The reviewer felt your problem statement was well articulated and highlighted the different issues with current CAPTCHA systems.
Thank you for your kind words
The requested amount for the project seemed low relative to the reviewer’s understanding of the software development cycle. What is the current state of the project?
I’m based in India and the requested amount includes my yearly pay and a cloud budget to run experiments mentioned in Objective 2, which will measure the effectiveness of mCaptcha.
I think I have accounted for everything I will need to achieve the proposed objectives. If the reviewer feels otherwise, I’m wiling to make the necessary changes.
The project website seems to indicate that mCaptcha is quite far along. Is the funding requested to further refine an existing project?
mCaptcha is currently a proof-of-concept, but it is not usable without knowledge of the inner workings of mCaptcha. The project has three kinds of users:
- sysadmins who will deploy mCaptcha
- webmasters who will use mCaptcha to protect their websites
- visitors who will solve mCaptcha on protected websites
This proposal will enable me to improve the experience of all of mCaptcha’s user base.
Sysadmins:
I deploy demo.mcaptcha.org(the demo instance) by hand. This approach is sustainable only for demo instances and not for widespread deployment. Ideally, there should be quality Infrastructure as Code to deploy and update instances, without expert knowledge of the software.
The proposal includes an objective to create Infrastructure as Code(Objective 2, Activity 2.3), which will help sysadmins and enable widespread deployment.
Webmasters
PoW is tricky to configure: a higher difficulty setting will impose unnecessary delays on the visitors. Since PoW for DDoS protection is new, there are no resources to guide configuration. I plan on running a survey(currently WIP), and publish its results which will help webmasters optimal PoW settings.
Visitors
Visitors will benefit from ideal PoW configurations that are strong enough to thwart DDoS attacks but easy enough to solve from older, slower devices.
The success of this project would seem to depend on building the user base. Do you have a plan to increase user adoption?
Yes, integration support exists in Gitea — a software forge project with +32,000 stars on GitHub and 100M+ downloads on Docker hub. Also Codeberg, a Germany-based NGO which provides hosting to +42,000 projects and +33,000 is planning to deploy mCaptcha. I’m working closely with the Codeberg team and implementing features that are requested to aid in the deployment.
Additionally, I am in the process of setting up a commercial offering(SaaS model) using mCaptcha. The commercial offering will be based on 100% FOSS software, that includes the infrastructure as code and documentation. In effect, the software distributed under the mCaptcha banner should be sufficient to enable anyone to set up a parallel commercial offering.
I would also love to work with projects that are already funded by OTF to implement mCaptcha support.
Have you had any consultations with the intended beneficiaries of the project?
mCaptcha was a personal project until Codeberg started showing interest. The response was mostly positive, but there were a few missing bits that will greatly improve mCaptcha. For instance, a Codeberg user requested a feature to get an estimated time to solution to indicate ongoing validation.
In particular, have you had any communication with the Tor Project
Interacting with the Tor project was planned not initiated. I fast tracked it to better educate myself about the needs of Tor users. The forum post didn’t yield any actionable suggestions, but I feel the questions raised validated the need for improving PoW accessibility (Objective 1) and proving mCaptcha’s effectiveness (Objective 2).
or different groups in the accessibility space?
Dedicated audits are yet to be conducted. I have received comments from Codeberg users who attended the demo and have participated discussions in the official Matrix chatroom.
Additionally, there have been discussions in chat rooms from accessibility specialists towards building an invisible version of mCaptcha.