forked from mCaptcha/website
feat: publish mcaptcha-net blog
This commit is contained in:
parent
a1d1e7413d
commit
4bea62056e
2 changed files with 44 additions and 22 deletions
|
@ -1,32 +1,47 @@
|
|||
---
|
||||
title: "mCaptcha net"
|
||||
title: "Introducing mCaptcha net"
|
||||
description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
|
||||
lead: "We are mCaptcha. We build kickass CAPTCHA systems that give (DDoS) attackers a run for their money. And we do all of this without tracking your users. Oh and did I mention our UX is great?"
|
||||
date: 2023-10-19
|
||||
lastmod: 2023-10-19
|
||||
draft: true
|
||||
draft: false
|
||||
weight: 50
|
||||
images: ["icon.png"]
|
||||
contributors: ["Aravinth Manivannan"]
|
||||
---
|
||||
|
||||
mCaptcha requires the webmaster to provide [difficulty
|
||||
factor](docs/terminology/difficulty-factor/) configurations to offer
|
||||
effective protection. Choosing difficulty factors that work for everyone is a hard task
|
||||
because it isn't possible to accurately predict the kind of visitors
|
||||
have. But what if had a system that will improve [mCaptcha
|
||||
installations](/docs/introduction/installing-captcha/)
|
||||
based on performance of it users? Enter mCaptcha net!
|
||||
mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer
|
||||
Denial-of-Service protection, because of [its excellent accessibility
|
||||
characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW
|
||||
within mCaptcha is configuration --- webmasters can configure
|
||||
[difficulty factors](/docs/terminology/difficulty-factor) for their
|
||||
installations, which determines waiting time for visitors. But PoW can
|
||||
become inaccessible if webmasters choose a very high difficulty factor.
|
||||
So they have to maintain a balance which imposes sufficient load on DDoS
|
||||
attackers while also being accessible to common folk.
|
||||
|
||||
{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}}
|
||||
|
||||
To help webmasters correctly configure difficult factors, we are
|
||||
building a feedback loop which would gather performance statistics from
|
||||
voluntary mCaptcha installations and make them available to other
|
||||
mCaptcha installations. The performance statistics can be used by all
|
||||
mCaptcha instances to automatically optimize an installation. We are
|
||||
calling this the mCaptcha net.
|
||||
|
||||
## Participation is optional
|
||||
|
||||
Participation in the mCaptcha net is disabled by default and is
|
||||
optional as it has privacy implications: it will reveal the
|
||||
existence of an mCaptcha instance.
|
||||
|
||||
The admins of mCaptcha instances can choose to upload truly anonymous
|
||||
Proof-of-Work (PoW) statistics to
|
||||
[mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances,
|
||||
which other mCaptcha instances can then use to automatically optimize
|
||||
the installations that they hsot.
|
||||
PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances.
|
||||
The data uploaded is public and so is accessible to all mCaptcha
|
||||
instances.
|
||||
|
||||
NOTE: This system is opt-in, webmasters must consent to publishing
|
||||
for the performance statistics from their mCaptcha installation to be
|
||||
uploaded.
|
||||
We also offer opt-in controls at installation level:
|
||||
|
||||
{{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}}
|
||||
|
||||
## Ensuring anonymity
|
||||
|
||||
|
@ -42,10 +57,17 @@ mCaptcha doesn't fingerprint its users. Performance parameters include:
|
|||
"worker_type":"wasm"
|
||||
```
|
||||
|
||||
This doesn't include the usual fingerprinting parameters like User-Agent,
|
||||
cookies, and IP address. Additionally, we use a psuedo ID within
|
||||
mCaptcha to avoid. We also use psuedo IDs within mCaptcha to prevent the
|
||||
underlying mCaptcha installation from being exposing.
|
||||
This doesn't include the usual fingerprinting parameters like
|
||||
User-Agent, cookies, and IP address. Additionally, we use pseudo IDs
|
||||
at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations.
|
||||
|
||||
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}}
|
||||
|
||||
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCaptha/survey showing both of them talking to eachother" caption="mCaptha uploading performance statistics to a survey instanc3" %}}
|
||||
## Status
|
||||
|
||||
We now have performance statistics uploads to mCaptcha/survey instances
|
||||
working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92)
|
||||
added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and
|
||||
[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a
|
||||
self-tuning algorithm within mCaptcha to use this data and optimize
|
||||
installations automatically.
|
||||
|
|
BIN
content/blog/10-20-mcaptcha-net/installation-level-opt-in.png
Normal file
BIN
content/blog/10-20-mcaptcha-net/installation-level-opt-in.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 52 KiB |
Loading…
Reference in a new issue