The point of captchas is that they cost resources (human time, money, computing power) to solve. Captcha is essentially a proof-of-work scheme, and a very nasty one, because it is designed to torture users instead of relying on computers to do the work. There are computer PoW-based alternatives to captcha, but they are not widely used for some reason (why?).
> There are computer PoW-based alternatives to captcha, but they are not widely used for some reason (why?)
Because when you're renting a cheap botnet for your spam campaign, you don't care that some poor random person's device has to solve a PoW. Ironically you punish everyone except spammers because they certainly aren't using their own hardware.
This is why stuff like hashcash (which had email spam in mind) was dead on arrival.
People (like the commenter above) often assert that spammers can just buy human labor thus recaptcha is useless. But you're already in a whole different ballgame with sites like Twitter if you're attracting targeted human attacks.
If you replace the CAPTCHA with a Hashcash-like PoW system, couldn't the server increase the difficulty when it receives too many connections from an IP?
Even with a huge botnet, spammers can only have so many IPs and computing power.
The difficulty could easily be adjusted to have a computing time ranging from a few milliseconds on a cheap smartphone (default) to a few minutes/hours on a desktop computer (for abusers).
It also becomes a tax on people who are pro-privacy (e.g., running uBlock Origin), since they don’t look like “normal” users and therefore have to solve captchas. All. The. Damned. Time.