diff --git a/docs/guide/alternatives.md b/docs/guide/alternatives.md index 74683d1..58f3592 100644 --- a/docs/guide/alternatives.md +++ b/docs/guide/alternatives.md @@ -1,20 +1,20 @@ # Alternatives to Cap -| CAPTCHA | Open-source | Free | Private | Fast to solve | Easy for humans | Small error rate | Checkpoints | Widget support | GDPR/CCPA Compliant | Customizable | Hard for bots | Easy to integrate | -| :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | -| **Cap** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🟨 | ✅ | -| Cloudflare Turnstile | ❌ | ✅ | 🟨 | 🟨 | ✅ | ❌ | 🟨 | ✅ | ✅ | ❌ | 🟨 | ✅ | -| reCAPTCHA | ❌ | 🟨 | ❌ | ✅ | ❌ | 🟨 | ❌ | ✅ | 🟨 | ❌ | ❌ | ✅ | -| hCAPTCHA | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | ✅ | 🟨 | ❌ | 🟨 | ✅ | -| Altcha | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | 🟨 | 🟨 | -| FriendlyCaptcha | ❌ | ❌ | ✅ | 🟨 | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | 🟨 | 🟨 | -| MTCaptcha | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | ✅ | ✅ | ❌ | ❌ | 🟨 | -| GeeTest | ❌ | ❌ | ❌ | 🟨 | 🟨 | 🟨 | ❌ | ✅ | ✅ | ❌ | 🟨 | 🟨 | -| Arkose Labs | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | 🟨 | ❌ | ❌ | +| CAPTCHA | Open-source | Free | Private | Fast to solve | Easy for humans | Small error rate | Checkpoints | Widget support | GDPR/CCPA Compliant | Customizable | Hard for bots | Easy to integrate | +| :------------------- | :---------- | :--- | :------ | :------------ | :-------------- | :--------------- | :---------- | :------------- | :------------------ | :----------- | :------------ | :---------------- | +| **Cap** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Cloudflare Turnstile | ❌ | ✅ | 🟨 | 🟨 | ✅ | ❌ | 🟨 | ✅ | ✅ | ❌ | 🟨 | ✅ | +| reCAPTCHA | ❌ | 🟨 | ❌ | ✅ | ❌ | 🟨 | ❌ | ✅ | 🟨 | ❌ | ❌ | ✅ | +| hCAPTCHA | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | ✅ | 🟨 | ❌ | 🟨 | ✅ | +| Altcha | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | 🟨 | 🟨 | +| FriendlyCaptcha | ❌ | ❌ | ✅ | 🟨 | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | 🟨 | 🟨 | +| MTCaptcha | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | ✅ | ✅ | ❌ | ❌ | 🟨 | +| GeeTest | ❌ | ❌ | ❌ | 🟨 | 🟨 | 🟨 | ❌ | ✅ | ✅ | ❌ | 🟨 | 🟨 | +| Arkose Labs | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | 🟨 | ❌ | 🟨 | ::: tip Note -"Hard for bots" does not consider commercial solvers like BrightData, as I cannot verify their legitimacy myself. +"Hard for bots" for Cap refers to the combination of Proof-of-Work and [dynamic instrumentation challenges](./standalone/options.md#instrumentation-challenges). It does not consider commercial solvers like BrightData, as I cannot verify their legitimacy myself. ::: @@ -22,23 +22,25 @@ ### Cloudflare Turnstile -Cloudflare Turnstile is a great alternative to Cap, but unfortunately it is known for having an extremely high error rate and relies a lot on fingerprinting, especially for users using private browsers such as Brave or Librewolf. Additionally, unlike Turnstile, Cap is open-source and self-hosted. +Cloudflare Turnstile is a great alternative to Cap, but unfortunately, it is known for having an extremely high error rate and relies a lot on fingerprinting, especially for users using private browsers such as Brave or Librewolf. + +Additionally, unlike Turnstile, Cap is open-source and self-hosted. With Turnstile, if Cloudflare's algorithm marks a user as "suspicious," you cannot override it. Cap puts the levers of control in your hands, so you decide the difficulty and strictness, not a third party. ### reCAPTCHA -Not only is Cap significantly smaller and faster than reCAPTCHA, it's open-source, fully free and is significantly more private. Cap doesn't require you to check traffic signs or solve puzzles, and it doesn't track users or collect data. +Not only is Cap significantly smaller and faster than reCAPTCHA, it's open-source, fully free, and much more private. Cap doesn't require you to check traffic signs or solve puzzles, and it doesn't track users or collect data. -Additionally, reCAPTCHA v2 challenges can be solved trivially by multi-modal LLMs, especially audio challenges. +reCAPTCHA v2 ("I'm not a robot") is getting harder for humans while remaining trivial for AI solvers (especially audio challenges). v3 (Invisible) is great, but if Google thinks you are "suspicious" (e.g., using a VPN or privacy tools), it often blocks you entirely or forces a hard puzzle loop with no way out. ### hCAPTCHA -Pretty much the same as reCAPTCHA, however while it's significantly more resistant to bots, it is also extremely annoying for users to solve when prompted with a visual challenge compared to reCAPTChA. It also has a significantly bigger bundle size. +Pretty much the same as reCAPTCHA, however, while it's significantly more resistant to bots, it imposes a heavy "Puzzle Tax" on your users. -Additionally, hCAPTCHA