[AnthonyMouse]

If that was it then they would only require a phone number after there has already been a new account creation from your IP address that month, or support any number of alternative rate limiting strategies that don't have the same privacy implications.

Any website that requires your phone number is doing it for tracking purposes. Which is the same reason why you should never give it to any of them.

[ckwalsh]

My ISP gives me a dynamic IP. I could turn off my router for a few minutes and be someone "brand new". Or I could use IPv6 (if my ISP actually invested in it), and have every web request use a different IP.

The only surefire way to curb abuse is to make sure the abuse is not cost effective for the abuser. For spammers trying to make a buck, make it so it costs them more to send their spam than the value they reap from it. For non economic spammers (politics, trolls, etc), it's a lot harder, but there's always some price that it becomes not worth it for their influence/"fun". This was the approach Bernstein was trying to do, but based on the article it sounds like he underestimated the cost of storage as technology improbed.

The hard part is adding this cost in such a way that does not drive away or punish real users. An email system that costs $10/month isn't going to be used by many spammers, because any reasonable administrator will ban obvious spam and they won't get their $10 to cover costs before being shut down. But it also limits the customer pool; most people are not going to pay $10 a month of email when free services are available.

Phone numbers are definitely not perfect, but they are trying to solve the problem of "What do most people have and would not invoke any additional cost on them, but would invoke additional cost on spammers?" Yes, phone numbers are relatively cheap, but there is still some backtracing/ownership checks that can be performed, and ones from more "trustworthy" blocks will still cost a buck or so. Suddenly spammers need to make at least a $1 from the account or they are losing money.

Domains are another way spammers are often dealt with: if it costs $10 for a domain, you have to make $10 from the domain before it is blocklisted, or again, you are losing money.

I can't think of any myself, but if you have any ideas for a model with comparable high costs to spammers but low cost to real people, that fulfills your privacy expectations, I'm all ears. However, costs generally are better enforced in a more centralized model as opposed to a federated/privacy respecting model, so I suspect it will be incredibly difficult to find a solution that actually enforces the appropriate economic goals.

[AnthonyMouse]

> My ISP gives me a dynamic IP. I could turn off my router for a few minutes and be someone "brand new".

They can do the same thing with phone numbers. Buy prepaid SIM cards in bulk, use each one to create an email account, then sell them all again to recover the money because they still have 99% of the prepaid data left. This is less annoying for spammers than regular people who have to do this, because the spammers benefit from technical knowledge and economies of scale.

> An email system that costs $10/month isn't going to be used by many spammers, because any reasonable administrator will ban obvious spam and they won't get their $10 to cover costs before being shut down. But it also limits the customer pool; most people are not going to pay $10 a month of email when free services are available.

It doesn't have to be $10/month, it only has to be $10 on account creation, or $1. The legitimate user is going to have the same account for ten years, the spammer is going to lose their account inside of an hour.

The problem there is we still don't have an easy anonymous digital payments system, but requiring payment details is about as bad as requiring a phone number. In theory this is where cryptocurrency could be useful, but only if it becomes easier for regular people to use it.

You could also do similar proof of work things. For example, user doesn't want to provide a phone number? Fine, here's your email account, which can receive emails. If you want to send emails, install Folding@home or similar and submit X many work units. With email apps this could be completely automated; you install the app, your phone is plugged in overnight, the next day you can send emails.

[beagle3]

> Or I could use IPv6 (if my ISP actually invested in it) and have every web request use a different IP.

But you'd be using the same prefix, which I'm sure some good soul would map, so you anyone who cared would correlate all of your accesses just as if you had a fixed IPv4

[zelphirkalt]

I would like to know how it is done at protonmail, where, last I checked, one does not need a phone number to register an account.