Overview:
ALTCHA is a self-hosted, privacy-first security solution that protects websites, APIs, and online services from spam and abuse. It uses a background Proof-of-Work (PoW) mechanism instead of visual puzzles, cookies, or fingerprinting. It is designed for developers or system administrators who need to secure forms and endpoints against bots while respecting user privacy. The solution is compliant with major global privacy regulations like GDPR and HIPAA, and WCAG 2.2 AA accessibility standards. It includes a lightweight widget with multiple configuration options for various deployment scenarios.
Core Features:
Proof-of-Work (PoW) Challenge: Uses memory-bound algorithms (Argon2 and Scrypt) to block hardware-accelerated attacks (ASICs/GPUs) and sophisticated bot farms.
Privacy by Design: Fully GDPR compliant, does not use cookies, tracking, or fingerprinting, and collects no user data.
Accessible Fallbacks: Provides "Enter code from image" challenges with audio support for visually impaired users, compliant with WCAG 2.2 AA.
100% Self-Hosted: Can be deployed on own infrastructure without reliance on third-party API availability or external services.
Lightweight Widget: The core widget is approximately 34 kB when GZIPped, significantly smaller than alternative solutions like reCAPTCHA.
Use Cases:
Securing web forms: Protecting contact forms, login pages, or sign-up flows against automated spam submissions.
Protecting APIs: Verifying that requests to a backend API originate from a human user running a browser, not a script.
Accessibility-first deployments: Providing a CAPTCHA alternative that complies with accessibility standards (WCAG 2.2 AA) and includes audio challenge support.
Why It Matters:
As a self-hosted, privacy-first tool, ALTCHA removes the dependency on third-party services for bot detection. It provides a measurable performance advantage—its widget is roughly 90% smaller than reCAPTCHA—while maintaining full control over data and infrastructure. It replaces intrusive methods like tracking and fingerprinting with a hardware-resistant PoW challenge, and its compliance with global regulations like GDPR and HIPAA makes it a practical choice for organizations with strict privacy requirements.
