If you've ever filled out a form on the internet, you've almost certainly worked for free for Google. Those quizzes with traffic lights, bicycles, storefronts — they don't just check if you're human. They train an American company's artificial vision systems without asking your permission.
This is the premise behind SecureShield.
The Problem Isn't Just Technical
When I started thinking about an alternative to reCAPTCHA, my motivation wasn't purely technical. It was deeper — and it breaks down into three levels.
The first is control. Some companies have built infrastructure so pervasive that using it became the default path. No one questions whether it's right: it's convenient, it's free, it works. And so the dependency solidifies, silently.
The second level is regulatory. Europe, with GDPR, chose a different direction: protect the user, don't monetize them. It's a vision I agree with — and it creates a context where alternative tools make sense.
The third is real consent. User data is collected and used, but the actual ability to control it is nearly zero. Consent exists on paper. In practice, it's an illusion.
SecureShield comes from here: from wanting to do something different, in my own small way.
How It Works — Without the Jargon
The basic principle is simple: a human and a bot behave radically differently.
A bot fills out a form in milliseconds, doesn't move the mouse, doesn't scroll the page, doesn't hesitate. A human reads, moves the cursor, takes a few seconds. SecureShield observes this behavior — timing, movement, interaction — and assigns a reliability score to each submission.
If the score falls below the threshold, the form is blocked. No message to the user, no quiz to solve, no friction. The bot is simply ignored.
One important thing to understand: the data collected is limited to what's strictly necessary. SecureShield doesn't build profiles, doesn't track users, doesn't share anything with anyone. And perhaps the most relevant part — the system learns exclusively from attempts it rejects. Not from those who pass, but from those who are blocked. Legitimate user data doesn't feed anything.
The Roadmap: What It Will Become
We're at version 1.0. It works, we're testing it on our own products and with a select group of clients who volunteered to host it — and from whom we're learning a lot.
Version 2.0 has bigger ambitions. We're working on:
- Machine learning on behavior: analysis of mouse movement on desktop and scrolling on mobile to build an increasingly accurate predictive model
- IP reputation: evaluation of the sender's address cross-referenced with known patterns
- Email pattern analysis: automatically generated emails follow predictable patterns — random characters, temporary domains, repetitive structures. SecureShield 2.0 will recognize them
The ultimate goal is a multi-tenant SaaS: a tool that any developer can integrate, with data staying under the control of whoever uses it.
Where We Are Today
SecureShield isn't publicly available yet. We're building it on real-world experience — this site uses it on the contact form and backend login — and we're refining it with concrete feedback.
If you're a PHP developer interested in testing it, or a company that wants to protect your forms without depending on external infrastructure, write to me. I don't have a price list to send you — I have a conversation to have.