mCaptcha - Open Technology Fund grant application - July 2022

The final draft is available here. I’ll publish the final version on the mCaptcha website as part of the monthly report and update the link on here.


P.S @dachary: thank you for suggesting this grant program! :heart:

1 Like

Acknowledgement email from OTF:

Dear Aravinth Manivannan,

We appreciate your mCaptcha application submission to the Open Technology Fund. We will review and reply to your submission as quickly as possible.

If you have any questions, please submit them here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

If you have issues accessing the submission system or general inquiries, please email us at hello@opentech.fund.

For more information about our support options, review process, and selection criteria, please visit our website at https://www.example.org/.

We are asking all applicants to please enable two-factor authentication for your account on OTF’s application platform. You can create or change your 2FA account by clicking on your name on the upper right hand corner. This will lead you to your personal profile. You will see the option to update your account security. Here is additional information on how to set up your 2FA in the Applicant’s Guidebook https://guide.opentech.fund/application-platform-guidance/login/two-factor-authentication-2fa

Project name: mCaptcha
Contact name: Aravinth Manivannan
Contact email: realaravinth@batsense.net



Kind Regards,
The OTF Team

-- 
Open Technology Fund
https://www.opentech.fund
1 Like

Application is under review:

Dear Aravinth Manivannan,

Your application is now in "OTF Review" status (progressed from "Concept Note Received").

Please submit any questions related to your application here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

Link to your application: https://apply.opentech.fund/apply/submissions/<redacted>/
If you have any questions, please submit them here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

See our guide for more information: https://guide.opentech.fund/general-funding-guidelines

If you have any issues accessing the submission system or other general inquiries, please email us at hello@opentech.fund

Kind Regards,
The OTF Team

-- 
Open Technology Fund
https://www.opentech.fund

1 Like

Received an email today asking for more information and project status:

Dear Aravinth Manivannan,

Your application has been reviewed and the outcome is: More information requested

We very much appreciate your submission to the Open Technology Fund for consideration. Upon evaluation of your submission, we have decided to solicit more information from you before making a determination. We have been reviewing many projects and appreciate your patience during the process.
At the end of this message, we have provided feedback from our determination for your review. Included are specific questions for you to respond to. Please provide your responses by submitting a comment under the communications tab. Please respond no later than September 26, 2022. Early responses are welcome. We very much look forward to the discussion.
 
Feedback
The reviewer felt your problem statement was well articulated and highlighted the different issues with current CAPTCHA systems. The requested amount for the project seemed low relative to the reviewer's understanding of the software development cycle. What is the current state of the project? The project website seems to indicate that mCaptcha is quite far along. Is the funding requested to further refine an existing project? 
The success of this project would seem to depend on building the user base. Do you have a plan to increase user adoption? 
Have you had any consultations with the intended beneficiaries of the project? In particular, have you had any communication with the Tor Project or different groups in the accessibility space?

Read the full determination here: https://apply.opentech.fund/apply/submissions/<redacted>/determination/<redacted>/

Link to your application: https://apply.opentech.fund/apply/submissions/<redacted>/
If you have any questions, please submit them here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

See our guide for more information: https://guide.opentech.fund/general-funding-guidelines

If you have any issues accessing the submission system or other general inquiries, please email us at hello@opentech.fund

Kind Regards,
The OTF Team

-- 
Open Technology Fund
https://www.opentech.fund
1 Like

Received on July 31, 2022:

Dear Aravinth Manivannan,

Activate your account on the Open Technology Fund web site by clicking this link or copying and pasting it to your browser:

https://apply.opentech.fund/account/activate/<redacted>/

This link can be used only once and will lead you to a page where you can set your password. It will remain active for 8 days, so please set your password as soon as possible.

After setting your password, you will be able to log in at: https://apply.opentech.fund in the future using:

Username: realaravinth@batsense.net
Password: Your chosen password

If you do not complete the activation process within 8 days you can use the password reset form at: https://apply.opentech.fund/account/password/reset/

Kind Regards,
The OTF Team

My response(draft):

The reviewer felt your problem statement was well articulated and highlighted the different issues with current CAPTCHA systems.

Thank you for your kind words :slight_smile:

The requested amount for the project seemed low relative to the reviewer’s understanding of the software development cycle. What is the current state of the project?

