CAPTCHAs Easy for Humans, Hard for Bots

Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA.

Proton, the company behind the end-to-end encrypted Proton Mail, has released PRoton CAPTCHA, a layered system to differentiate between humans and bots.
For the past decade-and-a-half, CAPTCHAs and reCAPTCHAs have served as resource gatekeepers to
deter bots from creating fake accounts
, spamming forms, and executing brute-force attacks to guess usernames and passwords. The idea is to set a task that must be completed before granting access — and to make it easy for a human to do but very difficult for a bot.
However, visual challenges with CAPTCHA, such as having to transcribe a set of distorted characters or selecting all images with traffic lights, have become vulnerable to advanced image-analysis tools and human-solver services, while remaining annoying to legitimate users. Organizations concerned about potential privacy issues may not be comfortable with reCAPTCHAs (the I am not a robot checkbox) because they rely on behavioral analysis and the server examining user history to winnow out suspicious users. Scammers are including
CAPTCHA-solving services
in their automated attacks, plus the increased use of large language models (LLMs) is also worrying: A
technical report on GPT-4s capabilities
revealed that the LLM was able to persuade a human TaskRabbit worker to complete a visual CAPTCHA puzzle.
Proton CAPTCHA
consists of three levels of discernment: computational proof-of-work tasks, visual challenges, and bot detection that the company says preserves user privacy. The system presents proof-of-work challenges for the users device to solve in the background, without bothering the user. Meanwhile, it also runs detection tests to look for botlike identifiers. Friendly Captcha and mCAPTCHA also perform those two steps. What Proton CAPTCHA adds is a visual puzzle to solve, akin to the original CAPTCHA. The combination of the three actions makes it more expensive for automated account creation and abuse, Proton says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CAPTCHAs Easy for Humans, Hard for Bots