I just wish that the PoW defence actually involved some sort of transfer of value from user to provider. (as opposed to just spending resources on the user side)
This version is good, don't get me wrong, but adding value transfer would be better imo.
Value transfer would be worse because it would create bad incentives. Now I'd have a reason to flood garbage fake (/proxy) onion sites to skim the payments. The user would have to go obtain that value too, creating logistical challenges.
There might be legal issues for the users too-- e.g. upgrading copyright infringement into criminally prosecutable commercial copyright infringement.
Burning funds, instead of transferring them, would solve two of your three issues.
Obtaining the funds creates extra friction, yes, but it’s possible the benefit outweighs the cost — e.g. because an attacker can no longer utilize the idle CPUs of botnet devices.
Ultimately, any form of anti-DoS protection also punishes legitimate users. The question is (1) how much it punishes attackers relative to this, and (2) whether this punishment for legitimate users deters them, too.
This version is good, don't get me wrong, but adding value transfer would be better imo.