I’m based in India and the requested amount includes my yearly pay and a cloud budget to run experiments mentioned in Objective 2, which will measure the effectiveness of mCaptcha.

I think I have accounted for everything I will need to achieve the proposed objectives. If the reviewer feels otherwise, I’m wiling to make the necessary changes.

The project website seems to indicate that mCaptcha is quite far along. Is the funding requested to further refine an existing project?

mCaptcha is currently a proof-of-concept, but it is not usable without knowledge of the inner workings of mCaptcha. The project has three kinds of users:

  1. sysadmins who will deploy mCaptcha
  2. webmasters who will use mCaptcha to protect their websites
  3. visitors who will solve mCaptcha on protected websites

This proposal will enable me to improve the experience of all of mCaptcha’s user base.

Sysadmins:

I deploy demo.mcaptcha.org(the demo instance) by hand. This approach is sustainable only for demo instances and not for widespread deployment. Ideally, there should be quality Infrastructure as Code to deploy and update instances, without expert knowledge of the software.

The proposal includes an objective to create Infrastructure as Code(Objective 2, Activity 2.3), which will help sysadmins and enable widespread deployment.

Webmasters

PoW is tricky to configure: a higher difficulty setting will impose unnecessary delays on the visitors. Since PoW for DDoS protection is new, there are no resources to guide configuration. I plan on running a survey(currently WIP), and publish its results which will help webmasters optimal PoW settings.

Visitors

Visitors will benefit from ideal PoW configurations that are strong enough to thwart DDoS attacks but easy enough to solve from older, slower devices.

The success of this project would seem to depend on building the user base. Do you have a plan to increase user adoption?

Yes, I am in the process of setting up a commercial offering(SaaS model) using mCaptcha. The commercial offering will be based on 100% FOSS software, that includes the infrastructure as code and documentation. In effect, the software distributed under the mCaptcha banner should be sufficient to enable anyone to set up a parallel commercial offering.

Have you had any consultations with the intended beneficiaries of the project?

mCaptcha was a personal project until Codeberg started showing interest. The response was mostly positive, but there were a few missing bits that will greatly improve mCaptcha. For instance, a Codeberg user requested a feature to get an estimated time to solution to indicate ongoing validation.

Also, there have been discussions in chat rooms from accessibility specialists towards building an invisible version of mCaptcha.

In particular, have you had any communication with the Tor Project or different groups in the accessibility space?

I haven’t had discussions with the Tor project yet, I am working on a demo that includes a hidden service protected by mCaptcha. I will interact with the Tor project once it is ready. The hidden service demo is not a part of the proposal.

Accessibility wise, dedicated audits are yet to be conducted. I have received comments from Codeberg users who attended the demo and have participated discussions in the official Matrix chatroom.

A commercial offering is not, in itself, a plan to increase user adoption. It requires a plan to increase user adoption and is therefore probably not the best answer.

You could reply that in the past months you’ve had close contact with (i) the Gitea project which has 30,000+ stars on GitHub and 100M+ downloads on docker hub and (ii) Codeberg which hosts 10K+ projects. They show excellent prospect to deploy, integrate and distribute mCaptcha and would be the primary adoption driver for the immediate future. You can also say that you will actively look for use cases in need of the particular features of mCaptcha within the projects already funded by OTF.

The first paragraph should probably be moved down. You could initiate contact with Tor immediately and report that you have done so.

I find your reply otherwise well articulate and straight to the point. I’m also optimistic about your chances to get funding because it looks like the problem is well understood by the reviewer and within the scope of what OTF is looking for.

1 Like

Thanks for your detailed review :slight_smile:

I will do that :+1:

I was little hesitant about engaging the Tor community as it might have be seen as insincere, but I see the logic in your point. I’ll set up an onion service demo and post on the Tor forum requesting feedback.

You can also be straight with the Tor community and reference the grant application. That’s what we’ve done with Hostea and Gitea in the past and it did not backfire. It did not yield anything positive either but it was worth a try and it was honest about our intentions.

1 Like

I posted on the Tor forum. I think I am a major source of annoyance for the moderators: I don’t have the privileges to post without mod approval, and I am posting a lot :sweat_smile:

The discussion is interesting, but I’m not sure if I will hear from the audience that the post is targeting(Vort from the forum mentioned the same).

