On Wed, Dec 3, 2014 at 8:47 PM, Daniel Friesen <daniel(a)nadir-seen-fire.com>
wrote:
On 2014-12-03 8:35 PM, Robert Rohde wrote:
However, captchas might be useful if used in
conjunction with simple
behavioral analysis, such as rate limiters. For example, if an IP is
creating a lot of accounts or editing at a high rate of speed, those are
bad signs.
Don't we already do rate limiting by IP for account creation? In
fact I
seem to recall we have a page where people have to ask for temporary
whitelisting of IPs like those used at a hackathon's Wi-Fi point where
large numbers of users legitimately sign up.
I'm pretty sure the users making large amounts of malicious accounts use
a bunch of proxies so they don't have to worry about rate limits.
Yes, we do have some rate limiting, though I couldn't tell you what the
settings are presently. In general, we could have both a soft-limit that
triggers captchas and a hard limit that results in a full stop. Depending
on the settings, a two tiered system could even be more friendly for
hackathons and teaching groups.
The broader point is that I would encourage people to consider ways to
improve and expand the uses of similar basic behavioral analysis, rather
than simply throwing a captcha at everyone.
-Robert Rohde