Ah, now I remember, the one I was thinking of was the open source Anubis, which I've indeed seen a few implementations floating around. No puzzles, you just wait a few seconds for your soul to be weighed and then get booted onwards to the next page.

I hazard a guess there might be key generator bots hammering the redemption page with random junk. There are industrial compound-sized fraud factories in asia and likely eastern europe as well, so why woulkd there be any difference with GOG.

Still, this sytem feels like it's abusing the legitimate user far more than the genuinely harmful agents.

Captchas are very similar to DRM. Their sole purpose is to annoy legitimate users.

Bots do solve reCaptcha in an instant, a brief search will return free and effective tools on the GitHub. Combine them with a proxy pool to prevent bans by ip, and bot-owners will not even notice, that there were any captchas along the road.

With the current state of AI development, bots can be programmed to bypass any possible captcha.