Pages:
Author

Topic: Using bitcoin addresses for captcha..... (Read 2570 times)

legendary
Activity: 1526
Merit: 1134
July 02, 2012, 12:26:40 PM
#32
The flip side is, would you want to pay every random blog or forum you encounter some Bitcoins that you may never see returned? A new blog or forum that gets popular would incentivise the owner to simply vanish with the deposits, or they might get hacked, or they might simply get bored and vanish.

The deposit scheme lets you vary the parameters up or down to trade off spammer vs good user convenience. I think it can be made to work pretty well. Of course if coins are stolen, it doesn't, but everyone already has the right incentives to ensure that doesn't happen much.
legendary
Activity: 2618
Merit: 1007
See it this way - spamming results in locking up funds such that they are unspendable. This does have a cost, even if you get the funds back eventually, because it's opportunity costs. If I told you that I would give you half a million dollars the day you turn 70, would you feel richer today? You'd feel the same, because those funds aren't accessible to you for the things you want to buy right now.
I can spend less money now since I don't have to save that much for my retirement. This would definitely change my money spending behaviour.

Also I'd guess bitcoins used by spammers are stolen from others via trojans etc. and maybe even reported stolen. This might even put a forum owner in a tricky situation if he locked up 1 of the bicoinica coins directly from the thief but will have to give them back within some time with no way to circumvent it.

All in all, no matter the cost of the deposit - the only cost a spammer pays with your system is the opportunity cost of the deposited amount for the locked time. Depending on the coins deposited, this opportunity cost can be VERY small (MtGox and their stupid "tainted coins") and this means it could again be profitable to pay this cost.
hero member
Activity: 686
Merit: 500
Wat
ewww on requiring twitter and facebook. I think I have a better idea.....
legendary
Activity: 1526
Merit: 1134
Right, the site can't seize the deposit - that's exactly the point. The site can require a fairly large deposit and it's OK because you know you'll eventually get it back even if the site disappears.

Quote
* You open site and charge 1 Satoshi

There's your problem. Charge more.

Quote
* You raise fee to 1 BTC but pay back the botters + have problems with moderation etc.

The botted accounts won't get their funds back for the max amount of time. If you set it to six months, unless they're willing to only spam you twice a year, they need more funds at this point. You can tune these parameters to make it too expensive.

Quote
Also, if I'm getting the money back anyways, I would't care how much it costs, since in the end I will as a bot always fall under the regulations of a completely unknown new user. You cannot tell them that you'll keep their coins in limbo for years

Yes you can. The rule is, everyone is required to make a deposit, that may be lowered or raised according to some risk analysis (eg, if you have a Facebook/Google account perhaps it's lower). If you don't break the ToS you can withdraw that deposit after a short time and the account will be closed. If you do break the ToS then you have to wait the max amount of time to recover the deposit.

See it this way - spamming results in locking up funds such that they are unspendable. This does have a cost, even if you get the funds back eventually, because it's opportunity costs. If I told you that I would give you half a million dollars the day you turn 70, would you feel richer today? You'd feel the same, because those funds aren't accessible to you for the things you want to buy right now.
legendary
Activity: 1330
Merit: 1000
Bitcoin
1.Captcha shows a Bitcoin address + a random number of BTC to pay
2.User pays x.xxxxxxxx BTC
3.User gets 90-99% of his/her coins back after 14 days (unless he/she has been reported by the owner of the website)

basically, this is what I proposed originally in another thread  that started all this discussion....lol
https://bitcointalksearch.org/topic/eliminating-captchas-w-bitcoin-77618
legendary
Activity: 2618
Merit: 1007
There's no chance to "seize" this deposit for the site in your example though.

* You open site and charge 1 Satoshi
* Botters create 1 million accounts and spam the hell out of you
* You raise fee to 1 BTC but pay back the botters + have problems with moderation etc.
* Botters leave and users don't understand why the fee is so high

Also, if I'm getting the money back anyways, I would't care how much it costs, since in the end I will as a bot always fall under the regulations of a completely unknown new user. You cannot tell them that you'll keep their coins in limbo for years or charge them something equivalent to a few USD... on the other hand anything that after some time finds out more about a certain user would be useless as soon as they change IPs, cookies and/or HTTP headers.
legendary
Activity: 1526
Merit: 1134
See here for a description of a low trust Bitcoin based microdeposit protocol:

https://en.bitcoin.it/wiki/Contracts#Example_1:_Providing_a_deposit
hero member
Activity: 686
Merit: 500
Wat
I honestly have a site being developed that could use a good anti spam system. I wish we could use bitcoin for it somehow  Smiley
legendary
Activity: 1358
Merit: 1002
If you detect them spamming show longer and longer ads each time they show up....

If you want to spam me I will spam you lol

Edit: of course those would be bitcoin ads lol.

