[xiphias2]

They could use a memory-hard hashing function, like ARGON2 for proof of work, it would make spamming much harder.

[hombre_fatal]

Not really, because spam isn't done on the spammer's hardware. Not to mention, an expensive hashing function is precisely something bots can do but humans cannot.

If you're putting constraints on Tor traffic, it's not because of raw throughput. It's because it's extremely poor quality traffic.

[xiphias2]

I see..the goal of ARGON2 is not to be expensive, but to be hard to parallize. Anyways the other points that you wrote make sense.

[Kalium]

You're absolutely right! It could even be integrated meaningfully into browsers to make it easier to work with. Something Cloudflare's Privacy Pass (https://support.cloudflare.com/hc/en-us/articles/11500199265...) could work.

[xiphias2]

It looks really nice.

It should be default for the TOR browser for sure, if just a few people use it, it decreases the anonimity set.

[Kalium]

Nah, it was released back in 2017. I've seen it discussed periodically ever since.

The issue with just doing memory-consuming work client-side is that it only marginally slows down spamming. Spammers tend to use compromised machines they don't own. Unless you can make it prohibitively expensive to calculate something using machines you don't pay for - perhaps not a trivial ask - you wind up needing a different set of tools. This is why Google tends to look at things that will exhibit human variation rather than pure computation.

It's not that your ideas aren't good. I'm sure ARGON2 has a use here! It's that this might not be a problem easily solved by consuming more resources.

[xiphias2]

Cool, I'll try it out the next time I have a problem with using TOR. You're right that ARGON2 doesn't help if CPUs/RAM are free, it just makes parallelization hard.

[Kalium]

Parallelization is easy if you have a botnet of millions of machines owned by others to draw on.