But it is now out there on Tor channel and if someone wishes to share their views on it, they can do so, and I will be notified. New feedback channel :+1:

My response after applying @dachary’s suggestions

The reviewer felt your problem statement was well articulated and highlighted the different issues with current CAPTCHA systems.

Thank you for your kind words :slight_smile:

The requested amount for the project seemed low relative to the reviewer’s understanding of the software development cycle. What is the current state of the project?

I’m based in India and the requested amount includes my yearly pay and a cloud budget to run experiments mentioned in Objective 2, which will measure the effectiveness of mCaptcha.

I think I have accounted for everything I will need to achieve the proposed objectives. If the reviewer feels otherwise, I’m wiling to make the necessary changes.

The project website seems to indicate that mCaptcha is quite far along. Is the funding requested to further refine an existing project?

mCaptcha is currently a proof-of-concept, but it is not usable without knowledge of the inner workings of mCaptcha. The project has three kinds of users:

  1. sysadmins who will deploy mCaptcha
  2. webmasters who will use mCaptcha to protect their websites
  3. visitors who will solve mCaptcha on protected websites

This proposal will enable me to improve the experience of all of mCaptcha’s user base.

Sysadmins:

I deploy demo.mcaptcha.org(the demo instance) by hand. This approach is sustainable only for demo instances and not for widespread deployment. Ideally, there should be quality Infrastructure as Code to deploy and update instances, without expert knowledge of the software.

The proposal includes an objective to create Infrastructure as Code(Objective 2, Activity 2.3), which will help sysadmins and enable widespread deployment.

Webmasters

PoW is tricky to configure: a higher difficulty setting will impose unnecessary delays on the visitors. Since PoW for DDoS protection is new, there are no resources to guide configuration. I plan on running a survey(currently WIP), and publish its results which will help webmasters optimal PoW settings.

Visitors

Visitors will benefit from ideal PoW configurations that are strong enough to thwart DDoS attacks but easy enough to solve from older, slower devices.

The success of this project would seem to depend on building the user base. Do you have a plan to increase user adoption?

Yes, integration support exists in Gitea — a software forge project with +32,000 stars on GitHub and 100M+ downloads on Docker hub. Also Codeberg, a Germany-based NGO which provides hosting to +42,000 projects and +33,000 is planning to deploy mCaptcha. I’m working closely with the Codeberg team and implementing features that are requested to aid in the deployment.

Additionally, I am in the process of setting up a commercial offering(SaaS model) using mCaptcha. The commercial offering will be based on 100% FOSS software, that includes the infrastructure as code and documentation. In effect, the software distributed under the mCaptcha banner should be sufficient to enable anyone to set up a parallel commercial offering.

I would also love to work with projects that are already funded by OTF to implement mCaptcha support.

Have you had any consultations with the intended beneficiaries of the project?

mCaptcha was a personal project until Codeberg started showing interest. The response was mostly positive, but there were a few missing bits that will greatly improve mCaptcha. For instance, a Codeberg user requested a feature to get an estimated time to solution to indicate ongoing validation.

In particular, have you had any communication with the Tor Project

Interacting with the Tor project was planned not initiated. I fast tracked it to better educate myself about the needs of Tor users. The forum post didn’t yield any actionable suggestions, but I feel the questions raised validated the need for improving PoW accessibility (Objective 1) and proving mCaptcha’s effectiveness (Objective 2).

or different groups in the accessibility space?

Dedicated audits are yet to be conducted. I have received comments from Codeberg users who attended the demo and have participated discussions in the official Matrix chatroom.

Additionally, there have been discussions in chat rooms from accessibility specialists towards building an invisible version of mCaptcha.

1 Like

Minor points of improvement:

  • General: a space before your “(” chars :wink:
  • At Sysadmins: “Infrastructure as Code” → “Infrastructure-as-Code”
  • Webmasters: “…will help webmasters configure optimal…”
  • Webmasters: “there are no resources to guide…” → besides the survey, do you also intend to write a documentation guide? You might mention that explicitly.
  • In adoption section: “infrastructure as code” … consistent spelling.

Reformulate for clarity:

  • The commercial offering will be based on 100% FOSS software

  • The commercial offering will be based on the Free Software project, and the entire mCaptcha codebase is guaranteed to remain 100% FOSS.

I don’t really know what “under the mCaptcha banner” means in light of the previous of commercial offering, so:

  • In effect, the software distributed under the mCaptcha banner should be sufficient to enable anyone to set up a parallel commercial offering.

