Comment by but_noah

The core problem isn't Proof-of-Work itself — it's difficulty calibration.

PoW for page protection (every page load) is fundamentally different from PoW for form submission (one-time action). Anubis at difficulty 8 is asking browsers to find 8 leading zero bytes — that's billions of hashes on average.

For form spam protection, a ~200ms solve time in a WebWorker is enough to make bot operations uneconomical at scale (10,000 forms = 10,000 unique computations) while being invisible to humans. That's difficulty 2-3 depending on device.

For protecting every page view like Anubis does, the cost-benefit math is different and much harder to get right, because you're taxing every visitor on every request — not just on submit.