upvote
Proof of work, even "custom", where the user does not need a particular interaction with the page, does not work. The scrapers are running headless Chrome and solving the work. They do not care, they do not pay the bill, the compromised system's owner pays the bill.

I have such system for the registration form on one of my website to prevent the double validation of emails to be used to spam emails of victims. The PoW challenge prevents less than 10% of the bots.

reply
Thats why I said proof of work that is used to mine a cryptocurrency to pay the bills of websites that serve information.

As long as the website gets paid more than the cost of serving the pages, it does not matter if a human or a bot did the POW.

Securing signup forms is another issue. Maybe related. But not what I was referring to.

reply
Very good point, I missed the point that the PoW is paying the publisher. I will have to dig into this, this is a pretty nice idea.
reply
Residential proxy users don't get to run computation on the proxies.
reply
First of all I am very critical of the $100 per consumer device per month figure.

Also all major browsers block crypto miners on webpages now (for good reasons) so it may prove difficult to allow "good" mining scripts while still blocking "bad" ones.

I don't think this is a practical solution

reply
Better skip the PoW part as it'll be wildly inefficient for most of the work done.

Instead, exchange web traffic for actual $. Say, some kind of tokens that are easily turned back into hard cash through a 3rd party.

Requesting a 100KB file? Okay, that'll be a $0.00002 token, please! (visitor's user agent provides it in a manner transparent to regular web users). Requesting a 3MB image? Okay, that'll be a $0.0005 token, please!

Result: niche websites earn hard cash. It doesn't matter much if you're hammered as long as the hammering comes with a corresponding flow of tokens (read: $). No token(s)? No service.

Regular web users would pay for those tokens through their normal internet service fees, and otherwise not be bothered. Massive scrapers would have to pay somehow for the tokens to be served web data at all.

In effect: put the bulk of public web sites behind a paywall. But with the bar low enough & in a manner that it's transparent for regular web users. Clicked "reload" by accident? Oops, internet service bill got upped by 2 micro-$.

reply
Proof of work doesn't help if the abuser is massively decentralized and is using other peoples moneys.
reply
Proof of work captchas are widely deployed, especially on more niche sites. Kiwiflare is one (used for a harassment forum)
reply
You could've just said Anubis to avoid giving those guys advertisement.
reply
They discuss why this might be a bad idea in the article.
reply
They discuss why proof of work is bad, not crypto

> partly because it causes annoying delays for those trying to get to the site

This is true but usually a small issue. It’s further alleviated by cached tokens so you only have to solve the challenge once in a while per site, and a login token may let you skip it.

> partly because it seems inevitable that the scrapers will eventually find their way around it…A proof-of-work requirement is not a huge obstacle when you have millions of other people's machines to do the work on.

Solved by making money off it.

reply