is prohibitively expensive for many users, while Cap is completely free and self-hosted. +Users hate puzzles. They leave. Drop-off rates on hCaptcha challenges can be **5-15%** depending on difficulty. Additionally, hCaptcha's free tier is aggressive with serving puzzles to save their own costs, which hurts your conversion rates. ### Altcha -Cap is slightly smaller than Altcha and includes extra features like progress tracking, and a simpler dashboard. if you don't need these, Altcha is a still a solid choice. +Cap is slightly smaller than Altcha and includes extra features like progress tracking, instrumentation challenges, and a simpler dashboard. If you don't need these, Altcha is still a solid choice. ### mCAPTCHA @@ -46,20 +48,22 @@ While mCAPTCHA is similar to both Cap and Altcha, it seems to have been deprecat ### FriendlyCaptcha -Unlike FriendlyCaptcha, Cap is completely free and self-hosted (FriendlyCaptcha is €39/month for 5k requests and 5 domains). +Unlike FriendlyCaptcha, Cap is completely free and self-hosted (FriendlyCaptcha is €39/month for only 5k requests and 5 domains). ### MTCaptcha -Cap is more lightweight, doesn't rely on users solving an image puzzle that LLMs and OCR can easily solve and is open-source and self-hostable. +MTCaptcha relies heavily on image challenges, which are usually easily solvable by LLMs and OCRs and have high drop-off rates. Cap is also lightweight, self-hostable and doesn't rely on obfuscation. ### GeeTest -Cap is free, self-hosted and open-source, while GeeTest is a paid service. Cap is also more private and doesn't rely on tracking users or collecting data. GeeTest is also china-based, which may be a concern for some users. +Cap is free, self-hosted, and open-source, while GeeTest is a paid service. Cap is also more private and doesn't rely on tracking users or collecting data. GeeTest is also China-based, which may be a concern for some users regarding data sovereignty. ### Arkose Labs -Arkose's CAPTCHA is known for being hard, slow and annoying for humans to solve. It is also a paid, closed-source service. +Arkose's CAPTCHA is known for being hard, slow, and annoying for humans to solve. It is also a paid, closed-source service mostly available to big enterprises. ### Anubis -While Anubis is a great scraper deterrent and uses the same proof-of-work concept as Cap, it uses a low difficulty by default (which is easier for bots to solve) and does not provide a standalone CAPTCHA. +While Anubis is a great scraper deterrent and uses the same proof-of-work concept as Cap, it uses a low difficulty by default (which is easier for bots to solve) and does not provide a standalone CAPTCHA server. + +Cap also implements dynamic instrumentation challenges, which make it harder for bots to finish the process after solving PoW. \ No newline at end of file diff --git a/docs/guide/benchmark.md b/docs/guide/benchmark.md index 6f034d7..08f6afe 100644 --- a/docs/guide/benchmark.md +++ b/docs/guide/benchmark.md @@ -2,17 +2,19 @@ +For accurate results, close the Developer Console, as it may negatively impact performance. + ## Benchmark results -These use a placeholder server, speeds might vary depending on your setup and network latency. Please also note that due to a bug in Chromium's devtools, speeds might be slower than expected when devtools is open. +These use a placeholder server, speeds might vary depending on your setup and network latency. A challenge difficulty of 4 with 50 challenges was used to run these benchmarks. | Tier | Device | Chrome | Safari | | --------- | ------------------ | ------ | ------ | -| Low-end | Samsung Galaxy A11 | 4.583s | - | +| Low-end | Samsung Galaxy A11 | 2.926s | - | | Low-end | iPhone SE (2020) | - | 1.282s | | Mid-range | Google Pixel 7 | 1.027s | - | | Mid-range | iPad (9th gen) | – | 1.401s | | High-end | Google Pixel 9 | 0.894s | – | -| High-end | M3 Macbook | 0.312s | 0.423s | \ No newline at end of file +| High-end | M3 Macbook | 0.412s | 0.423s | \ No newline at end of file diff --git a/docs/guide/index.md b/docs/guide/index.md index addcc56..55319b2 100644 --- a/docs/guide/index.md +++ b/docs/guide/index.md @@ -8,6 +8,8 @@ Cap is a modern, lightweight, and self-hosted CAPTCHA alternative using SHA-256 Unlike traditional CAPTCHAs, Cap's fast, unobtrusive, has no telemetry or tracking, and uses accessible proof-of-work instead of annoying visual puzzles. +We've found that Cap offers a better balance for site admins than big-tech alternatives because **it puts the levers of control in your hands, not a third party.** You decide the difficulty, you own the data, and you never pay per-request fees. + Cap consists of a client-side widget, which solves challenges and displays the checkbox, and a server-side component, which generates challenges and redeems solutions. ## Integration