The core problem isn't Proof-of-Work itself — it's difficulty calibration.
PoW for page protection (every page load) is fundamentally different
from PoW for form submission (one-time action). Anubis at difficulty 8
is asking browsers to find 8 leading zero bytes — that's billions of
hashes on average.
For form spam protection, a ~200ms solve time in a WebWorker is enough
to make bot operations uneconomical at scale (10,000 forms = 10,000
unique computations) while being invisible to humans. That's difficulty
2-3 depending on device.
For protecting every page view like Anubis does, the cost-benefit math
is different and much harder to get right, because you're taxing every
visitor on every request — not just on submit.
PoW for page protection (every page load) is fundamentally different from PoW for form submission (one-time action). Anubis at difficulty 8 is asking browsers to find 8 leading zero bytes — that's billions of hashes on average.
For form spam protection, a ~200ms solve time in a WebWorker is enough to make bot operations uneconomical at scale (10,000 forms = 10,000 unique computations) while being invisible to humans. That's difficulty 2-3 depending on device.
For protecting every page view like Anubis does, the cost-benefit math is different and much harder to get right, because you're taxing every visitor on every request — not just on submit.