ray@ganymede.org wrote:
It depends.
Do you want to determine that a user is a bot almost all of the time, assuming people are not trying to fool you?
Or do you want a secure method?
A secure method would be a bother. It would probably require us to put up dot-pictures that people have to recognize patterns in, ala yahoo's account creation page.
We can certainly use a heuristic to determine if a user is acting like a bot. Then, they can be challenged as above, to see if they are a person.
- ray
I don't think I understand what you want this for. By your response, I gather you're not interested in preventing serious, concerted attacks. How is a cryptographically-authenticated bot more accountable than a bot using a standard user account? I've already suggested that user accounts displaying bot-like characteristics should be blocked, unless they have been approved. How is your system any better?
-- Tim Starling.