Tor users: if I allowed sr.ht account registration over Tor (perhaps with an onion address, even), if and only if the user ran a proof of work program which would take anywhere from tens of minutes to hours to complete before being allowed to register an account, would you find that an acceptable compromise for preventing abusive traffic from Tor without completely locking them out of the platform?

@sir I saw your `mkproof` repo. To clarify: are you intending that the user starts (or completes) the registration flow but, if done over Tor, is presented with a challenge. They then perform the work to complete the challenge outside the browser and come back with their proof at a later time? In other words they register and can come back in a second session to complete the proof, then the account is "active".

@chip not sure what the best flow would be. Why do you ask?

@sir I could see how being able to close the browser and perform the work elsewhere would likely have fewer adverse affects on other browsing and would be less likely to be interrupted 20 minutes in. But that’d depend on external binaries and more susceptible to “farming”. Caveat is I’m not a Tor user so don’t count this as user feedback, just UX curious.

@chip asking Tor users to enable JavaScript is a steep ask.

Farming is not possible with this design

@sir agreed that enabling JS is a steep ask. If staying with argon2 it'd require RAM which is useful. By farming I more meant performing multiple account registrations worth of work on a large hourly VM somewhere. Not sure if that's worth that amount of effort though.

Sign in to participate in the conversation
us.dev

A Mastodon instance for developers of all shapes, disciplines and skill levels. By us, for us.