Proton CAPTCHA has already been served to millions of users over the past months, with 100% of sign-up and login CAPTCHAs now using our in-house solution.
However, this is only the start of the journey. Our goal is to provide a CAPTCHA that is accessible, usable, privacy-preserving, and secure against even the most advanced threats. As such, you can expect to see more innovation in this space, with the goal being to reduce the burden of CAPTCHA for real users while making it hard for attackers to abuse our services.
We look forward to hearing your feedback and suggestions! In the future, we may also consider making it available for third-parties who care about privacy via an API
I’m a glad Proton is making Privacy respecting Captcha not only for sign-in Proton but also for 3rd party’s
I guess the only reason to fear using Proton CAPTCHA as a dev is if you want an audience from Russia or other regions that block Proton software and don’t want to risk the CAPTCHA blocking everyone from that region as a result.
You could still use e.g. hCaptcha as a fallback. You can implement a simple check in your application to check whether Proton is reachable by the client and if not, just use a different service.
I haven’t really seen a compelling reason to not use Cloudflare Turnstile as a web developer yet. It’s a shame none of these solutions are open-source and self-hostable, including apparently Proton’s solution. A drop-in reCaptcha replacement you can run on your own and is actually good would be huge. I don’t know enough about how these work exactly, maybe they all rely on security through obscurity to actually be effective and that’s why there aren’t any good FOSS solutions.