re: Proof of Work CAPTCHAs

You're mining the cryptocurrency Monero right now, in-browser.

In-browser crypto mining, made possible largely through the use of Web Assembly, has been rising in popularity. With this rise came the rise of proof-of-work (POW) CAPTCHAS, in which a certain amount of computation is completed by your browser instead of the conventional CAPTCHA tasks. See and Is this POW a better approach to limiting non-human access?

First, from the position of profit. When you complete a POW CAPTCHA, the owner of the CAPTCHA gets paid a sum proportional to the value of work done.  As of now, coin-hive pays out 0.00016421 Monero per 1 Million Hashes. The Captcha below generates 1024 hashes before verifying the user. That means that at the current exchange rate ($100 USD/Monero), each Captcha returns .002 cents. Coin-hive take 30%. For a website owner to make $5 in a day, 350,000 users would have to complete the captcha. Profitability can increase with mining implementation and choice of coin, but not by many orders of magnitude.

From a profit perspective, POW CAPTCHAs don't add up. Even if placing advertisements on your platform sends 90 out of every 100 users away, and only 1 in 10 of the users who do view your page don't use an ad-blocking technology, advertisements are still hundreds of times more profitable than POW CAPTCHAs.  It costs users vastly more to complete the proof of work hashes than it does for a web service to serve a user.

Then there's the ability to automate CAPTCHAs. Solving current state-of-the-art CAPTACHAs is done largely by employing actual people to solve them. Not only is this more expensive than having a computer sit and calculate hashes, it's also less scalable. Solving a million POW CAPTCHA's by spinning up some servers is far more tractable than employing hundreds of people to solve some reCAPTCHAs.

Next, there's the value to society. reCAPTHCA's crowdsource text digitization and image annotation. POW CAPTCHAs use energy and return a fraction of a cent to the website owner.

In-browser POW and mining have their applications (e.g., if you permit bots on your site but want a form of rate limiting), but I'm not sure that CAPTCHA's are one of them.