Less CloudFlare captchas with Privacy Pass

Martin Brinkmann
Nov 10, 2017
Firefox add-ons, Google Chrome extensions, Internet

Privacy Pass is a new browser extension for Mozilla Firefox and Google Chrome to reduce the number of captchas that legitimate users get when they access CloudFlare protected properties on the Web.

CloudFlare protects a large part of the Internet, and that is why the company's captcha solutions designed to determine whether a visitor is a human or a bot are found on many different sites.

The current system throws a captcha at users regularly when they visit different sites. It is not a "prove once that you are human and you are done" kind of system.

Privacy Pass is not the first browser extension of its kind. The browser extension CloudHole came out in 2016, and while it is still available for Firefox, it has not been updated for nearly a year.

A more recent extension is Cloudflare Privacy Pass. It was based on the challenge bypass specification, and while it has been pulled, Privacy Pass appears to use the same interface and icon.

Challenge Bypass Extension

Challenge Bypass Extension is available for Firefox and Google Chrome. The extension works on websites using a "blind signature" protocol, and reduces the number of captchas that are shown to users by gaining tokens when completing captchas that are spent to pass future challenges.

The "blinding" procedure means that signed and redeemed tokens are cryptographically unlinkable from the server perspective and, as such, are suitable for usage in conjunction with external privacy measures (such as VPNs).

Privacy Pass has been developed by members of the Royal Holloway University of London, and the University of Waterloo.

Cloudflare supports Privacy Pass currently, and clients get 30 signed tokens for each captcha that is solved in the browser while the extension is enabled.

This reduces the number of captchas displayed to users significantly, and is probably most appealing to users who connect to VPN networks, Tor, or are assigned IP addresses with bad track records.

Privacy Pass stores data locally that relates to the created tokens. The extension adds an icon to the browser's toolbar that lists a -- somewhat broken -- interface right now listing the number of available passes (before another captcha needs to be solved). The "get more passes" link opens the project's site on GitHub, and the only other option is to clear the available passes.

Check out the FAQ for additional details.

Closing words

Privacy Pass improves web browsing for Internet users who run into CloudFlare captchas regularly. Tor users are probably prime candidates for the extension, but certain VPN IP addresses and regular  IP addresses may throw captchas fairly regularly as well.

software image
Author Rating
4 based on 6 votes
Software Name
Privacy Pass
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on November 4, 2020 at 6:13 am

    The extension was working just fine, then stopped working abruptly. You get the tokens but still have to put in the captchas every time…

  2. freddy2000 said on October 25, 2020 at 4:54 pm

    I still get captchas with this, but less without it, just as advertised: “reduce the number of captchas”

    I guess some folks can’t read, and likewise can’t do captchas well.

  3. emily pullen said on March 25, 2019 at 5:38 pm

    it doesn’t work, i still get the captchas and not only that, but it’s not like u can click on the extension and you don’t have to do the captchas.

  4. Kal said on December 14, 2017 at 12:34 am
    1. Clairvaux said on April 14, 2020 at 12:21 pm

      Nice read.

  5. TelV said on November 30, 2017 at 5:03 pm

    Well, that was shortlived: https://imgbox.com/Qy4LQvpk

  6. Jimmy said on November 11, 2017 at 2:43 pm

    hasn’t been updated for a yer but we def need to publish an article about it to encourage ppl use it.. Go Germany!

  7. TelV said on November 10, 2017 at 2:48 pm

    Don’t like the sound of that sentence, “Privacy Pass stores data locally that relates to the created tokens”. Presumably the data will have to be retained which implies a forthcoming privacy issue if it can be used to track users.

    1. Pants said on November 10, 2017 at 3:28 pm


      > Scenario 7: “This is basically our scheme”

      So they have worked around the following problems
      – scenario 1 – Linkability
      – scenario 2 – Malleability
      – scenario 3 – Redemption hijacking
      – scenario 4 – Tagging
      – scenario 5 – only one redemption per issuance
      – scenario 6 – Bandwidth

      Although this is not finished, the DLEQ needs more work from the quick scan I did. I am also not an expert :)

      I did however, find absolutely no privacy policy on github nor AMO

      1. TelV said on November 10, 2017 at 4:04 pm

        Well, that’s good news at least. I don’t come across that many captchas, but I installed the extension anyway to see how it performs.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.