undefined | Better HN

0 pointsxg154y ago0 comments

If nothing can really stop people anyway, then what's the point of all this?

But I think the problem is that a PoW captcha can be cracked significantly more easily than a regular captcha:

For a regular captcha, a spammer would have to deal with brittle image analysis software or find people willing to do extremely boring, borderline illegal work for pennies.

For a PoW captcha, they have to load the page in Selenium and... that's it. All that's left is a slight bump in the power bill.

0 comments

3 comments · 2 top-level

arbol4y ago· 1 in thread

> If nothing can really stop people anyway, then what's the point of all this?

Barriers to entry. Different services will require different levels of security. This might be enough for a simple poll app.

xg15OP4y ago

But a barrier for whom?

If you're a script kiddy who knows how Selenium works, you can crack this.

What this does for resource-poor attackers is implement some wasteful form of rate-limiting. But then, why not just use actual rate-limiting?

Zababa4y ago

> If nothing can really stop people anyway, then what's the point of all this?

It works, the thing is that "working" in that case is to increase the cost of doing this. Solving 1000 captchas costs $2 https://anti-captcha.com/.

The difference here is that people that have no money can automate selenium on their own computer and defeat a PoW captcha. But for people that have to pay for either servers or a captcha solving service, there is no difference.

j / k navigate · click thread line to collapse