On Fri, Jul 24, 2009 at 2:23 AM, Teioscar.vives@gmail.com wrote:
I dunno, a third input box name="botname"?
<input type="hidden" name="botname" />
I'm talking about in the case of a possibly malicious service, and only if it's using OAuth (or whatever). Presumably if it's using OAuth the user already gave it some unique identification token that we can just revoke, so I don't think the hard part here would be the identification itself. The hard part would be the rest: making it immediately obvious to everyone that a given change was made through a specific web service, and allowing admins to block such services easily. And implementing something like OAuth to begin with.