TID: Mystic BBS 1.12 A47   
   TZUTC: -0400   
   MSGID: 1:120/616 1d53f7b6   
   -=> Aaron Thomas wrote to Dr. What <=-   
      
    AT> I don't have all the answers, but I don't understand how a big company   
    AT> like X couldn't use agent-detection to block all headless browsers,   
    AT> with exceptions for legitimate ones. I'm probably overlooking   
    AT> something, but sometimes these big tech companies lie about things to   
    AT> get their way. For example: "Due to too much spam and bot activity, the   
    AT> only trusted email providers are Google and Microsoft."   
      
   You might benefit from some of Bruce Schneier's books.  He goes in depth on   
   topics like this.   
      
   But at a high level: A defender has to defend against all attacks.  While an   
   attacker only needs to perform 1 kind of attack.   
      
   So X puts something in place to filter the bots.  But then the people who   
   control the bots figure out a way around that X hasn't figured out (and   
   blocked) yet.   
      
   Then there's the "how will this change impact our legitimate users?"  If that   
   impact is very negative then they have to balance the negative bot impact with   
   the negative user experience.   
      
    AT> This reminds me of my prior paragraph; "Due to bots and impostors,   
    AT> Facebook now has no choice but to charge $5 per month to safeguard the   
    AT> platform." The kind of people who they want on their platform will walk   
    AT> right into that.   
      
   Maybe.  $5/month is reasonable for most people.  And Facebook can still offer   
   stuff for free. ex: your posts are restricted to only people on your friend   
   list.   
      
    AT> How does the verification work? Do they look at your photo ID? To me,   
    AT> that's the only way it could work. But they'd need to have access to   
    AT> government databases to check if the ID is legit.   
      
   Right now, it's based on making it hard for bots, but not very hard for real   
   users.   
      
   So the "verification" is simply a credit card. It's hard to get a fake credit   
   card.  And if the bot owners use their own card, it's easy to see that 100   
   accounts are all "verifying" with the same credit card.   
      
      
   ... Its rarely fun, never easy, and always expensive!   
   ___ MultiMail/Linux v0.52   
      
   --- Mystic BBS/QWK v1.12 A47 2021/12/25 (Windows/32)   
    * Origin: cold fusion - cfbbs.net - grand rapids, mi (1:120/616)   
   SEEN-BY: 4/0 88/0 90/0 93/1 103/705 104/119 105/81 106/201 114/10   
   SEEN-BY: 120/616 124/5016 128/187 129/14 305 153/757 7715 154/10 30   
   SEEN-BY: 154/50 110 700 203/0 218/700 220/30 90 221/0 6 226/18 30   
   SEEN-BY: 226/44 50 227/114 229/110 206 300 307 310 317 400 426 428   
   SEEN-BY: 229/470 700 705 240/1120 5832 263/1 266/512 280/464 5003   
   SEEN-BY: 280/5006 291/111 292/854 8125 301/1 310/31 320/219 322/757   
   SEEN-BY: 341/66 200 203 234 342/200 396/45 423/120 460/58 467/888   
   SEEN-BY: 633/280 712/848 770/1 880/1 900/0 102 106 902/0 19 26 904/13   
   SEEN-BY: 905/0 2320/105 3634/12 5019/40 5020/400 5075/35   
   PATH: 120/616 154/10 280/464 341/66 902/26 229/426