Thus spake Maxim Kammerer (mk@xxxxxx): > On Thu, Feb 9, 2012 at 05:44, Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: > > If you read the ticket, the design sketch does not require constant CPU > > burning. You would only use the CPU until you built up a sufficient pile > > of tokens, and you would only do that intermittently. > > Not to raise unnecessary skepticism, but have proof-of-work ever been > successfully deployed for anything in the real world (besides for > proof-of-work per se â i.e., Bitcoin)? As far as I know, no one has ever tried it. Some academics once pointed out that proof-of-work would not work for email, but that was primarily because email is often one-to-many. They did not consider one-to-one activity (like web page access) in their analysis. Perhaps everyone simply read their work and just assumed proof-of-work could never work for anything? https://trac.torproject.org/projects/tor/ticket/4666#comment:6 > Did you try to estimate how much CPU work would get one a token once > such system is deployed full-scale, with spammers (possibly with > botnets) competing for resources? E.g., you can get a rule-of-thumb > estimate by putting some dollar value on a token, and looking at the > generic-CPU work required for an equivalent Bitcoin amount. The proposed system has two knobs that site admins can use: computation quantity, and computation freshness. As scraping abuse increases, admins would be free to set the "price" higher as needed, and require more recent, fresh computation as needed. When abuse is low, the requirements can be turned down. I created these two knobs because what we have seen over the years is that scraping abuse over Tor is not constant. Every few months, some jerk decides "Hey, I know, I'll scrape $SITEX and resell the data and make MEEELIONS", until the bans or captchas go up and they shut down. Then, all is quiet until the bans expire and the next jerk gets the idea a few months later. At least, this is the pattern that the Scroogle admin sees. I assume the situation is similar with Google directly, but they are very tight lipped. > Perhaps captchas might look more appealing after that. Captchas currently cost anywhere from $0.01 to $0.001 to solve. Yes, that's 1/10 of 1 US cent each: https://krebsonsecurity.com/2012/01/virtual-sweatshops-defeat-bot-or-not-tests/ If they are working at all now, they work only because they marginally raise the cost of bulk scraping enough to slow scraping crawls and reduce the server load back to acceptable levels. I think tunable proof-of-work could easily beat this very low bar, with much less hassle for users. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk