Honest question: How do you view it as an improvement? The same data is being shared, and the only difference is that Cloudflare isn't immediately behaving in the same evil ways as Google. But once you concentrate power in an entity, perhaps bad things might happen?
... If there was an on-premise captcha implementation that actually worked, that would be great.
Unlike Google, hCaptcha isn't running an ad network "on the side" of their bot management business :) joking aside, hCaptcha is an extremely privacy-conscious operation, Google is not.
I'm not a lawyer, but can you explain how their privacy policy is privacy-conscious now and going forward, and how centralization of network transit with Cloudflare isn't a bad thing?
hCaptcha is more focused on technical solutions to privacy that minimize required trust. A privacy policy is one thing, but a mathematical guarantee is quite another.
We are working through the IETF and directly with browser makers to support provably private options like Privacy Pass, and are currently the only CAPTCHA service to support this.
Similarly, on the enterprise side we offer various technical options to let our enterprise customers guarantee exactly what data we can and cannot see.
(disclaimer: work there, comments not official, etc.)
How does support for Privacy Pass interact with services that pay humans pennies per thousands of captcha solves? Wouldn't it be easy to buy a ton of these blinded tokens then have an extension that provides them on demand to the captcha service?
... If there was an on-premise captcha implementation that actually worked, that would be great.