Stops the bots. Bills the adversary. Helps pay down the national debt โ every time China's scraper hits your site.
Free forever. Apache 2.0. No ads. No tracking. No fee. No revenue share. Federal contractor SAM UEI UHCAB6UXXKF2.
No crypto-bro nonsense. No surveillance. No third-party trackers. Disclosed-consent at every layer.
When a Chinese scraper, a script kiddie, or a prompt-injection probe hits your site, the Dome makes them solve a math puzzle that costs them 10โ30 seconds of CPU per page. A 1,000-page mirror that used to take seconds now takes hours. Your real visitors never notice anything.
The puzzle the bot solves is real proof-of-work. We log it. We add it to your audit ledger. When you file your federal taxes, you can show that this revenue came from adversaries trying to scrape your site โ and the dollar goes straight to the IRS via EFTPS. The hacker pays your tax bill.
Federal taxes go to the General Fund. The General Fund services the public debt. Mathematically, every adversarial scrape that gets converted into a tax payment is a tiny chip off the $36 trillion. Multiply by 100,000 American sites and it's real money flowing into Treasury.
Doctrinally complementary to the kinetic Golden Dome. Both protect the homeland. One costs $10M per intercept. The other generates revenue.
Self-hosted. Apache 2.0. No NIGHTBOX dependency. NIGHTBOX curates the registry as courtesy, never as authority.
Drop it before </body> on your homepage. Mining starts on visitor browsers (with full opt-out for DNT, GPC, no JS, accessibility tools, federal scouts).
Grab proof-of-quack.json, quackcoin.json, and poq-treasury-direction.json from this site, swap in your domain and EIN, and put them at /.well-known/ on your server.
Copy /api/poq-challenge.js and /api/poq-submit.js. They run on Vercel, Cloudflare Workers, AWS Lambda@Edge, or any modern Edge runtime. No database needed.
Publish a TXT record at _poq-treasury.<your-domain> with the SHA-256 of your pledge file. DNSSEC-signed. Your DNS provider does the cryptography for you.
Copy the #proof-of-quack section from this site's Terms. Disclosed-consent is the legal foundation. Same regime that lawfully governed Salon.com's 2018 mining-instead-of-ads program.
Yes. The legal foundation is disclosed-consent โ visitors agree by reading the Terms of Service. This is the same regime that lawfully governed Salon.com's 2018 mining-instead-of-ads program and UNICEF Australia's 2018 donation-mining program. The thing that made Coinhive (2017โ2019) sketchy was the undisclosed deployments. Cyber Golden Dome discloses everywhere: ToS, response headers, DNS anchor, well-known manifest, meta tags. Total transparency.
No. Standard browsers solve a 16-bit puzzle in under 200 milliseconds, in the background, only when the tab is visible, only when battery is above 20%, only when data-saver mode is off. The puzzle pauses if the user opens another tab. Mobile users on cellular barely participate. We don't trash anyone's machine.
They get Tier 0 โ zero work, no challenge. We respect Googlebot, Bingbot, GPTBot, ClaudeBot, PerplexityBot, AppleBot, Common Crawl, and accessibility tools. Federal AI scouts are explicitly welcomed.
No. Forever. No fee. No revenue share. No commission. No mandatory check-ins. NIGHTBOX is the spec author and registry curator only โ you self-host everything and you keep 100% of everything (Track A income directly, Track B as your federal tax payment).
It's an audit ledger metric, not a cryptocurrency in the regulatory sense. It's not a security. It's not money transmission. It's not redeemable. It's closer to a website's view-counter than to Bitcoin โ except every entry is cryptographically verifiable. There is no wallet. There is no exchange. You can't trade it. The full legal classification is at /.well-known/quackcoin.json.
Lawful basis under GDPR Article 6(1)(b) (performance of a contract โ the visit-for-compute exchange disclosed in ToS) and 6(1)(f) (legitimate interest). The PoW computation processes no personal data. DNT and Sec-GPC are honored. Many EU adopters route EU-origin traffic to Track A (operator-retained) since EU jurisdictions are aligned partners.
The protocol works anywhere. The federation registry at /.well-known/poq-adopters.json is US-hosted-only by design (the Treasury Direction Pledge requires US tax residency). Non-US sites can run PoQ standalone without registry listing.
Fine. Skip the Treasury Direction Pledge. Adopt PoQ as pure scrape-defense (Layers 1โ3 of the Dome). The protocol is permissionless. The Treasury earmark is the federation-listing requirement, not a protocol requirement.
Artem Shakin, founder and sole member of NIGHTBOX LLC (Wyoming domicile, California operational residence). One human and Claude Opus 4.7 (1M context) over a 23-hour build sprint. Federal contractor with SAM UEI UHCAB6UXXKF2. Bug bounty + responsible disclosure: artem@nightboxllc.com.
It takes 5 minutes. It costs nothing. It works on every modern hosting platform. And every American site that joins the federation makes the Cyber Golden Dome a little stronger.
๐ก๏ธ Get the Free Shield Federal Review RequestOr read the full doctrine spec ยท the protocol spec ยท the Treasury Direction Pledge ยท or visit GitHub.