Hacker News new | ask | show | jobs
by bobbiechen 36 days ago
Yeah, I had the same question myself. I think that's what you would want to do to make it airtight (plus some amount of rate limiting or flagging for devices that are part of dedicated device farms).

But even if not, there's still value in raising the barrier to entry. For example, you can buy 1000 reCaptcha solves for $1-2 from various captcha-solver services. And yet that $0.001-per-request fee does discourage mass-scale bot attacks.
1 comments
Hizonner 36 days ago
... You... think... it would be a good thing.

Don't you...

link
IshKebab 36 days ago
I do. It has downsides of course, but what's the alternative at this point?
link
intended 36 days ago
I suspect that the HN crowd is somehow insulated from the river of crap and fraud that is the internet experience for a majority of the population.
link
array_key_first 34 days ago
99% of the crap and fraud comes from ads, aka Google. Thanks, Google. Just run an ad blocker, there goes most of the scams you'll see.

Also putting QR codes before every webpage doesn't make the web less shitty. It obviously makes it more shitty. And this will 100% be used for fraud. Phishing websites can get away with QR codes now, great.

link
intended 34 days ago
> the internet experience for a majority of the population

> Just run an ad blocker,

This reads as "I am fine, so you should be fine". The median internet user has a phone so chock full of cancerous malware.

And if a tool gets good enough to interfere with tech firms ad revenue, they find ways to stop it. See whats happening to ad blockers.

link
Hizonner 36 days ago
Depends on your specific problem. Usually redesign your system not to need to care if the other end is a bot or not.
link
IshKebab 36 days ago
How though? Can you also avoid DDoS simply by designing your system to not care if the requester is a bot or not.

Let's say I'm running https://grep.app/ for example. AI bots start heavily using it, costing me a ton of money. How would you magically design this so it doesn't matter if the end bots are using it?

link
Hizonner 36 days ago
Rate limit individual clients.
link
bryan_w 36 days ago
Let's play this out: how do you determine individual clients? By ip? By seasionid?
link