- I make websites
- If someone is banned twice (two accounts) I want it to take them more than 5min and a VPN to make a 3rd account
- I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
- I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
- but spam (automated account creation) is a real problem
What kind of auth should I use for my websites?
mCaptcha is a proof of work pseudo-captcha, it won’t block bots completely, but it heavily rate limits them and makes them computationally expensive to run.
Benefits - costs: If your benefits from having less spam and the work they are doing by solving the task are greater than your costs this is acceptable.
Doesn’t work on Mull browser (hardened Firefox for android) :(
Interesting, does it block js or something?
It uses the arkenfox thingie. It doesn’t block JS, but it does block a lot of things and possibly certain JS features.
While I’m really glad to hear about it, I think it would work great for DDOS detection, I don’t know that it works for preventing spam accounts. I’m pretty sure puppeteer with GPT4 could check that box no problem.