  • The mCaptcha software distribution, can be obtained and adapted by anyone for commercial use, in accordance to the license terms.

In terms of adoption you might add:

“I will use the production deployments of mCaptcha at Gitea and Codeberg as convincing showcases in pitches to a wide range of similar clients that are likely candidates to adopt this technology.”

mCaptcha was a personal project until Codeberg started showing interest. The response was mostly positive, but there were a few missing bits that will greatly improve mCaptcha. For instance, a Codeberg user requested a feature to get an estimated time to solution to indicate ongoing validation.

mCaptcha started as a personal project, and until I started collaborating with Codeberg, I had validated with a small group of people at university with the expertise to help. When the work at Codeberg started we iterated together in quick succession. I received a lot of positive feedback, but also identified areas where we have opportunity to bring major improvement. For example in user experience, by adding a feature that shows the estimated time to solution as a progress indicator to the user.

2 Likes

Received this email today, inviting me to submit a proposal:

Dear Aravinth Manivannan,

We’ve reviewed your Concept note and think it could be a good fit for OTF funding. We would like to invite you to submit a Proposal with more details about your project. You will receive a second email linking to a determination message with detailed feedback.

Please review our Proposal Guide at https://guide.opentech.fund/general-funding-guidelines to learn more about the information we’d like to see. In the proposal please also address the feedback we provided in the concept note determination.

Here is the link to start creating your proposal: https://apply.opentech.fund/apply/submissions/<redacted>/
If you have any questions, please submit them here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

The system will allow you to save a draft of your proposal as you work on it. When you feel it is ready for our review, please click the “Submit” button and we’ll know to take a look at it. We’ll reply to you with feedback on your Proposal as quickly as possible.

If you have any issues accessing the submission system or other general inquiries, please email us at hello@opentech.fund

Kind Regards,
The OTF Team

-- 
Open Technology Fund
https://www.opentech.fund

Comments from the reviewer on my clarification. Retrieved from the OTF dashboard:

Reviewers appreciate your thorough problem statement and the way it addresses issues with present CAPTCHA systems. They also appreciate that you took the time to clarify the status of mCaptcha in your correspondence with reviewers.

Please make sure to provide a clear roadmap of next steps in your proposal. With regards to your proposed budget and hours, reviewers advise that you allocate more hours to the activities in your proposal. It is best to include generous estimates that allow you wiggle room to meet your goals.


Best of luck! 
1 Like

Received message on the dashboard from an OTF staff at 2022-10-24 20:13, asking me to upload the proposal:

While we do understand how busy people are, there have been notable delays on your submission of a full proposal to OTF. We have decided to formally dismiss the outstanding request for proposal, unless we receive one by October 31. If we do not receive a proposal submission by this time, we will no longer consider your application without a new concept note for review.

Please do not take this as a judgment towards the effort, we consider it valuable and would very much encourage you to re-apply. That said, understand that OTF reviews hundreds of applications and to be fair to all applicants, delays must be treated equally.

(I really have to work on my time management skills)

My response on the dashboard:

I'm sorry about the delay, I got caught up with some things offline. I've submitted the proposal now, please let me know if you need something else.

Thanks!

Proposal

I have been working on this on and off since the 19th, good thing I had this ready, but I should have requested reviews before posting :sweat_smile:

1 Like

Do you need review or did you already post the proposal?

I already submitted the proposal, thanks! I was saying that if I had been a little bitnquicker, I could have had a review :sweat_smile:

1 Like

It is actually interesting to witness how OTF deals with such a missed deadline. They give you a few more days to catch up which is good. They do not give you months.

1 Like

Proposal submission acknowledgement from OTF. Forgot to post, received it almost immediately after submission.

Dear Aravinth Manivannan,

Your application is now in "OTF Review" status (progressed from "Proposal Received").

Please submit any questions related to your application here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

Link to your application: https://apply.opentech.fund/apply/submissions/<redacted>/
If you have any questions, please submit them here: https://apply.opentech.fund/apply/submissions/<redacted>/#communications

See our guide for more information: https://guide.opentech.fund/general-funding-guidelines

If you have any issues accessing the submission system or other general inquiries, please email us at hello@opentech.fund

Kind Regards,
The OTF Team
1 Like