Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

PoW should probably be built in to the browser as a standard at some point if it is going to be in widespread use. If a website is trying to stop bots, the bots are at an advantage if they can compute the PoW using optimized C while legitimate customers are computing it in Javascript.


Webasm will help with this. If the browser's JIT is good enough, it'll be close to optimized C.

Then you just need to make sure your algorithm is also space-hard and resists parallelization so GPUs and ASICs can't get it.

Basically it's a password hash, like Argon2. I think libsodium already has an official WebAsm build, so there you go.

Web browsers also have "crypto.subtle" but it's not allowed on file:// (making testing on local difficult) and I don't know if it has password hashing.


There is no way to prevent people from optimizing PoW for spamming.

Generating 1MM units of PoW will always be more efficient than 1MM people generating each 1 unit of PoW.

Optimization always works better at scale. Therefore an attacker always has the upper hand.

PoW is absolutely useless as a CAPTCHA and doesn't even do what C.A.P.T.C.H.A. says.


exactly. just ask for sats via LN.


We can already stream money with https://webmonetization.org/docs/explainer/ Doesn't matter if the underling "wallet" is a blockchain or some other ledger like system.


so a 402, but in reverse? the user-agent gets paid, instead of server?


Its a HTML meta tag that contains an address where to send/stream money similar to an email address but for value not text. The websites backed ofc revives data about that payment in real time and can change the content of the website based on that.


And then you're either a licensed/regulated business, or a money launderer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: