On Mon, Aug 08, 2005 at 10:13:01PM +0100, Adam Langley wrote: > If you need a public-domain, strong CAPTCHA I happen to have one up my sleeves: > http://www.imperialviolet.org/captcha.html i am not sure that captchas, given they work, are the right tool to make pseudonyms expensive enough to keep people from misbehaving in web forums, but this one definitely looks neat! (-: (you all know the standard way to circumvent captchas, but just to be sure i'll mention it again: open up a porn site, promise free porn to whoever solves a few captchas for you, and have your bots proxy the challenges they cannot solve by themselves to an instantly available abundance of strangers who are eager to do help. of course this is an option for more determined attackers only.) speaking of which, where did i stumble over the following paper? (if it was on this list, i am sorry for the repost...) Ben Laurie and Richard Clayton "Proof-of-Work" Proves Not to Work The Third Annual Workshop on Economics and Information Security (WEIS04) http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf the authors do some plausible guesswork on whether proofs of work could keep spammers from spamming, and argue that hashcash and friends opens a too small window for tradeoffs: either legitimate e-mails will become too expensive, or spam will remain too cheap. i guess you could adapt these results to pseudonym creation in forums pretty straight-forwardly. i don't know, but it's inspiring. if anybody has an opinion on this i'm all ears. cheers, matthias
Attachment:
signature.asc
Description: Digital signature