feat: publish mcaptcha-net blog

This commit is contained in:
Aravinth Manivannan 2023-10-21 16:48:55 +05:30
parent a1d1e7413d
commit 4bea62056e
Signed by untrusted user: realaravinth
GPG key ID: F8F50389936984FF
2 changed files with 44 additions and 22 deletions

View file

@ -1,32 +1,47 @@
---
title: "mCaptcha net"
title: "Introducing mCaptcha net"
description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
lead: "We are mCaptcha. We build kickass CAPTCHA systems that give (DDoS) attackers a run for their money. And we do all of this without tracking your users. Oh and did I mention our UX is great?"
date: 2023-10-19
lastmod: 2023-10-19
draft: true
draft: false
weight: 50
images: ["icon.png"]
contributors: ["Aravinth Manivannan"]
---
mCaptcha requires the webmaster to provide [difficulty
factor](docs/terminology/difficulty-factor/) configurations to offer
effective protection. Choosing difficulty factors that work for everyone is a hard task
because it isn't possible to accurately predict the kind of visitors
have. But what if had a system that will improve [mCaptcha
installations](/docs/introduction/installing-captcha/)
based on performance of it users? Enter mCaptcha net!
mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer
Denial-of-Service protection, because of [its excellent accessibility
characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW
within mCaptcha is configuration --- webmasters can configure
[difficulty factors](/docs/terminology/difficulty-factor) for their
installations, which determines waiting time for visitors. But PoW can
become inaccessible if webmasters choose a very high difficulty factor.
So they have to maintain a balance which imposes sufficient load on DDoS
attackers while also being accessible to common folk.
{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}}
To help webmasters correctly configure difficult factors, we are
building a feedback loop which would gather performance statistics from
voluntary mCaptcha installations and make them available to other
mCaptcha installations. The performance statistics can be used by all
mCaptcha instances to automatically optimize an installation. We are
calling this the mCaptcha net.
## Participation is optional
Participation in the mCaptcha net is disabled by default and is
optional as it has privacy implications: it will reveal the
existence of an mCaptcha instance.
The admins of mCaptcha instances can choose to upload truly anonymous
Proof-of-Work (PoW) statistics to
[mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances,
which other mCaptcha instances can then use to automatically optimize
the installations that they hsot.
PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances.
The data uploaded is public and so is accessible to all mCaptcha
instances.
NOTE: This system is opt-in, webmasters must consent to publishing
for the performance statistics from their mCaptcha installation to be
uploaded.
We also offer opt-in controls at installation level:
{{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}}
## Ensuring anonymity
@ -42,10 +57,17 @@ mCaptcha doesn't fingerprint its users. Performance parameters include:
"worker_type":"wasm"
```
This doesn't include the usual fingerprinting parameters like User-Agent,
cookies, and IP address. Additionally, we use a psuedo ID within
mCaptcha to avoid. We also use psuedo IDs within mCaptcha to prevent the
underlying mCaptcha installation from being exposing.
This doesn't include the usual fingerprinting parameters like
User-Agent, cookies, and IP address. Additionally, we use pseudo IDs
at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations.
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}}
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCaptha/survey showing both of them talking to eachother" caption="mCaptha uploading performance statistics to a survey instanc3" %}}
## Status
We now have performance statistics uploads to mCaptcha/survey instances
working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92)
added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and
[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a
self-tuning algorithm within mCaptcha to use this data and optimize
installations automatically.

Binary file not shown.

After

Width:  |  Height:  |  Size: 52 KiB