ray(a)ganymede.org wrote:
It depends.
Do you want to determine that a user is a bot almost all of the time,
assuming people are not trying to fool you?
Or do you want a secure method?
A secure method would be a bother. It would probably require us to put
up dot-pictures that people have to recognize patterns in, ala yahoo's
account creation page.
We can certainly use a heuristic to determine if a user is acting like a
bot. Then, they can be challenged as above, to see if they are a person.
- ray
I don't think I understand what you want this for. By your response, I
gather you're not interested in preventing serious, concerted attacks.
How is a cryptographically-authenticated bot more accountable than a bot
using a standard user account? I've already suggested that user accounts
displaying bot-like characteristics should be blocked, unless they
have been approved. How is your system any better?
-- Tim Starling.