• I make websites
  • If someone is banned twice (two accounts) I want it to take them more than 5min and a VPN to make a 3rd account
  • I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
  • I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
  • but spam (automated account creation) is a real problem

What kind of auth should I use for my websites?

  • @[email protected]
    link
    fedilink
    247 months ago

    mCaptcha is a proof of work pseudo-captcha, it won’t block bots completely, but it heavily rate limits them and makes them computationally expensive to run.

    • PropaGandalf
      link
      47 months ago

      Benefits - costs: If your benefits from having less spam and the work they are doing by solving the task are greater than your costs this is acceptable.

    • Cyclohexane
      link
      fedilink
      37 months ago

      Doesn’t work on Mull browser (hardened Firefox for android) :(

        • Cyclohexane
          link
          fedilink
          27 months ago

          It uses the arkenfox thingie. It doesn’t block JS, but it does block a lot of things and possibly certain JS features.

    • @[email protected]OP
      link
      fedilink
      17 months ago

      While I’m really glad to hear about it, I think it would work great for DDOS detection, I don’t know that it works for preventing spam accounts. I’m pretty sure puppeteer with GPT4 could check that box no problem.