diff --git a/content/blog/10-20-mcaptcha-net/index.md b/content/blog/10-20-mcaptcha-net/index.md index 5c303f1..69cdf39 100644 --- a/content/blog/10-20-mcaptcha-net/index.md +++ b/content/blog/10-20-mcaptcha-net/index.md @@ -1,32 +1,47 @@ --- -title: "mCaptcha net" +title: "Introducing mCaptcha net" description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible" -lead: "We are mCaptcha. We build kickass CAPTCHA systems that give (DDoS) attackers a run for their money. And we do all of this without tracking your users. Oh and did I mention our UX is great?" date: 2023-10-19 lastmod: 2023-10-19 -draft: true +draft: false weight: 50 images: ["icon.png"] contributors: ["Aravinth Manivannan"] --- -mCaptcha requires the webmaster to provide [difficulty -factor](docs/terminology/difficulty-factor/) configurations to offer -effective protection. Choosing difficulty factors that work for everyone is a hard task -because it isn't possible to accurately predict the kind of visitors -have. But what if had a system that will improve [mCaptcha -installations](/docs/introduction/installing-captcha/) -based on performance of it users? Enter mCaptcha net! +mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer +Denial-of-Service protection, because of [its excellent accessibility +characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW +within mCaptcha is configuration --- webmasters can configure +[difficulty factors](/docs/terminology/difficulty-factor) for their +installations, which determines waiting time for visitors. But PoW can +become inaccessible if webmasters choose a very high difficulty factor. +So they have to maintain a balance which imposes sufficient load on DDoS +attackers while also being accessible to common folk. + +{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}} + +To help webmasters correctly configure difficult factors, we are +building a feedback loop which would gather performance statistics from +voluntary mCaptcha installations and make them available to other +mCaptcha installations. The performance statistics can be used by all +mCaptcha instances to automatically optimize an installation. We are +calling this the mCaptcha net. + +## Participation is optional + +Participation in the mCaptcha net is disabled by default and is +optional as it has privacy implications: it will reveal the +existence of an mCaptcha instance. The admins of mCaptcha instances can choose to upload truly anonymous -Proof-of-Work (PoW) statistics to -[mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances, -which other mCaptcha instances can then use to automatically optimize -the installations that they hsot. +PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances. +The data uploaded is public and so is accessible to all mCaptcha +instances. -NOTE: This system is opt-in, webmasters must consent to publishing -for the performance statistics from their mCaptcha installation to be -uploaded. +We also offer opt-in controls at installation level: + +{{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}} ## Ensuring anonymity @@ -42,10 +57,17 @@ mCaptcha doesn't fingerprint its users. Performance parameters include: "worker_type":"wasm" ``` -This doesn't include the usual fingerprinting parameters like User-Agent, -cookies, and IP address. Additionally, we use a psuedo ID within -mCaptcha to avoid. We also use psuedo IDs within mCaptcha to prevent the -underlying mCaptcha installation from being exposing. +This doesn't include the usual fingerprinting parameters like +User-Agent, cookies, and IP address. Additionally, we use pseudo IDs +at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations. +{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}} -{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCaptha/survey showing both of them talking to eachother" caption="mCaptha uploading performance statistics to a survey instanc3" %}} +## Status + +We now have performance statistics uploads to mCaptcha/survey instances +working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92) +added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and +[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a +self-tuning algorithm within mCaptcha to use this data and optimize +installations automatically. diff --git a/content/blog/10-20-mcaptcha-net/installation-level-opt-in.png b/content/blog/10-20-mcaptcha-net/installation-level-opt-in.png new file mode 100644 index 0000000..8887c56 Binary files /dev/null and b/content/blog/10-20-mcaptcha-net/installation-level-opt-in.png differ