the bad guys use bots or services and are done. regular users have to endure while no security is added

put in other words, common users can’t easily become ‘bad guy’ ie cost of attack is higher hence lower number of script kiddies and automated attacks. You want to reduce number. These protections are nothing for bitnet owners or other high profile bad actors.

ps: recaptcha (or captcha in general) isn’t a security feature. At most it can be a safety feature.

stopping automated requests

yeah my bad. I meant too many automated requests. Both humans and bot generate spams and the issue is high influx of it. Legitimate users also use bots and by no means it’s harmful. That way you do not encounter captcha everytime you visit any google page, nor a couple of scraping scripts gets a problem. Recaptcha (or hcaptcha, say) triggers when there is high volume of request coming from same ip. Instead of blocking everyone out to protect their servers, they might allow slower requests so legitimate users face mininimal hindrance.

Most google services nowadays require accounts with stronger (like cell phone) verification so automated spam isn’t a big deal.

And what will you do if a person in a CGNAT is DoSing/scraping your site while you want others to access? IP based limiting isn’t very useful, both ways.

hCaptcha, Microsoft CAPTCHA all do the same. Can you give example of some that can’t easily be overcome just by better compute hardware?

If you need to switch without reboot then dual booting is out of question and hence so is Asahi. Asahi is for running linux on apple hardware. In VM you can run anything; drawbacks include non native performance, can’t directly use touchpad, gpu and other hardwares, it’s still running macos underneath which might be a concern of privacy depending on how much you trust the proprietary code by apple, not using free software stack etc.

There isn’t a good way to classify human users with scripts without adding too much friction to normal use. Also bots are sometimes welcome amd useful, it’s a problem when someone tries to mine data in large volume or effectively DoS the server.

Forget bots, there exist centers in India and other countries where you can employ humans to do ‘automated things’ (youtube like count, watch hour for example) at the same expense of bots. There are similar CAPTCHA services too. Good luck with those :)

Only rate limiting is the effective option.

The objective of reCAPTCHA (or any captcha) isn’t to detect bots. It is more of stopping automated requests and rate limiting. The captcha is ‘defeated’ if the time complexity to solve it, whether human or bot, is less than what expected. Now humans are very slow, hence they can’t beat them anyway.

both can be installed side by side if you have enough disk space.

unless brute force was done, it might be a cold boot, usb exploit or bootloader exploit by physically accessing the storage.

And maybe the physical thing you provide to that person may only last for an hour, but the memory of something a kind person did for them will (hopefully) persist as well

I don’t know if you have been in India but I have. Begging has become a profession there. So most likely they won’t recognize individual donors. Also what OP mentioned is a real problem. Easily you’ll meet more than 20 homeless people at once around you in any big railway station.

From what I understand, shitty politics and rising inequality is the reason behind this.

You can try asahi linux on the macbook :)