forked from mCaptcha/website
73 lines
3.4 KiB
Markdown
73 lines
3.4 KiB
Markdown
---
|
|
title: "Introducing mCaptcha net"
|
|
description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
|
|
date: 2023-10-19
|
|
lastmod: 2023-10-19
|
|
draft: false
|
|
weight: 50
|
|
images: ["icon.png"]
|
|
contributors: ["Aravinth Manivannan"]
|
|
---
|
|
|
|
mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer
|
|
Denial-of-Service protection, because of [its excellent accessibility
|
|
characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW
|
|
within mCaptcha is configuration --- webmasters can configure
|
|
[difficulty factors](/docs/terminology/difficulty-factor) for their
|
|
installations, which determines waiting time for visitors. But PoW can
|
|
become inaccessible if webmasters choose a very high difficulty factor.
|
|
So they have to maintain a balance which imposes sufficient load on DDoS
|
|
attackers while also being accessible to common folk.
|
|
|
|
{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}}
|
|
|
|
To help webmasters correctly configure difficult factors, we are
|
|
building a feedback loop which would gather performance statistics from
|
|
voluntary mCaptcha installations and make them available to other
|
|
mCaptcha installations. The performance statistics can be used by all
|
|
mCaptcha instances to automatically optimize an installation. We are
|
|
calling this the mCaptcha net.
|
|
|
|
## Participation is optional
|
|
|
|
Participation in the mCaptcha net is disabled by default and is
|
|
optional as it has privacy implications: it will reveal the
|
|
existence of an mCaptcha instance.
|
|
|
|
The admins of mCaptcha instances can choose to upload truly anonymous
|
|
PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances.
|
|
The data uploaded is public and so is accessible to all mCaptcha
|
|
instances.
|
|
|
|
We also offer opt-in controls at installation level:
|
|
|
|
{{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}}
|
|
|
|
## Ensuring anonymity
|
|
|
|
mCaptcha doesn't fingerprint its users. Performance parameters include:
|
|
|
|
1. Time taken to generate PoW
|
|
2. The difficulty factor for which the PoW was computed
|
|
3. Type of client library used.
|
|
|
|
```json
|
|
"time":14,
|
|
"difficulty_factor":50000,
|
|
"worker_type":"wasm"
|
|
```
|
|
|
|
This doesn't include the usual fingerprinting parameters like
|
|
User-Agent, cookies, and IP address. Additionally, we use pseudo IDs
|
|
at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations.
|
|
|
|
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}}
|
|
|
|
## Status
|
|
|
|
We now have performance statistics uploads to mCaptcha/survey instances
|
|
working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92)
|
|
added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and
|
|
[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a
|
|
self-tuning algorithm within mCaptcha to use this data and optimize
|
|
installations automatically.
|