11
Monero for DDoS protection (monero.town)
submitted 4 days ago by Anonymous@monero.town to c/monero@monero.town
19 comments fedilink hide all child comments

Trocador used to be a pleasure to use. No Javascript, it worked over tor, and it had an onion service. Then they got DDoSed. Turns out this is what causes the enshittification of the internet, that sites without javascript are trivial to DDoS. Now, the statement about no JS is gone, the onion service is gone, and if you try to connect over tor, if you can connect at all, you get DDoS Guard demanding you enable javascript so it can try to fingerprint your browser and force you to perform captchas. What if there was a better way?

You use a proof-of-work cryptocurrency that is not only microtransaction capable, but also "micro-mineable", i.e. the difficulty is low enough that you can solo mine multiple blocks per day even on modest hardware. For proof of concept you could use stagenet monero, but in the long term you would use a dedicated fourth Monero blockchain where transactions older than a certain age are pruned, because the idea is that PoWnet coins are something you mine and use rather than using them as a long-term store of value.

You go to website.app/NoBS/, and the site communicates in headers the current cost in PoW tokens of an access token good for X minutes of access and an appropriate amount of server resources for a non-bot user during that time. You have a web browser plugin that reads it, and if you've whitelisted the combination of site + cost it can autopay from a PoWnet wallet so you just go straight through.

No more javascript or reliance on third parties that might be compromised.

To keep people from rolling forward their PoWnet balance forever by making a transaction just before the outputs expire, PoWnet ouputs could have a telomere which is reduced by one every time they're transacted, so they also expire after a set number of sends. It would be a small value, not more than 5 at start, and merging outputs would use the least of the input t-values.

Or you could just pay for website access in minute amounts of mainnet Monero. But I expect people don't want to pay in real money, and I want there to be a way for people who don't have any mainnet Monero to still use the system.

top 19 comments
sorted by: hot top controversial new old
[-] Krugtron9000@monero.town 4 points 4 days ago* (last edited 4 days ago)

This is precisely what Hashcash is. Hashcash is widely acknowledged as the primary ancestor of Bitcoin.

Also, Tor now has a system like this built-in. It uses PoW. It's quite new (less than a year old) and you have to explicitly enable it, but I'm sure the trocador admins know about this.

But seriously, regarding enshittification, I don't think javascript makes websites any harder to ddos. Rather, you get ddossed until you cry uncle and comply with the demands that you help MITM and fingerprint your customers. Javascript happens to be useful for fingerprinting. It has very little to do with ddos mitigation.

[-] shortwavesurfer@monero.town 4 points 4 days ago

Just take the main website down and use the onion since it has proof of work, DDoS protection, thanks to Tor.

[-] Anonymous@monero.town 3 points 4 days ago* (last edited 4 days ago)

But they did the opposite. The onion is gone. Presumably they have some reason for that?

Also onion sites in general are very slow because of the six hops. I'd like an open source solution that can be used by anyone, including clearnet sites, so that use of captchas and browser probing can be reduced across the entire web.

And Trocador couldn't go onion only because an increasing number of their partner exchanges were no longer willing to be available over .onion or i2p.

[-] Krugtron9000@monero.town 1 points 4 days ago

It's only three hops if, like Trocador, you don't need to hide the location of the server. They can (and should) enable HiddenServiceSingleHopMode. This hides the location of the client but not the location of the server. Six hops is only for darknet sites that need to hide the server location.

[-] shortwavesurfer@monero.town 1 points 4 days ago* (last edited 4 days ago)

I mean, the tor proof of work mechanism is open source, so theoretically it could be adopted on the clear net with some modification

[-] Anonymous@monero.town 2 points 4 days ago

That might work, I will certainly look at it, but I like the idea of premining PoW tokens because it won't bog your browser down at the time you need to go through, and the cost can also be made higher. It could be used as a general cost for things that need spam protection, such as creating accounts, making posts, submitting contact forms.

[-] Rucknium@monero.town 1 points 3 days ago

Do you know about Primo? I think it was only a proof-of-concept, never used widely: https://monero.stackexchange.com/questions/11752/what-is-primo-private-monero-payments

Primo is a protocol and associated suite of software allowing a website to request payment for service by mining Monero to an address owned by the website owner.

[-] tusker@monero.town 2 points 4 days ago

Use their i2p gateway, works with no JS.

[-] Scolding0513@sh.itjust.works 3 points 4 days ago* (last edited 4 days ago)

this is targeted by the global powers, to get everyone on the top major cdns like akami, cloudflare, etc, in order to scarf and decrypt all traffic. enshitification is correct af.

why tf do they not have an onion anymore?? have they said anything? it would be perfect to have the onion.

edit. i just checked and the onion is gone but i can connect to the clearnet from tor with no js.

[-] Scolding0513@sh.itjust.works 3 points 4 days ago* (last edited 4 days ago)

edit again

trocador just made another post on monero.town

go look at it!

https://monero.town/post/3574353

[-] delirious_owl@discuss.online 2 points 4 days ago* (last edited 4 days ago)

I never understood why monero hard forked to using a hashing algorithm that was intentionally difficult to implement in WASM.

Like, we could be implementing anti-DDOS fronts as an alternative to CloudFlare that use PoW to mine monero and also raise funds for the site at the same time.

News sites could use this as an alternative to an authwall ffs (just wait 10 seconds before you read the article).

Its one of my least favorite things about Monero, and something more people should be talking about

[-] jet@hackertalks.com 2 points 4 days ago

Having most people's first and only exposure to your ecosystem be malware level browser miners that really diminish their browsing experience is really really bad pr.

[-] delirious_owl@discuss.online 2 points 4 days ago* (last edited 4 days ago)

Its not malware. Its a great alternative to ads and authwalls.

Even Steve Gibson was super behind replacing ads with miners. Ads are cancer. Imagine all if that going away.

[-] jet@hackertalks.com 2 points 4 days ago* (last edited 4 days ago)

If people are aware they're running a miner to support the site that's great.

Most web miners are clandestine, and not observable, so most people's interaction with them is a slow computer, or a virus alert, or even crashing the browser. Do I guess the most common one is hey my laptop battery only lasted 20% of its usual length I was just watching movies on this website....

Fundamentally, a miner to pay for access, is the same as getting a micro payment to view. I realize getting micro payments to work has been in long-standing problem.

[-] delirious_owl@discuss.online 3 points 3 days ago

What I'm saying is implementing it in the front, so instead of spending 2 minutes solving captchas, you spend 10 seconds solving a PoW, then load the site without any background mining.

We shouldn't ban knifes just because some people use them to stab people.

[-] Krugtron9000@monero.town 1 points 4 days ago

WASM is the millennials getting their turn to learn that "those who do not learn from history are doomed to repeat it".

Letting the bloated web offload more of its bloat to clients will simply result in an even worse web obesity crisis than already exists. The computational burden needs to stay with the side (the content producer) that has the ability to reduce the level of bloat. Anything else is a broken incentive structure.

[-] delirious_owl@discuss.online 1 points 3 days ago

What I'm saying is implementing it in the front, so instead of spending 2 minutes solving captchas, you spend 10 seconds solving a PoW, then load the site without any background mining.

We shouldn't ban knifes just because some people use them to stab people.

this post was submitted on 23 Jun 2024
11 points (82.4% liked)

Monero

1385 readers
49 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
admin@monero.town