Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When you use a captcha, you presumably want to defeat someone curling your CreatePost endpoint, not just make it more annoying to do it at only botnet scale.

This captcha still lets all traffic through. Except now you waste the battery of honest users.

Even HN proponents of the idea don't use it on their own sites.



I rather see something like anubis than some unsolveable captcha. I never understood the battery-argument, I recon my screen uses more energy during pow-solving than it takes my phone to solve these pows.


> I rather see something like anubis than some unsolveable captcha.

So would bad actors. Which is why everyone uses normal captchas and not mere PoW.

PoW is the easiest captcha to beat.


[citation needed]


For which part?

Every time a new submission is created on HN, you have a curl script that posts a comment on it shilling your product. (According to the /newest tab there seems to be one submission every few minutes.)

What's harder for you to automate: the comment always posts successfully after 500ms, or you get a Cloudflare Turnstile captcha every time?


PoW is for a completely different threat model than CAPTCHA. If you're trying to decide which is better, you're doing it wrong.


The title of the submission, the project README, and the project homepage repeats:

> CAPTCHA alternative




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: