Proton unveils "World first" censorship-resistant CAPTCHA

Robotic hand clicking on captcha 'I am not a robot'.
(Image credit: Getty Images)

The cybersecurity firm behind popular encrypted email and VPN service ProtonVPN has just unveiled its very own secure CAPTCHA service.

Proton CAPTCHA solves issues within existing systems that website providers use to discern between genuine login attempts and malicious bots. The tool claims to never compromise privacy, security, and accessibility, while describing itself as "the world's first" CAPTCHA with built-in censorship-resistant technologies.

Short for "Completely Automated Public Turing test to tell Computers and Humans Apart," there are many CAPTCHAs systems out there that websites utilize to protect users from bot and spam attacks. However, Proton wasn't satisfied with existing solutions as it felt they were not aligned with its company's values.


Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Save 250+ yearly hours on manual configuration. Deploy your entire organization within a single day. Learn why Perimeter 81 is TechRadar's choice for the best Business VPN. Ditch legacy hardware and make the move to the cloud. See how simple it is for yourself.

 Preferred partner (What does this mean?

Fixing CAPTCHA issues

"Captchas are an incredibly important tool to protect users against increasingly sophisticated attacks. However, most Captchas are not privacy first and can divulge users’ sensitive information to internet giants," Eamonn Maguire, Head of Account Security at Proton, told us.

He explained that in order to function, many CAPTCHAs retain a permanent record of users' phone or computer unique identifiers. This allows them to track their activities across the web, collecting more data that might be used to train the company or a third-party AI system. Chat-GPT and similar apps are also making common CAPTCHAs obsolete, seeing as the software can easily crack the puzzles.

For this reason, and to promote better usability, tech giants like Apple and Cloudflare are switching from the classic CAPTCHA puzzle to alternative mechanisms, such as device performance and telemetry data. Yet, for Proton, this was still just a patchwork solution.

"That’s why we developed Proton Captcha, a new system that can adeptly balance security with usability, accessibility, and privacy that can evolve in tandem with the shifting tactics of malicious actors," said Maguire.

Proton CAPTCHA screenshot

(Image credit: Proton)

Proton CAPTCHA takes a multi-layered defense approach, combining a computational proof of work with visual challenges to determine if the login attempt comes from a genuine human. At the time of writing, the latter includes a beam alignment challenge and an intuitive 2D puzzle. The system also offers accessible alternatives for users with visual impairments.

Proton proof of work also differs from other CAPTCHA offering something similar, as the system adapts the difficulty of the task if it records suspicious behaviors. In practical terms, even if a bot can bypass the initial proof of work, after struggling with the visual challenges, it will be met with increasingly complex computations.

Proton's privacy-first ecosystem

Proton's security suite keeps growing as new cyber threats arise. It now includes its VPN (ProtonVPN), ProtonMail, Proton Drive, Proton Calendar, and Proton Pass.

Proton CAPTCHA promises to take a privacy-first approach that’s fully GDPR compliant. 

It also claims to be the first system ever to support anti-censorship technologies, which can be activated directly from Proton's website and apps to grant users access to places like Russia and Iran where its services are often blocked.

On this point, Maguire told us: "By developing our own solution, we have built a CAPTCHA that navigates such issues when alternative routing is turned on whilst still working normally for those who don’t need anti-censorship tools."

This is the most recent tool within Proton's continuous commitment to users' online safety and internet freedom. The company assures more innovation will arise in this space as new CAPTCHA threats evolve. Third parties caring for users' privacy might also be able to use Proton's system via an API in the future—there are no plans in this direction just yet, though.

"However, we are assessing third party interest in the system," Maguire told TechRadar. "If we receive a large amount of interest and opening it up makes economic sense, then we would be open to making it available to third parties."

This isn't the first time the ProtonVPN and ProtonMail maker has gone the extra mile to protect its customers. Just a month ago, for example, it launched Proton Sentinel to offer increased protection to users at higher risk of cyberattacks.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com