>I don't realistically see any alternative but for some kind of reliable signal that a web request is most likely coming from a real person (not a perfect guarantee, but something good enough). Which means some kind of attestation that it's a real hardware device that costs at least a few bucks and is making human-level numbers of requests (not millions per day), or else some kind of digital ID attestation system.
After years and years of looking, a problem for which cryptocurrency is the perfect solution has been found.
Oh wait, Hashcash is kind of how we got cryptocurrency in the first place.
But yes, let's pretend that much less creepy forms of attestation aren't a solved problem and figure out how we can introduce more avenues for surveillance.
Hashcash was a really intriguing idea. But it fell completely apart once it was realized that spammers could use botnets to do all the proof of work for free.
Plus Hashcash isn't a great solution for mobile devices especially, as it uses up battery and low-end devices particularly suffer. And obviously challenges have to get harder every year to keep up with high-end hardware, which makes older hardware become increasingly unusable even faster for web browsing.
So unfortunately it is not a solved problem. That's why device attestation still seems like the least-bad solution right now.
After years and years of looking, a problem for which cryptocurrency is the perfect solution has been found.
Oh wait, Hashcash is kind of how we got cryptocurrency in the first place.
But yes, let's pretend that much less creepy forms of attestation aren't a solved problem and figure out how we can introduce more avenues for surveillance.