feat: publish mcaptcha-net blog

This commit is contained in:
Aravinth Manivannan 2023-10-21 16:48:55 +05:30
parent a1d1e7413d
commit 4bea62056e
Signed by: realaravinth
GPG key ID: F8F50389936984FF
2 changed files with 44 additions and 22 deletions

View file

@ -1,32 +1,47 @@
--- ---
title: "mCaptcha net" title: "Introducing mCaptcha net"
description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible" description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
lead: "We are mCaptcha. We build kickass CAPTCHA systems that give (DDoS) attackers a run for their money. And we do all of this without tracking your users. Oh and did I mention our UX is great?"
date: 2023-10-19 date: 2023-10-19
lastmod: 2023-10-19 lastmod: 2023-10-19
draft: true draft: false
weight: 50 weight: 50
images: ["icon.png"] images: ["icon.png"]
contributors: ["Aravinth Manivannan"] contributors: ["Aravinth Manivannan"]
--- ---
mCaptcha requires the webmaster to provide [difficulty mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer
factor](docs/terminology/difficulty-factor/) configurations to offer Denial-of-Service protection, because of [its excellent accessibility
effective protection. Choosing difficulty factors that work for everyone is a hard task characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW
because it isn't possible to accurately predict the kind of visitors within mCaptcha is configuration --- webmasters can configure
have. But what if had a system that will improve [mCaptcha [difficulty factors](/docs/terminology/difficulty-factor) for their
installations](/docs/introduction/installing-captcha/) installations, which determines waiting time for visitors. But PoW can
based on performance of it users? Enter mCaptcha net! become inaccessible if webmasters choose a very high difficulty factor.
So they have to maintain a balance which imposes sufficient load on DDoS
attackers while also being accessible to common folk.
{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}}
To help webmasters correctly configure difficult factors, we are
building a feedback loop which would gather performance statistics from
voluntary mCaptcha installations and make them available to other
mCaptcha installations. The performance statistics can be used by all
mCaptcha instances to automatically optimize an installation. We are
calling this the mCaptcha net.
## Participation is optional
Participation in the mCaptcha net is disabled by default and is
optional as it has privacy implications: it will reveal the
existence of an mCaptcha instance.
The admins of mCaptcha instances can choose to upload truly anonymous The admins of mCaptcha instances can choose to upload truly anonymous
Proof-of-Work (PoW) statistics to PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances.
[mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances, The data uploaded is public and so is accessible to all mCaptcha
which other mCaptcha instances can then use to automatically optimize instances.
the installations that they hsot.
NOTE: This system is opt-in, webmasters must consent to publishing We also offer opt-in controls at installation level:
for the performance statistics from their mCaptcha installation to be
uploaded. {{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}}
## Ensuring anonymity ## Ensuring anonymity
@ -42,10 +57,17 @@ mCaptcha doesn't fingerprint its users. Performance parameters include:
"worker_type":"wasm" "worker_type":"wasm"
``` ```
This doesn't include the usual fingerprinting parameters like User-Agent, This doesn't include the usual fingerprinting parameters like
cookies, and IP address. Additionally, we use a psuedo ID within User-Agent, cookies, and IP address. Additionally, we use pseudo IDs
mCaptcha to avoid. We also use psuedo IDs within mCaptcha to prevent the at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations.
underlying mCaptcha installation from being exposing.
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}}
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCaptha/survey showing both of them talking to eachother" caption="mCaptha uploading performance statistics to a survey instanc3" %}} ## Status
We now have performance statistics uploads to mCaptcha/survey instances
working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92)
added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and
[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a
self-tuning algorithm within mCaptcha to use this data and optimize
installations automatically.

Binary file not shown.

After

Width:  |  Height:  |  Size: 52 KiB