> Why are anonymous signups assumed guilty of abuse before anything happens? > How about limiting usage initially, with progressive raising of limits based > on time elapsed with non-abusive behaviour (something like credit card > limits)? People should be able to establish good *online* reputations that > are not tied to their physical identity.
We do some of that, actually. Accounts that are young are examined more closely and treated more aggressively than older more established accounts. Account sellers know this and sometimes try and sell "aged accounts" for a higher price (not that it works). But as Andreas Key correctly points out, there must still be a way to throttle abusive signups. When signup or login security fails badness follows, often at huge scale. There's always some collateral damage from these schemes unfortunately. Eg, CAPTCHAs are poor for blind users. Phone verification is poor for Tor users, or users without phones. If you would like to see the effect our signup security efforts have had for yourself, visit buyaccs.com and compare the price of gmail.com vs hotmail.com accounts. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
