So, what do folks use as a Google-free (ideally free software) alternative to #reCaptcha these days?

@eloquence No CAPTCHA at all. http://ezinearticles.com/?Captchas-Considered-Harmful---Why-Captchas-Are-Bad-And-How-You-Can-Do-Better&id=1104207

@seanl I think that's a reasonable approach for typical web forms that attract spambots, but in this case we also have to be concerned about malicious users, while still wanting to permit traffic via Tor. So it's a tricky use case where some kind of manual check does seem appropriate.

@eloquence @seanl is #hashcash totally dead these days?

@saper @eloquence By malicious users do you mean users coding scripts in real time? That could be a case for, as Marcin mentions, hashcash. I like the idea of using a crypto miner to compensate you for cleanup time if someone decides to do it anyway but there isn't an open source one I'm aware of yet, just CoinHive, and it also tends to freak people out.