Truesign doesn't use PoW. The bot detection works by collecting network and browser signals.

The PoW solutions I've seen out there just add 1-2 seconds of delay before granting access to the whole site. It could work against random unsophisticaed crawlers but I don't see how that can stop determined bots.

it analyzes the network packets in real time, they contain many data points if you know where to look.

Residential and mobile proxies are also detected.

It would be dangerous if this tool fell into the wrong hands.

Where's the wait list?

Personally I found that rejecting disposable/temporary emails and flagging requests behind VPNs filtered out 99% of abuse on my sites.

No need to ask for a phone or card -- or worse, biometric data! -- which also removes friction.