58 lines
2.4 KiB
TeX
58 lines
2.4 KiB
TeX
\subsection{mCaptcha}
|
|
|
|
mCaptcha is a free (as in freedom), experimental Proof of Work CAPTCHA system
|
|
that uses variable difficulty proofs. The AGPL licensing guarantees freedom of
|
|
its users and allows for competing implementations.
|
|
|
|
The system uses variable difficulty proofs to
|
|
\begin{itemize}
|
|
\item Image identification
|
|
\item IP tracking
|
|
\item Proprietary AI
|
|
\item Session tracking
|
|
\end{itemize}
|
|
|
|
\subsubsection{Privacy}
|
|
Excellent\\
|
|
mCaptcha doesn't use session or IP tracking, so it works when used in anonymous
|
|
networks like TOR\@.
|
|
|
|
\subsubsection{Effectiveness}
|
|
Excellent\\
|
|
|
|
mCaptcha uses salts to prevent rainbow table based attacks and TTLs to ban
|
|
stale entries. It also users a caching mechanism to prevent replay attacks. To
|
|
combat an attack in-progress attack, the system is designed to temporarily
|
|
increase the difficulty of the proofs. The system also has options to
|
|
personalise proof requirements for each CAPTCHA deployment. This allows for
|
|
system administrators to select requirements which better suit their needs.
|
|
|
|
% TODO cite CAPTCHA farm cost analysis paper
|
|
ease.
|
|
\subsubsection{Accessibility}
|
|
Good to Excellent\\
|
|
|
|
mCaptcha is non-interactive, so it is fully accessible to users with all
|
|
disabilities. To allow users on slow devices access to the service, mCaptcha has
|
|
options to set different difficulty levels. Webmasters can use this option to
|
|
set lower difficulties to while the website is receiving normal levels of
|
|
traffic and set higher levels of difficulties when the website receives unusual
|
|
amounts of traffic. Therefore, the website administrators are responsible for
|
|
mCaptcha's behaviour on their websites.
|
|
|
|
\subsubsection{Accuracy}
|
|
Excellent\\
|
|
|
|
Success and failure are absolute states in this method. A proof that fails
|
|
verification is rejected, and a successful verification is permitted. The system
|
|
is able to sense attacks and adapts by raising the difficulty requirement for
|
|
all incoming users. An attacker who is presented with increased difficulty will
|
|
either have to allocate more resources to sustain the attack or retreat in
|
|
defeat. However, this increased difficulty might impact well behaving users too,
|
|
but this is short-lived as the difficulty requirement will be relaxed once the
|
|
attack is contained.
|
|
|
|
Overall, mCaptcha is an attempt at strengthening the web and the internet with
|
|
open technologies. CAPTCHAs in their original sense were used as rate-limiters
|
|
and mCaptcha, with its PoW mechanism does just that.
|