I am, but what I said was more of a hypothesis than a fact :) From what I understand of reCAPTCHA, the model isn't static and is continuously learning from every interaction[0]: > reCAPTCHA’s risk-based bot algorithms…
Author of mCaptcha here o/ mCaptcha uses PoW and that is energy inefficient, but it not as bad as the PoWs used in blockchains. The PoW difficulty factor in mCaptcha is significantly lower than blockchains, where…
Author of mCaptcha here o/ Yes, the only differences are that mCaptcha is 100% FOSS and uses variable difficulty factor, which makes it easy to solve Proof-of-Work under normal traffic level but becomes harder as an…
Hi, I'm the author of mCaptcha o/ To impose delays, there must be some way of identifying users individually. But to do so will have privacy implications. PoW is a stateless way of imposing delays without the privacy…
Agreed, it's been an interesting discussion so far with lots of interesting ideas. mCaptcha is a very niche software, that will only work some use cases, but that's okay as long as whoever's deploying it is aware of its…
I haven't encountered a case where multithreading will make the algorithm weaker, but I do have a variation of the benchmark code(on disk, at the moment) that will spin up multiple worker threads to compute PoW.
Apologies, the project isn't ready to be showcased yet. I literally woke up to a message from a friend that said it was on HN. I wish I could explain it on here, but I'm afraid it isn't that easy. Here's the high level…
That's a good idea, I'll be sure to do that!
> Thinking about it a bit more, systems like mCaptcha and Botpoison aren't really CAPTCHA in the strict sense Very true! I chose to use “captcha” because it's easier to convey what it does than, say, calling it a…
Very good point! Accessibility is a critical to mCaptcha. In fact, Codeberg is trying out mCaptcha purely because of its more accessible[0]. That said, it is possible to choose a difficulty factor very high to deny…
Only recently, yes. WASM performance is tricky. A memory-heavy algorithm will DoS visitors. That said, there are protections within mCaptcha to protect against ASICS(PoW result has expiry and variable difficulty…
Thank you for your detailed response, you raise some very interesting and valid points! > JS engines (or even WASM) aren't going to be as fast at this kind of work as native machine code would be You are right. mCaptcha…
Glad you ask! There are protections against replay attacks within mCaptcha: tokens are single use also have a lifetime beyond which they are invalid. Disclosure: author of mCaptcha
yikes! The docs had an overhaul last week, that link was removed as part of the overhaul. Should have paid more attention. Should be fixed now :) > A one-sentence describing exactly what it does and how it works would…
Thank you for the kind words! > Instead of an easy mode and advanced one I would use a single mode with a calculator, that way it is more transparent to the user and it would make the process of learning the advance…
I'd love to do something useful with the PoW result but like you say, the PoW should be able to work in browsers, so they are intentionally small. The maximum advisable delay is ~10s but even then it might not be enough…
> How does that work without becoming a SPOF for taking down the website ? Can't a user/botnet with more CPU power than the server simply send more captchas than can be processed ? Glad you asked! This is theoretically…
Thanks for the ping! I used "captcha" to simplify mCaptcha's application, calling it a captcha is much simpler to say than calling it a PoW-powered rate limiter :D That said, yes it doesn't do spambot form-abuse…
Hello! I'm the author of mCaptcha. I'd be happy to answer any questions you might have :) For context, mCaptcha was discussed in these threads in the past hour before being posted on here: [0]:…
The math is performed by the browser. All the user will have to do is tick a checkbox. Here's a demo: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFf... disclosure: I'm the author of mCaptcha
Hello, I'm the author of mCaptcha. I'll be happy to answer any questions that you might have :)
The project is very new, I haven't started promoting yet. The Codeberg development was purely from word of mouth :) disclosure: I'm the author of mCaptcha
Hello! I'm the author of mCaptcha, I'd be happy to answer any questions that people might have :)
I am, but what I said was more of a hypothesis than a fact :) From what I understand of reCAPTCHA, the model isn't static and is continuously learning from every interaction[0]: > reCAPTCHA’s risk-based bot algorithms…
Author of mCaptcha here o/ mCaptcha uses PoW and that is energy inefficient, but it not as bad as the PoWs used in blockchains. The PoW difficulty factor in mCaptcha is significantly lower than blockchains, where…
Author of mCaptcha here o/ Yes, the only differences are that mCaptcha is 100% FOSS and uses variable difficulty factor, which makes it easy to solve Proof-of-Work under normal traffic level but becomes harder as an…
Hi, I'm the author of mCaptcha o/ To impose delays, there must be some way of identifying users individually. But to do so will have privacy implications. PoW is a stateless way of imposing delays without the privacy…
Agreed, it's been an interesting discussion so far with lots of interesting ideas. mCaptcha is a very niche software, that will only work some use cases, but that's okay as long as whoever's deploying it is aware of its…
I haven't encountered a case where multithreading will make the algorithm weaker, but I do have a variation of the benchmark code(on disk, at the moment) that will spin up multiple worker threads to compute PoW.
Apologies, the project isn't ready to be showcased yet. I literally woke up to a message from a friend that said it was on HN. I wish I could explain it on here, but I'm afraid it isn't that easy. Here's the high level…
That's a good idea, I'll be sure to do that!
> Thinking about it a bit more, systems like mCaptcha and Botpoison aren't really CAPTCHA in the strict sense Very true! I chose to use “captcha” because it's easier to convey what it does than, say, calling it a…
Very good point! Accessibility is a critical to mCaptcha. In fact, Codeberg is trying out mCaptcha purely because of its more accessible[0]. That said, it is possible to choose a difficulty factor very high to deny…
Only recently, yes. WASM performance is tricky. A memory-heavy algorithm will DoS visitors. That said, there are protections within mCaptcha to protect against ASICS(PoW result has expiry and variable difficulty…
Thank you for your detailed response, you raise some very interesting and valid points! > JS engines (or even WASM) aren't going to be as fast at this kind of work as native machine code would be You are right. mCaptcha…
Glad you ask! There are protections against replay attacks within mCaptcha: tokens are single use also have a lifetime beyond which they are invalid. Disclosure: author of mCaptcha
yikes! The docs had an overhaul last week, that link was removed as part of the overhaul. Should have paid more attention. Should be fixed now :) > A one-sentence describing exactly what it does and how it works would…
Thank you for the kind words! > Instead of an easy mode and advanced one I would use a single mode with a calculator, that way it is more transparent to the user and it would make the process of learning the advance…
I'd love to do something useful with the PoW result but like you say, the PoW should be able to work in browsers, so they are intentionally small. The maximum advisable delay is ~10s but even then it might not be enough…
> How does that work without becoming a SPOF for taking down the website ? Can't a user/botnet with more CPU power than the server simply send more captchas than can be processed ? Glad you asked! This is theoretically…
Thanks for the ping! I used "captcha" to simplify mCaptcha's application, calling it a captcha is much simpler to say than calling it a PoW-powered rate limiter :D That said, yes it doesn't do spambot form-abuse…
Hello! I'm the author of mCaptcha. I'd be happy to answer any questions you might have :) For context, mCaptcha was discussed in these threads in the past hour before being posted on here: [0]:…
The math is performed by the browser. All the user will have to do is tick a checkbox. Here's a demo: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFf... disclosure: I'm the author of mCaptcha
Hello, I'm the author of mCaptcha. I'll be happy to answer any questions that you might have :)
The project is very new, I haven't started promoting yet. The Codeberg development was purely from word of mouth :) disclosure: I'm the author of mCaptcha
Hello! I'm the author of mCaptcha, I'd be happy to answer any questions that people might have :)