On 02/15/2010 07:55 PM, Domas Mituzas wrote:
Yes, a simple
restriction like this tends to create smarter villains
rather than less villainy. Filtering on an obvious, easy-to-change
characteristic also destroys a useful source of information on who the
bad people are, making future abuse prevention efforts harder.
Thanks for insights. But no.
We don't use UA as first step of analysis, it was helpful tertiary tool, that put
these people into "ignorant or malicious" category.
If they'd have spoofed their UAs, we'd block the IPs and inform upstreams, as
fully malicious behavior.
If they had nice UA, we might have attempted to contact them or have isolated their
workload until the issue is fixed ;-)
I am saying that going forward you have eliminated WMF's ability to use
a tertiary tool that you agree was helpful.
Having spent a lot of time dealing with abuse early in the Web's
history, I wouldn't have done it that way. But it's not really my
problem and you don't appear to be looking for input, so godspeed.