Making challenges fun means understanding what people like.
Background: Why do we show challenges?
At hCaptcha, we have always recognized that reliable humanity verification means occasionally asking people to answer a question.
We work hard to reduce how often anyone needs to be challenged, but there is a huge difference between "a few" and zero questions when detecting spam, fraud, and abuse.
As long as people can answer simple questions that machines cannot, posing a question means increasing the cost to attackers of all kinds, and makes many attacks economically infeasible.
Over the years other methods have been tried, but ultimately the tradeoff is simple. If we want to preserve our privacy online, we need ways to verify a person is interacting with online services without trying to link that to anyone's real identity.
Proposed alternatives are rapidly broken, and always end up putting one or two companies (e.g. Google and Apple) in the gatekeeper's seat, making them responsible for knowing who you are and approving every website you log into or comment you post online.
That is not a world we want to live in.
Online services can trade away your privacy only once, and it will buy them nothing: bad actors have no difficulty circumventing naive approaches when there is any incentive to do so.
This is why we are so focused on privacy-first security, and why asking occasional questions is so useful.
OK, we need to show challenges. How can we make this pleasant?
We have spent many years refining our challenges, making sure people could quickly and reliably solve hCaptchas no matter their language, country, or culture.
And across all of those cultures and all of those countries, we have observed a consistent trend. One single factor that some might argue defines humanity itself.
What is this deep and meaningful answer to a question philosophers have asked since time immemorial?
👉 People love animals.
We have always focused on showing challenges that both meet security needs and take a small amount of time to solve.
However, we eventually decided our previous benchmark of being the best system of its kind (fastest, most reliable, most privacy-focused) was too narrow.
We thus adopted an explicit goal of making most people who see an hCaptcha challenge happier for having seen it, and have spent quite a bit of time working on and testing different ways to do this.
As part of this work, we have been shifting a majority of our challenges over to funny or whimsical questions, often involving animals in some way.
How did the internet respond?
Because hCaptcha is used by so many people, any change at all tends to attract attention. This one was no different.
As these challenges started rolling out more broadly, we kept a close eye on our support channels and social media.
The result? A nearly 10:1 positive response across all channels. A few example comments from social media are below:
People seem to like them!
This is also consistent across countries and cultures.
While any change to a service as widely used as ours will turn up some people who preferred the previous approach, we have seen an overwhelmingly positive response.
Of course, people also had strong opinions:
Does this kind of response mean that person got the challenge wrong? Almost certainly not, based on our user testing. The beauty of a humanity verification system like ours is that as long as people agree on the intent of the question, they almost always agree on the right answer.
This is true even when the objective fact is uncertain. Do dogs smile? Well, perhaps. The scientific community appears to have conflicting views on the topic.
However, we can confidently say that over 99% of people agree on what a smiling dog should look like.
We hope you enjoyed this brief look at how we try to make your day a little more pleasant, while ensuring the security of the online services you use each day.
Subscribe to our newsletter
Stay up to date on the latest trends in cyber security. No spam, promise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.