0

I have a system that will be paying users per unique view on a page. I need to prevent 80% of fraudulent automated traffic from being counted. I need to avoid captcha.I would like to implement a client side proof of work system wherein I would send the page a small hash, the page would decrypt it, send it back with AJAX after a second or two, and then I count the view.

If I had a proof of work system, possible combined with IP monitoring and blacklisting, would this be suitable for preventing most of the fraudulent traffic?

My question is: would this work, cryptographically? What cryptographic work would be just as fast in the browser as it would be implemented in assembly or C/C++? (so that spammers would not just write a faster software to do that work in a fraction of the time) What cryptographic work would take only a second or two in the browser of a mobile phone?

ROCK
  • 96
  • 6
  • Is delaying a click for 1 second enough to deem it real? 1 cent per click would earn you $36/hour, much like a real job – Dmitry Grigoryev Jan 16 '16 at 20:24
  • Can you require identification from the visitors? Perhaps requesting a credit card number and validating that it is a valid number convince you it is a real person. You could then limit it to one transaction per CC. So someone would need to use a large number of stolen CC numbers to really hack you. That is probably not worth it. That said, requiring a CC number may be unacceptable to your user model. – Neil Smithline Jan 16 '16 at 20:25
  • If you will be paying users, then you would already have their bank details, to allow you to pay them. During registration (or payout), you would need to make sure that you verify the identity of the person and that the clicks are done in a time reasonable for a human. – Lie Ryan Jan 17 '16 at 01:24
  • PPC =users post stuff, they get paid, or they pay us, per amount of clicks. Not users getting paid to click. – ROCK Jan 18 '16 at 18:44
  • So not, I could not even do a shore captcha. It looks like the only way is to track IPS really. – ROCK Jan 18 '16 at 18:45

1 Answers1

2

Anything what the browser can do without human intervention can be automated. This might be done from outside by looking at the code or one might simply control the normal browser with Selenium or similar tools.

Since you will pay users for visiting the page the chances are high that somebody likes to earn easy money and will automate the visits.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Yeah I think you are right this would not work, 10,000 views would only require 3-6 hours of work. The thing is though, these bots like phantomjs can be slow, but the work could be done outside the bot. – ROCK Jan 16 '16 at 19:38
  • Although I did come across this: https://www.drupal.org/project/pow_captcha – ROCK Jan 16 '16 at 19:40
  • @Globlee - that is a poorly conceived plugin that, IMO, is worthless. It states that it is a "very early release" needing testing. It also claims that it is only worthwhile because spam will become too costly. But being that you're paying for page accesses, paying for a second or two of computation will likely still be profitable. – Neil Smithline Jan 16 '16 at 20:22