Like bots care with ads! Hand spamming, and looking at the spammed sites is for cashless amateurs Wink
Also, that will not be fair to advertisers, as they're the ones who'll end up paying for bots to "watch" their ads lol

Its  apity you couldnt make an anti spam bot that keeps the spambot occupied lol.

For real...

Now you just gave me an idea... I could test anti-spam/anti-bot measures for a price.
I have the means to do it lol
hero member
Activity: 686
Merit: 500
Wat
If you detect them spamming show longer and longer ads each time they show up....

If you want to spam me I will spam you lol

Edit: of course those would be bitcoin ads lol.

Like bots care with ads! Hand spamming, and looking at the spammed sites is for cashless amateurs Wink
Also, that will not be fair to advertisers, as they're the ones who'll end up paying for bots to "watch" their ads lol

Its  apity you couldnt make an anti spam bot that keeps the spambot occupied lol.
legendary
Activity: 1358
Merit: 1002
If you detect them spamming show longer and longer ads each time they show up....

If you want to spam me I will spam you lol

Edit: of course those would be bitcoin ads lol.

Like bots care with ads! Hand spamming, and looking at the spammed sites is for cashless amateurs Wink
Also, that will not be fair to advertisers, as they're the ones who'll end up paying for bots to "watch" their ads lol
hero member
Activity: 686
Merit: 500
Wat
If you detect them spamming show longer and longer ads each time they show up....

If you want to spam me I will spam you lol

Edit: of course those would be bitcoin ads lol.
legendary
Activity: 1078
Merit: 1003
1.Captcha shows a Bitcoin address + a random number of BTC to pay
2.User pays x.xxxxxxxx BTC
3.User gets 90-99% of his/her coins back after 14 days (unless he/she has been reported by the owner of the website)

This similar to what I figured would be a good idea, the only way to fight bots is with your own bots detecting malicious users. Make them pay a high price to solve the bitcoin captcha, use a bot to monitor if they are spamming, if they are, confiscate their money, if they are not, return it after a period of time.
legendary
Activity: 1554
Merit: 1021
1.Captcha shows a Bitcoin address + a random number of BTC to pay
2.User pays x.xxxxxxxx BTC
3.User gets 90-99% of his/her coins back after 14 days (unless he/she has been reported by the owner of the website)
hero member
Activity: 721
Merit: 503
Hashcash returns
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
What about combining the image idea along with the highlighted areas?

Or if you absolutly had to use text you could colorize the bitcoin address with 10 different colors and then in an image tell the user what color selected. No bot could solve that! Okay the bot could guess but it would only be correct once out of every ten tries(more times if your lucky)
legendary
Activity: 1358
Merit: 1002
In Russia captcha solves you.

Now that was funny ROFL
legendary
Activity: 1358
Merit: 1002
but what if you used your own set of html tags like
Code:
17ocNsURFKCsGarEiqEgzMxxS9WnWAmP6P
and you can randomly set where they show up and can confuse bots at least

Oh, that would be bypassed in less than 1 minute. Yes, 1 minute would be what I would need to program a bot to scrape your personalized tags lol regex included. Even if you randomized them, would all be a matter of training and time.

You would be surprised with the bots Russians sell nowadays Grin
ZennoPoster is unstopable Wink Well, that captcha in the faucet would stop it, but that's one of the few.
Any captcha involving text, be it on the page source or on an image is pretty much dead on arrival.
You may not believe it, but I've seen captcha systems that involve composing the image from several smaller images: No problem, it screenshots the page and crops the screenshot and sends the part with the captcha to the captcha solving service.
The only ones that are trully working are the ones that involving recognizing an object(non-text) between 3 or 4 pictures or, like I said, the one used on the faucet.
hero member
Activity: 686
Merit: 500
Wat
but what if you used your own set of html tags like
Code:
17ocNsURFKCsGarEiqEgzMxxS9WnWAmP6P
and you can randomly set where they show up and can confuse bots at least

 Shocked
legendary
Activity: 1358
Merit: 1002
Whats if the amount is in an image format Tongue

That would require humans Smiley



That would require OCR or a service like de-captcher. Currently most captchas are images and that doesn't stop spammers. At most you would only double the cost to solve it, nothing more.

You guys are free to implement it. I'll try and break it and if you want. Grin

BTW, the best captchas around are the one that is used on the Bitcoin Faucet(impossible for a bot to solve) and those SolveMedia ones, which may require 2 or 3 tries, but eventually will be solved.

What if you show a full address but highlight the letters and numbers randomly ? It would be an actual working address and the amount to bypass it would be in a pic too.

If you use html to higlight the letters and numbers it can and will be detected by more advanced bots.
If you use a picture to show the full address, nobody will have the guts to write it and send the coin lol
Pages:
Jump to: