| > Thinking about it a bit more, systems like mCaptcha and Botpoison aren't really CAPTCHA in the strict sense Very true! I chose to use “captcha” because it's easier to convey what it does than, say, calling it a PoW-powered rate-limter. > The real value is in the combination of factors, especially what BP call the "session and request analysis" and other fingerprinting solutions. Also true. I'm not sure if it is possible to implement fingerprinting without tracking activity across the internet --- something that a privacy-focused software can't do. I have been investigating privacy-focused, hash-based spam detection that uses peer reputation[0] but the hash-based mechanism can be broken with a slight modification to the spam text. I would love to implement spam detection but it shouldn't compromise the visitor's privacy :) [0]: please see "kavasam" under "Projects that I'm currently working on". I should set up a website for the project soon. https://batsense.net/about Disclosure: author of mCaptcha. |