Cap

Cap is a lightweight, privacy-preserving CAPTCHA alternative that uses SHA-256 proof-of-work challenges instead of image puzzles. It is designed to be fast to load, accessible, and simple to integrate into modern websites and APIs without user tracking.

Key Features

• Proof-of-work challenge system based on SHA-256 (no visual CAPTCHA puzzles)
• Very small client footprint with no external dependencies
• Privacy-first design with no telemetry sent to third parties
• Highly customizable widget styling via CSS variables
• Invisible mode to run challenges in the background
• Machine-to-machine (M2M) friendly flows to protect APIs while allowing trusted automation
• Standalone deployment option via container for running Cap as a service (with extra operational features such as analytics)

Use Cases

• Protecting public web forms (login, signup, contact forms) from spam and automated abuse
• Adding bot mitigation to API endpoints while keeping UX minimal for legitimate users
• Replacing traditional CAPTCHA providers in privacy-sensitive or compliance-focused environments

Limitations and Considerations

• Proof-of-work increases client CPU usage, which can impact low-power devices; difficulty tuning may be required
• Not ideal for defending against attackers with substantial compute resources without additional rate-limiting and abuse controls

Cap provides a practical, modern approach to bot protection by shifting verification from user interaction to lightweight computation. It works well for teams that want a fast, customizable, privacy-respecting alternative to traditional CAPTCHA widgets.