[dcrazy]

Because it doesn’t solve the problem of residential botnets.

[Velocifyer]

The botnet operators will be incentivized to mine bitcoin instead of whatever they are doing.

[dotancohen]

Neither does fingerprinting.

[dcrazy]

The goal of Cloudflare’s fingerprinting is to detect whether a user agent appears to be a legitimate human. It’s not to identify human users across websites.

[zzo38computer]

That is not a good excuse for requiring overly complicated and overly specific software.

[Catloafdev]

It actually is. And to think it's not, means you don't understand what the benefit is.

Just because you've never been in a situation to care about the benefit they are offering, does not mean it's not valuable.

And the position "you need a good excuse to have overly specific software" is extremely strange.

[dcrazy]

Every HN thread is full of people who think webmasters should just pay through the nose to handle bot traffic to preserve the sacred rights of turbonerds to visit their website using Lynx on their toaster.

[zzo38computer]

I should think that there should be a better way (e.g. port knocking, instructions for manually correcting the URL that cannot easily be automated, additionally supporting alternative protocols, etc).

[brookst]

Sounds great. Link us to your project?

[GoblinSlayer]

Why not? PoW challenge doesn't whitelist botnets. If the dumb scraper makes only get requests and doesn't solve the challenge, it doesn't matter how it connects, even if it's a perfectly hidden tor exit node.

[brookst]

Because the work would be done by the compromised residential device. No bothnet owner is going to care if their 100,000 rooted routers have to do a little more work. It’s still “free” from their perspective.

[GoblinSlayer]

If botnet owner allows RCE, the botnet will just change the owner.