[edelbitter]

But.. the task was never "detect this" but always "detect this within acceptable constraints".

Sure, once you collect enough bits, you can tell that its me. And if you know from other sources that I am human, that solves your immediate problem. But if you do that, you have still failed at the task of detecting certain kind of abusive behavior without harming my anonymity.

[skinfaxi]

How does this relate to the article? They weren't collecting bits until they identified a specific individual so I feel like I'm missing something.

[edelbitter]

The appendix lists what they were collecting, and the amount of samples needed for not just mathematically significant, but also practically useful distinguishing power implies collecting enough for a stable yet unique fingerprint. In that case you could just add a login form.. and still be less hostile than the increasing number of websites that will not let me browse (maybe my mouse movement does not match other humans in my region, idk).

[timshell]

> In that case you could just add a login form

This is the product insight. We're not going to deploy Stroop tasks for authentication :)