Cap is a lightweight, modern open-source CAPTCHA alternative designed using SHA-256 proof-of-work. It's: - β‘οΈ 250x smaller than hCaptcha - ποΈ Private - π Fully customizable - π€ PoW-based - π³ Fully FOSS - π¨ Invisible
I'm a bit concerned about it's effectiveness. Prove me wrong, I'd be happy if this works as good as the others.
First, this does not verify if I'm a human, but if I have enough computational resources. A similar system was developed (Hashcash) which is not really used in popular email clients. In my opinion, it works for Bitcoin for the same reason it didn't work work email: it doesn't verify if you're a human, it just verifies your computational resources.
This raises some questions. What if someone is browsing my site from an old computer? The verification will take a lot longer and possibly use all the resources that device has for minutes.
What happens to botnets? While tracking-based captchas have a chance to combat them, it doesn't really matter if hacker guy has to do some PoW on the botnet computers.
Thanks to Bitcoin, we also have really efficient sha256 ASICs - computers that only solve sha256, but they do it really efficiently. If a verification take 2 seconds on a CPU, then it will take milliseconds on an ASIC. So with just one ASIC, I'm able to essentially break any website.
Right now I think this captcha is MUCH better than not using any captcha - but I don't think it is better that the tracking based captchas. I'd be the happiest if this could work, so please prove me wrong if I didn't get it right. I also think it is really important to have experiments like this, I really support the direction.
Love this approach! π‘ Using SHA-256 proof-of-work as a CAPTCHA alternative is such a smart, elegant solution β especially in an era where user privacy and page speed really matter. πβ‘οΈ
Curious how it performs in real-world bot scenarios β any benchmarks or early adopter feedback?
Awesome work, and congrats on the launch! π
250x smaller than hCaptcha is huge for web performance. Can we modify PoW parameters per use case, like stricter thresholds for login vs. comment forms?
This is great. I will use it on my next project as it seems really straightforward and easy to implement. Congrats for the launch & good luck!
