performance of their reCAPTCHA security offering.