• @[email protected]
    link
    fedilink
    133 months ago

    Having the proof of work defense has been a game changer for the network. I’ve noticed a hell of a lot less unresponsive onion services. However, this is old news as it was released last August. Most everybody should have a version capable of doing the proof of work by now.

  • @[email protected]
    link
    fedilink
    11
    edit-2
    3 months ago

    I wish more companies understood that Onion Services have excellent protection from DoS attacks.

    You don’t even have to give away your keys to CloudFlare. Just get trigger happy with IP blocking and tell users to use the Onion address to bypass any blocks.

    • Possibly linuxOP
      link
      fedilink
      English
      03 months ago

      Honestly that’s not a terrible idea (assuming the target audience knows about Tor)

      • @[email protected]
        link
        fedilink
        13 months ago

        Most of the people who get blocked are going to be tech savvy. Except maybe someone computer illiterate at a Uni

  • Nihilist
    link
    fedilink
    11
    edit-2
    3 months ago

    no offense, but that’s old news as of august of last year. But yea this has been a big game changer for hidden services that were under constant DDoS, such as the Dread forum.

  • foremanguy
    link
    fedilink
    33 months ago

    Could be good, but be aware that it doesn’t bother the real users. Continue working! 😃

    • magic_lobster_party
      link
      fedilink
      193 months ago

      It’s not like it’s going to consume electricity like Bitcoin.

      PoW was first conceptualized as an anti spam method. It’s just a little overhead to make it expensive to make DOS attacks. This makes perfect sense.

    • @[email protected]
      link
      fedilink
      173 months ago

      What do you think PoW was created for. This is exactly the use case of PoW – to reduce malicious traffic. It works great!

      • Mubelotix
        link
        fedilink
        1
        edit-2
        3 months ago

        Though if an attacker has an ASIC he can single-handedly dominate the whole pool of other users as ASICs are tremendously more efficient than CPUs

    • @BroBot9000
      link
      English
      93 months ago

      Still a better use of the electricity than Ai.

    • @[email protected]
      link
      fedilink
      English
      7
      edit-2
      3 months ago

      At least it appears to be something that gets triggered. In theory, if a node is not under attack or heavy usage, this isn’t a consideration. Doesn’t seem to be a perfect solution as it still slows the traffic of legitimate users in the event of an attack. I don’t know the full details, but in the worse case it makes it easier to semi-DoS, maybe not by fully making a node unresponsive, but by making the service so painfully slow that users may give up on it.

      • @[email protected]
        link
        fedilink
        23 months ago

        Only for those users who do not have proof of work capability, they get put at the back of the line, but anybody with proof of work capability, which was released last August, will do the work and be put higher priority. I know some people who run seed nodes for Haveno-reto and they had major DDOS issues until they got PoW enabled. It was taking like 5 or 10 minutes to get connected to the network. And now it takes about 30 seconds.

      • sunzu2
        link
        fedilink
        83 months ago

        I bet that commenter got triggered because cyrpto bad!!! There

        Anyway, ain’t pow like the only practical solution to fight bots?

        Share Some conputer to enter… Seems fair if you are good faith single actor but very expensive if you are running a botnet campaign

        • @[email protected]
          link
          fedilink
          English
          43 months ago

          Either that or charging a micro transaction for loading the page. But yeah the goal is to make it cost a small amount that is insignificant to a regular user but adds up to a huge amount at the scale of a spam farm. And it’s also the same rationale behind hashing passwords with multiple rounds. It adds a tiny lag when you log in correctly but adds an insane amount of work if you’re checking every phrase in a password cracking dictionary using an offline attack because it adds up. (In the online scenario you just block them after a few attempts)

        • PropaGandalf
          link
          13 months ago

          No, in my eyes PoW is just a waste of resources. At least let them do some useful computation for the node.