Trocador used to be a pleasure to use. No Javascript, it worked over tor, and it had an onion service. Then they got DDoSed. Turns out this is what causes the enshittification of the internet, that sites without javascript are trivial to DDoS. Now, the statement about no JS is gone, the onion service is gone, and if you try to connect over tor, if you can connect at all, you get DDoS Guard demanding you enable javascript so it can try to fingerprint your browser and force you to perform captchas. What if there was a better way?

You use a proof-of-work cryptocurrency that is not only microtransaction capable, but also “micro-mineable”, i.e. the difficulty is low enough that you can solo mine multiple blocks per day even on modest hardware. For proof of concept you could use stagenet monero, but in the long term you would use a dedicated fourth Monero blockchain where transactions older than a certain age are pruned, because the idea is that PoWnet coins are something you mine and use rather than using them as a long-term store of value.

You go to website.app/NoBS/, and the site communicates in headers the current cost in PoW tokens of an access token good for X minutes of access and an appropriate amount of server resources for a non-bot user during that time. You have a web browser plugin that reads it, and if you’ve whitelisted the combination of site + cost it can autopay from a PoWnet wallet so you just go straight through.

No more javascript or reliance on third parties that might be compromised.

To keep people from rolling forward their PoWnet balance forever by making a transaction just before the outputs expire, PoWnet ouputs could have a telomere which is reduced by one every time they’re transacted, so they also expire after a set number of sends. It would be a small value, not more than 5 at start, and merging outputs would use the least of the input t-values.

Or you could just pay for website access in minute amounts of mainnet Monero. But I expect people don’t want to pay in real money, and I want there to be a way for people who don’t have any mainnet Monero to still use the system.

  • Krugtron9000
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    5 months ago

    This is precisely what Hashcash is. Hashcash is widely acknowledged as the primary ancestor of Bitcoin.

    Also, Tor now has a system like this built-in. It uses PoW. It’s quite new (less than a year old) and you have to explicitly enable it, but I’m sure the trocador admins know about this.

    But seriously, regarding enshittification, I don’t think javascript makes websites any harder to ddos. Rather, you get ddossed until you cry uncle and comply with the demands that you help MITM and fingerprint your customers. Javascript happens to be useful for fingerprinting. It has very little to do with ddos mitigation.