refalo

What you’re doing is filtering out bots that can’t be bothered to execute JavaScript. You don’t need to do a computational heavy PoW task to do that.

Most bots and scrapers from what I've seen already are using (headless) full browsers, and hence are executing javascript, so I think anything that slows them down or increases their cost can reduce the traffic they bring.

Canvas fingerprinting filters out bots better than PoW

Source? I strongly disagree, and it's not hard to change your browser characteristics to get a new canvas fingerprint every time, some browsers like firefox even have built-in options for it.

Proof of Work is a terrible solution

Hard disagree, because:

it assumes computational costs are significant expense for scrapers compared to proxy costs

The assumption is correct. PoW has been proven to significantly reduce bot traffic... meanwhile the mere existence of residential proxies has exploded the availability of easy bot campaigns.

Canvas fingerprinting would work.

Demonstrably false... people already do this with abysmal results. Need to visit a clownflare site? Endless captcha loops. No thanks

Definitely don't visit the toxic comment thread there... wow

I don't like the approach of banning nonresidential IPs. I think it's discriminatory and unfairly blocks out corporate/VPN users and others we might not even be thinking about. I realize there is a bot problem but I wish there was a better solution. Maybe purely proof-of-work solutions will get more popular or something.

All you need in order to do this is for the client to encrypt their password before sending it to the server. Often services that advertise "zero knowledge" platforms that use end-to-end encryption will authenticate their users in this way. If this were a website for example, there could be a javascript/wasm library used within the client page that encrypts their password before a login request is sent to the server.

Proof? And by what metric? That has not been my experience whatsoever, nor have I heard any complaints about either of them.

xrdp and x11vnc is rootless

I would bet it's more likely emotional breakdown from cyberbullying.

See Freenet/Hyphanet

Please don't, because it is literally the largest place online that openly trades CSAM. Law enforcement even run their own nodes there to try to catch people.

How long until this gets overrun with 🍕 and nobody wants to use it...

Not sure how moderation would even be possible with this model.

Is the new Alexa+ required to be used going forward? Or can you stay on the local-only setup for controlling home automation and simple things like timers and such?

Raspberry Pi Pico-based*