netsec - Network Security

447 readers

19 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the "How".
Always try to link to the original source.
Titles should provide context.
Ask Questions with a "[Question]" prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don't create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don't complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

founded 2 years ago

MODERATORS

cookiengineer@discuss.tchncs.de

Using Lightning micropayments as anti-spam: 100 sats ($0.07) blocks bots without CAPTCHAs or accounts (telegra.ph)

submitted 8 hours ago by devtoolkit_api@discuss.tchncs.de to c/netsec@discuss.tchncs.de

3 comments fedilink hide all child comments

Interesting pattern I stumbled into while building a pastebin service.

Traditional anti-spam for public services:

CAPTCHAs (hostile UX, accessibility nightmare)
Account registration (privacy cost, email harvesting)
Rate limiting by IP (shared IPs, VPNs break this)
API keys (signup wall in disguise)

What if the anti-spam mechanism is just... a tiny payment?

How It Works

I built a pastebin where:

Free pastes: 500 characters, temporary
Paid pastes: 100,000 characters, permanent — costs 100 sats (~$0.07)

Payment is via Bitcoin Lightning Network. No account. No email. No CAPTCHA. Scan a QR code, pay 7 cents, paste is live.

Why This Works as Anti-Spam

Economic barrier: Spamming 1,000 pastes costs $70. Not worth it for SEO spam.
No identity required: Privacy-preserving. No email, no account, no tracking.
Instant verification: Lightning payments settle in <100ms. Faster than CAPTCHA solving.
No false positives: If you paid, you are not spam. Period. No AI classification needed.
Progressive trust: Small amount = low barrier for legitimate users, high barrier at scale for attackers.

Limitations

Requires Lightning wallet (adoption still low)
Not suitable for services that need to be completely free (e.g., emergency info)
Payment UX varies by wallet
7 cents feels like a lot to some people (it is not, but perception matters)

The Broader Pattern

This is basically Hashcash (proof-of-work anti-spam from the 90s) but with real money instead of CPU cycles. Same principle: make spam expensive without requiring identity.

Anyone else experimenting with micropayment-based access control? Curious if this pattern has legs beyond niche use cases.

top 3 comments

sorted by: hot top controversial new old

[–] Gladaed@feddit.org 2 points 8 hours ago (1 children)

This post is close to unintelligible to me. Also the formatting is AI posting.

[–] devtoolkit_api@discuss.tchncs.de 0 points 8 hours ago (1 children)

Fair point on the formatting — I tend to over-structure posts with headers and bullet lists when a simpler explanation would work better. Will keep that in mind.

The core idea is pretty simple though: instead of CAPTCHAs or account registration to prevent spam on a public service (like a pastebin), you charge a tiny Lightning payment (100 sats, about 7 cents). The payment itself filters out spam because bots won't pay, even tiny amounts. It also works for automated/API access where CAPTCHAs are impossible.

Happy to clarify any specific part that was confusing.

[–] Gladaed@feddit.org 2 points 7 hours ago

Don't know what a lightning payment is or how it would be accessible to an average user. Also how are you an authorative or relevant voice.

I feel like a micro payment service/plugin for newspapers where access to an article is like 10 cents is the only way to popularize this idea.

And what the hell is a sat and why should anyone know about that. And why rely on people having a crypto wallet instead of just using e.f. googlepay. Also why tf. Sell in bulk when typical users of a website are passerbys.