@seanl I think that's a reasonable approach for typical web forms that attract spambots, but in this case we also have to be concerned about malicious users, while still wanting to permit traffic via Tor. So it's a tricky use case where some kind of manual check does seem appropriate.
@saper @eloquence By malicious users do you mean users coding scripts in real time? That could be a case for, as Marcin mentions, hashcash. I like the idea of using a crypto miner to compensate you for cleanup time if someone decides to do it anyway but there isn't an open source one I'm aware of yet, just CoinHive, and it also tends to freak people out.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!