Monero for DDoS protection - eviltoast

Trocador used to be a pleasure to use. No Javascript, it worked over tor, and it had an onion service. Then they got DDoSed. Turns out this is what causes the enshittification of the internet, that sites without javascript are trivial to DDoS. Now, the statement about no JS is gone, the onion service is gone, and if you try to connect over tor, if you can connect at all, you get DDoS Guard demanding you enable javascript so it can try to fingerprint your browser and force you to perform captchas. What if there was a better way?

You use a proof-of-work cryptocurrency that is not only microtransaction capable, but also “micro-mineable”, i.e. the difficulty is low enough that you can solo mine multiple blocks per day even on modest hardware. For proof of concept you could use stagenet monero, but in the long term you would use a dedicated fourth Monero blockchain where transactions older than a certain age are pruned, because the idea is that PoWnet coins are something you mine and use rather than using them as a long-term store of value.

You go to website.app/NoBS/, and the site communicates in headers the current cost in PoW tokens of an access token good for X minutes of access and an appropriate amount of server resources for a non-bot user during that time. You have a web browser plugin that reads it, and if you’ve whitelisted the combination of site + cost it can autopay from a PoWnet wallet so you just go straight through.

No more javascript or reliance on third parties that might be compromised.

To keep people from rolling forward their PoWnet balance forever by making a transaction just before the outputs expire, PoWnet ouputs could have a telomere which is reduced by one every time they’re transacted, so they also expire after a set number of sends. It would be a small value, not more than 5 at start, and merging outputs would use the least of the input t-values.

Or you could just pay for website access in minute amounts of mainnet Monero. But I expect people don’t want to pay in real money, and I want there to be a way for people who don’t have any mainnet Monero to still use the system.

  • Krugtron9000@monero.town
    link
    fedilink
    arrow-up
    1
    ·
    5 months ago

    WASM is the millennials getting their turn to learn that “those who do not learn from history are doomed to repeat it”.

    Letting the bloated web offload more of its bloat to clients will simply result in an even worse web obesity crisis than already exists. The computational burden needs to stay with the side (the content producer) that has the ability to reduce the level of bloat. Anything else is a broken incentive structure.

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      What I’m saying is implementing it in the front, so instead of spending 2 minutes solving captchas, you spend 10 seconds solving a PoW, then load the site without any background mining.

      We shouldn’t ban knifes just because some people use them to stab people.