2 comments

[ 3.4 ms ] story [ 17.2 ms ] thread
> mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer Denial-of-Service protection

if you want denial-of-service protection, wouldnt it be better to use a delay-based algorithm, instead of a proof-of-work one?

Proof-of-work is not environmentally friendly, wastes your legitimate users resources, and doesnt stop all DOS types

Just force a delay in time to requests to your site and allow only as many as you can process

Hi, I'm the author of mCaptcha o/

To impose delays, there must be some way of identifying users individually. But to do so will have privacy implications. PoW is a stateless way of imposing delays without the privacy implications of tracking.

That said, it isn't perfect. I'm on the lookout for cleaner and more efficient ways of doing it.