Hacker News new | ask | show | jobs
by stephantul 384 days ago
Think of crawlers: a crawler typically makes hundreds or thousands of requests per second. The owners of the crawler then sell this data for X$, or gain X$ profit.

Proof of work adds a very small cost to each individual request, increasing the cost of crawling to a number higher than X. Because actual humans make very few requests, we don’t notice the increase in cost.
2 comments
timtom123 384 days ago
This exactly, having ran very large scraping operations, it only takes a slight increase in cost to make it unprofitable for many use cases.
link
SV_BubbleTime 384 days ago
Right, scale is solved… but not at all targeted “attacks”.

If some site uses this and I only want that site as an attacker or as a personal scraper or etc, this is keenly ineffective at proving human vs bot.

link
hombre_fatal 384 days ago
When you use a captcha, you presumably want to defeat someone curling your CreatePost endpoint, not just make it more annoying to do it at only botnet scale.

This captcha still lets all traffic through. Except now you waste the battery of honest users.

Even HN proponents of the idea don't use it on their own sites.

link
krior 384 days ago
I rather see something like anubis than some unsolveable captcha. I never understood the battery-argument, I recon my screen uses more energy during pow-solving than it takes my phone to solve these pows.
link
hombre_fatal 384 days ago
> I rather see something like anubis than some unsolveable captcha.

So would bad actors. Which is why everyone uses normal captchas and not mere PoW.

PoW is the easiest captcha to beat.

link
Tijdreiziger 384 days ago
[citation needed]
link
hombre_fatal 384 days ago
For which part?

Every time a new submission is created on HN, you have a curl script that posts a comment on it shilling your product. (According to the /newest tab there seems to be one submission every few minutes.)

What's harder for you to automate: the comment always posts successfully after 500ms, or you get a Cloudflare Turnstile captcha every time?

link
yodon 384 days ago
PoW is for a completely different threat model than CAPTCHA. If you're trying to decide which is better, you're doing it wrong.
link