[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

hashcash and captchas (Was: Gentoo's response on them blocking access to their forums via Tor)



On Mon, Aug 08, 2005 at 10:13:01PM +0100, Adam Langley wrote:
> If you need a public-domain, strong CAPTCHA I happen to have one up my sleeves:
> http://www.imperialviolet.org/captcha.html

i am not sure that captchas, given they work, are the right tool to
make pseudonyms expensive enough to keep people from misbehaving in
web forums, but this one definitely looks neat!  (-:

(you all know the standard way to circumvent captchas, but just to be
sure i'll mention it again: open up a porn site, promise free porn to
whoever solves a few captchas for you, and have your bots proxy the
challenges they cannot solve by themselves to an instantly available
abundance of strangers who are eager to do help.  of course this is an
option for more determined attackers only.)

speaking of which, where did i stumble over the following paper?  (if
it was on this list, i am sorry for the repost...)

    Ben Laurie and Richard Clayton
    "Proof-of-Work" Proves Not to Work
    The Third Annual Workshop on Economics and Information Security (WEIS04)
    http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf

the authors do some plausible guesswork on whether proofs of work
could keep spammers from spamming, and argue that hashcash and friends
opens a too small window for tradeoffs: either legitimate e-mails will
become too expensive, or spam will remain too cheap.  i guess you
could adapt these results to pseudonym creation in forums pretty
straight-forwardly.

i don't know, but it's inspiring.  if anybody has an opinion on this
i'm all ears.

cheers,
matthias

Attachment: signature.asc
Description: Digital signature