On 02/15/2010 07:55 PM, Domas Mituzas wrote:
Yes, a simple restriction like this tends to create smarter villains rather than less villainy. Filtering on an obvious, easy-to-change characteristic also destroys a useful source of information on who the bad people are, making future abuse prevention efforts harder.
Thanks for insights. But no.
We don't use UA as first step of analysis, it was helpful tertiary tool, that put these people into "ignorant or malicious" category. If they'd have spoofed their UAs, we'd block the IPs and inform upstreams, as fully malicious behavior. If they had nice UA, we might have attempted to contact them or have isolated their workload until the issue is fixed ;-)
I am saying that going forward you have eliminated WMF's ability to use a tertiary tool that you agree was helpful.
Having spent a lot of time dealing with abuse early in the Web's history, I wouldn't have done it that way. But it's not really my problem and you don't appear to be looking for input, so godspeed.
William