On 30 Apr 2013, at 8:42 PM, Ben Laurie <b...@links.org> wrote: >> This would have no real effect. >> >> Bots are patient, slowing them down isn't going to inconvenience a bot in >> any way. The simple workaround if the bot does take too long is to simply >> send the requests in parallel. > > Disagree. Raising the bar reduces volume. > > In general, I hate the argument that improvement X has obvious > workaround A and therefore we should not bother with it. It's > absolutely impossible to make forward progress in security with that > attitude. Every defence is defeatable (says experience) yet some are > still worth putting in place.
It's not worth breaking the web to do it. If you wanted to do something constructive with these requests, come up with a way to signal the owner of the originating IP address that something dodgy is running on their machine. Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
