People believe stopping abuse is impossible, futile, ambiguous, passive, hard
With FunCaptcha it's possible, personal, and powerful against all attacks
CAPTCHA has been at the forefront of anti-abuse technology since the foundation of attacks in the late 90s.
Since its inception, CAPTCHA has been plagued by high-risk vulnerabilities and speculative challenges that persecute human users. Instead of providing simple passage for human users, CAPTCHA has been used to aggress abuse and unfamiliar behaviour. This has grounded CAPTCHA in uncertainty and led people to believe it isn’t the solution. Despite the prevailing beliefs, CAPTCHA (a Turing test) is the most effective way to determine humanity – if done right.
FunCaptcha avoids these common flaws and does it right.
Trusted at scale
CAPTCHA must be defined by its ability to achieve security and high human conversion, simultaneously.
CAPTCHA is a gateway to the most important parts of your product – it holds enough power to lock everyone out, and to let anything in. It should be easy for human users to complete without frustration, but it must also stop automation and sweatshop attacks.
Our patent-pending technology transforms an irritating chore of comprehension into a fun visual activity that resists automation, machine learning, client decryption, and brute forcing techniques.
Why has CAPTCHA been ineffective?
Challenges have been commercially driven
The common CAPTCHA employs value-added challenges that prioritize economic gains, by taxing the user with tasks that have commercial value in solving – such as digitizing books and categorizing imagery, as a test of humanity.
Optical Character Recognition is nearly a 100% accurate technology that can effortlessly, and automatically, solve such challenges. Consequently, these challenges remain unviable as a security measure, and incapable of establishing humanity.
Reliance on things attackers can easily fake
In a conference paper presented at Black Hat Asia 2016, reCAPTCHA v2 was exposed to be using a Google.com cookie as a measure of humanity, which afforded users the option to skip all verification challenges.
Answer easily recognized with simple OCR
Optical Character Recognition is a highly accessible and accurate technology; off-the-shelf machine vision products provide a near 100% solve rate for the common CAPTCHA.
Answer unsecured and retrievable from client
In some CAPTCHAs, the client can be manipulated to expose the answer. For example, Solve Media can be compromised with its decryption code to solve 100% of some challenges.
→ Decryption code for Solve Media
Introducing FunCaptcha Enterprise
The managed CAPTCHA service with experts who become a part of your team
- Patent-pending 3D model approach at core
- Gamified puzzles that leverage gaps in machine vision
- Heavily resistant to all forms of automated abuse
- Easily undoes machine vision and training attacks
Trusted by the best
FunCaptcha drives up the cost of abuse by intercepting brute forcing, machine learning, and sweatshop attacks
Defeat brute forcing
- FunCaptcha has pioneered advanced fingerprinting techniques that associate history with user attempts
- With bad guesses, FunCaptcha shows more challenges to decrease odds from 1/8 up to 1/1,073,741,824
- This renders brute forcing attacks impractical in the short-term and impossible at scale
|1/8 Chance||1/512 Chance|
Defeat machine learning
FunCaptcha makes each training action cost something:
- Guessing depletes an undisclosed balance of credits associated with the user Fingerprint
- Using human labor to manually train images costs the attacker money per model trained
- FunCaptcha changes models frequently and forces attackers to pay these costs repeatedly
Each image uniquely generated to defeat simple attacks:
- Random noise is introduced to defeat bitmap checksum
- Indiscriminate image shifting and changing camera angles defeat fuzzy pixel-to-pixel comparisons
Change camera angle:
one model → thousands of images
two image sets → millions of combos
- FunCaptcha has a library of different game types to defeat all kinds of attacks
- All games use unique 3D models that are regularly retired and replaced
- Existing game types can be quickly repurposed with different 3D models
- New 3D models and game types constantly developed
In the absence of automation, sweatshops and solving farms remain the Achilles' heel of CAPTCHA. This vulnerability facilitates the crowdsourcing of challenges for human-powered solving, and can bypass more than a hundred CAPTCHA per minute.
FunCaptcha has expelled such attackers with a series of covert defense measures that attack sweatshops, and regulate their capacity to be financially viable. Thus, removing the economic window necessary to commercialize the solving of FunCaptcha.
Access critical expertise
Beyond these automated defences, FunCaptcha is managed by experts who become a part of your team and existing workflow. Our dedicated data scientists monitor traffic patterns 24/7 to ensure automation is never achieved.
If an attempt at automation is detected, the team can rapidly adjust settings and introduce new models to defeat the attack in its infancy. This is executed within a guaranteed SLA, which renders automated abuse inoperative and immediately disarms attackers before they can recoup their costs.
Multilingual & Accessible
Traditional CAPTCHAs are hard enough as it is, let alone trying to figure them out in another language. FunCaptcha ensures your users receive a meaningful verification experience by providing considerable multilingual support – and unlike some popular CAPTCHAs, FunCaptcha is not blocked for users in Mainland China. Moreover, the service is Section 508 compliant and fully accessible to users whose motor skills and vision are challenged.
|FunCaptcha||reCAPTCHA v2||reCAPTCHA||Solve Media|
|Multiple Challenge Types||✓||✓||—||—|
|99.95% Uptime SLA||✓||—||—||—|
|Section 508 Compliance||✓||?||?||—|
|24/7 Hotline Support||✓||—||—||—|
|Fully Customizable UI||✓||—||—||—|
|Custom Security Images||✓||—||—||✓|
FunCaptcha aggregates custom logs that can be used to construct a real-time view of user activity. Logs are pushed when the user loads FunCaptcha, when they interact with it, and when you validate with our server. These logs are verbose; they include curation on the legitimacy of a user, and evaluate requests to isolate IPs of a questionable reputation.
Custom logs are sent to your server and can be deployed to internal dashboards, or integrated with existing reporting infrastructure.
|Field||Value / meaning||Alt. value(s)|
|client_param||Parameter passed by customer to FC. Typically used to request a security tier or UX test mode.|
|game_type||1: "Roll the ball" game||2: "Move to the middle" game|
|fingerprint||Unique user fingerprint constructed based on the user's device and network capabilities.|
|+ Many More|
Showing different FunCaptchas
Don't show FunCaptcha
Show easy FunCaptcha
Show hard FunCaptcha
But wait, there's more...
All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.