James Britt
11/14/2004 6:05:00 PM
Sam Roberts wrote:
> Quoteing jamesUNDERBARb@neurogami.com, on Mon, Nov 15, 2004 at 02:15:51AM +0900:
>>Quick summary: Much spam. Much from bots. Quick hack to stop bot spam
>>by requiring urls to use uppercase HTTP. Still spam from humans; at
>>least make them work for it.
>
>
> Understood. I'm starting to like the login/passwd idea, though. At least
> internet users understand the mechanism. The capitialize all HTTP thing
> is more like a secret handshake!
Yes, very much so.
Thinking out loud:
The choice seems to depend on where best to shift the burden or cost of
maintenance and compliance. Using a login system, code must be added to
manage it, which is a one-time cost, but there is also a recurring cost
of checking that users are not abusing privileges. Users may also
forget their passwords, so one can either write code to manage that
part, or carry the admin burden of manually providing the password. For
users, though, the system is familiar and easy, and password management
is often built into the Web browser, so there is little to do once a
login in obtained.
With the secret handshake approach, there is also a one-time code cost,
but it is arguably much lower than the cost of a password system. The
burden of compliance is carried more by the user, who must go figure out
the handshake. There is a recurring admin cost of monitoring for spam,
but that may always be the case no matter what. And users tend to be
the ones reporting spam, not a site admin. Users also carry a recurring
cost, having to employ the handshake for any post that includes a URL.
If the handshake needs to change, the overall cost is going to be much
lower for the administrator than for users.
In general, what are the criteria when deciding how to assign such
costs? Partly it has to do with barriers to entry, so another question
might be, what sort of barriers to participation produce the most useful
or interesting results?
James