On 2014-12-03 8:35 PM, Robert Rohde wrote:
However, captchas might be useful if used in conjunction with simple behavioral analysis, such as rate limiters. For example, if an IP is creating a lot of accounts or editing at a high rate of speed, those are bad signs.
Don't we already do rate limiting by IP for account creation? In fact I seem to recall we have a page where people have to ask for temporary whitelisting of IPs like those used at a hackathon's Wi-Fi point where large numbers of users legitimately sign up.
I'm pretty sure the users making large amounts of malicious accounts use a bunch of proxies so they don't have to worry about rate limits.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]