Private Captcha is an independent, privacy-first, self-hostable Proof-of-Work CAPTCHA service made in EU.
- provide powerful means to fight bots, including AI scrapers, and spam even as AI improves
- make web a slightly better place by replacing existing frustrating CAPTCHAs
- stay focused on privacy and GDPR compliance as well as on-prem deployment
- provide stable, backward-compatible and reliable API and integrations
- be sustainable financially to fulfill previous goals long enough
- adaptive challenge difficulty (including various configuration options)
- optimized backend (low resource requirements)
- lightweight, customizable widget (including "invisible" version)
- usage statistics (backend)
- privacy-focused, no behavior tracking or PII processing
Please refer to the official documentation.
To spin up a local version of Private Captcha for development, clone this repository and run in the root make run-docker (it requires to have Docker installed). You can check Makefile for details of what it does exactly.
OpenAPI spec is available.
├── cmd/ Main executable of the server and few helpers
├── docker/ Development-only docker files
├── docs/ Developer documentation snippets
├── Makefile
├── pkg/ Backend part of the project (API and Portal)
├── web/ Frontend part of the project (Portal)
└── widget/ Client-side widget code
- Go for backend (API and Portal)
- Javascript (inevitably) for client widget, including WASM workers (where possible)
- Postgres for "business" data (accounts, properties etc.)
- ClickHouse for "operational" data (difficulty scaling, statistics etc.)
- TailwindCSS for Portal (backend)
Self-hosting setup is in another repository and documentation - on main docs website.
Private Captcha is a private and open alternative to:
DISCLAIMER: just like other similar tables, this reflects an author's opinion more than "legal reality"
| Feature | Private Captcha | Friendly Captcha | Cap | Altcha | CloudFlare Turnstile | Google reCAPTCHA | hCAPTCHA |
|---|---|---|---|---|---|---|---|
| User-friendly | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| GDPR-compliant | ✅ | ✅ | ✅ | ✅ | 🟡 | 🟡* | 🟡* |
| Self-hostable | ✅ | 🟡* | ✅ | ✅ | ❌ | ❌ | ❌ |
| Difficulty scaling | ✅ | ✅ | 🟡 | ✅ | ✅ | 🟡 | 🟡 |
| High-throughput* | ✅ | ✅ | ❌ | ❌ | ✅ | 🟡 | 🟡 |
| Sustainable* | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |
NOTE: Friendly Captcha actually offers some kind of abandoned PHP implementation of static (no scaling) difficulty puzzles, but it's obviously unusable in real production
NOTE: "High-throughput" means low-latency backend (e.g. no Javascript on the backend, like in Cap and Altcha), profiled and optimized
NOTE: "Sustainable" means this project has means to survive (which, for example, in Google/CloudFlare case is "indefinitely" due to other kinds of revenue). Private Captcha, Altcha have a managed/SaaS offering that is fueling the development.
NOTE: reCAPTCHA and hCAPTCHA both self-declare to be GDPR-compliant, but since there was no court precedent to prove otherwise at the time of writing, they both collect excessive amounts of user tracking data.
This project is distributed under a PolyForm Noncommercial License (see LICENSE for more information). This allows you to self-host community edition of Private Captcha for non-commercial use. Commercial licenses available for enterprise edition - please contact us at [email protected]