Proton unveils “World first” censorship-resistant CAPTCHA

Proton builds its very own privacy-first CAPTCHA system

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The cybersecurity firm behind popularencrypted emailandVPN serviceProtonVPN has just unveiled its very own secure CAPTCHA service.

Proton CAPTCHA solves issues within existing systems that website providers use to discern between genuine login attempts and malicious bots. The tool claims to never compromise privacy, security, and accessibility, while describing itself as “the world’s first” CAPTCHA with built-in censorship-resistant technologies.

Short for “Completely Automated Public Turing test to tell Computers and Humans Apart,” there are many CAPTCHAs systems out there that websites utilize to protect users from bot and spam attacks. However, Proton wasn’t satisfied with existing solutions as it felt they were not aligned with its company’s values.

Reader Offer: $50 Amazon gift card with demoSave 250+ yearly hours on manual configuration. Deploy your entire organization within a single day. Learn why Perimeter 81 is TechRadar’s choice for the best Business VPN. Ditch legacy hardware and make the move to the cloud. See how simple it is for yourself.

Preferred partner (What does this mean?)

Fixing CAPTCHA issues

“Captchas are an incredibly important tool to protect users against increasingly sophisticated attacks. However, most Captchas are not privacy first and can divulge users’ sensitive information to internet giants,” Eamonn Maguire, Head of Account Security at Proton, told us.

He explained that in order to function, many CAPTCHAs retain a permanent record of users' phone or computer unique identifiers. This allows them to track their activities across the web, collecting more data that might be used totrain the companyor a third-partyAIsystem.Chat-GPTand similar apps are also making common CAPTCHAs obsolete, seeing as the software can easily crack the puzzles.

For this reason, and to promote better usability, tech giants likeAppleand Cloudflare are switching from the classic CAPTCHA puzzle to alternative mechanisms, such as device performance and telemetry data. Yet, for Proton, this was still just a patchwork solution.

“That’s why we developed Proton Captcha, a new system that can adeptly balance security with usability, accessibility, and privacy that can evolve in tandem with the shifting tactics of malicious actors,” said Maguire.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Proton CAPTCHA takes amulti-layered defense approach, combining a computational proof of work with visual challenges to determine if the login attempt comes from a genuine human. At the time of writing, the latter includes a beam alignment challenge and an intuitive 2D puzzle. The system also offersaccessible alternativesfor users with visual impairments.

Proton proof of work also differs from other CAPTCHA offering something similar, as the system adapts the difficulty of the task if it records suspicious behaviors. In practical terms, even if a bot can bypass the initial proof of work, after struggling with the visual challenges, it will be met with increasingly complex computations.

Proton’s security suite keeps growing as new cyber threats arise. It now includes itsVPN(ProtonVPN),ProtonMail,Proton Drive,Proton Calendar, andProton Pass.

Proton CAPTCHA promises to take a privacy-first approach that’s fullyGDPRcompliant.

It also claims to be the first system ever tosupport anti-censorship technologies, which can be activated directly from Proton’s website and apps to grant users access to places like Russia and Iran where its services are often blocked.

On this point, Maguire told us: “By developing our own solution, we have built a CAPTCHA that navigates such issues when alternative routing is turned on whilst still working normally for those who don’t need anti-censorship tools.”

This is the most recent tool within Proton’s continuous commitment to users' online safety and internet freedom. The company assures more innovation will arise in this space as new CAPTCHA threats evolve. Third parties caring for users' privacy might also be able to use Proton’s system via an API in the future—there are no plans in this direction just yet, though.

“However, we are assessing third party interest in the system,” Maguire told TechRadar. “If we receive a large amount of interest and opening it up makes economic sense, then we would be open to making it available to third parties.”

This isn’t the first time theProtonVPNandProtonMailmaker has gone the extra mile to protect its customers. Just a month ago, for example, it launchedProton Sentinelto offer increased protection to users at higher risk of cyberattacks.

We test and review VPN services in the context of legal recreational uses. For example:1.Accessing a service from another country (subject to the terms and conditions of that service).2.Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics