←back to thread

Bot or human? Creating an invisible Turing test for the internet

(research.roundtable.ai)
141 points timshell | 10 comments | 25 Jun 25 15:00 UTC | HN request time: 0.683s | source | bottom
1. lugu ◴[25 Jun 25 21:21 UTC] No.44381949[source]
It is late and I am thinking out load. How about a reputation system where users bring proof that other websites haven't found them abusive.

Visit a website that require identification. Generate a random unique identifier in your user agent. Live your life on that site. Download from that site a certificate that prove that your didn't abuse their site. Repeat that a few times.

Visit the site that wants to know if you are an abusive user. Share your certificates. They get to choose if they accept you.

If you abuse that site, it reports the abuse to the other sites that delivered you a certificate. Those sites gets to decide if they revoke their certificate or not.

It is a self policying system that require some level of cooperation. Users make themselves vulnerable to the risk of having sites they like loose trust in them.

replies(7): >>44382023 #>>44382106 #>>44382403 #>>44382406 #>>44383816 #>>44387374 #>>44396384 #
2. rcstank ◴[25 Jun 25 21:35 UTC] No.44382023[source]
Sounds like a privacy nightmare. Also, what one site calls abuse, another wouldn't.
3. spondylosaurus ◴[25 Jun 25 21:47 UTC] No.44382106[source]
Some stuff would definitely either slip through the cracks OR tarnish the reputation of legitimate users. What happens when someone's device gets compromised by a botnet that silently clicks ads in the background or turns that device into part of a DDoS army?
replies(1): >>44382221 #
4. MichaelZuo ◴[25 Jun 25 22:04 UTC] No.44382221[source]
Why would anyone even expect a perfectly zero false-positive and false-negative rate in the first place?
5. lq9AJ8yrfs ◴[25 Jun 25 22:36 UTC] No.44382403[source]
> It is a self policying system that require some level of cooperation.

How hard is it to obtain one of these certificates as a bot?

What you are describing though is possibly comparable to Privacypass.

Apple seems to be on board with Privacypass, perhaps they'll include a digital voucher of some kind with their devices and that presumably contributes to old devices getting worse as the voucher is spent down.

Just imagine if the whole web can contribute to planned obsolescence and you can pay for a fast, hassle free internet experience again just by buying a new phone.

And then you can dump the old ones on eBay for cheap as long as you don't plan on using them to access online services. Unless you are willing to settle for basic economy web experience.

6. awb ◴[25 Jun 25 22:36 UTC] No.44382406[source]
PageRank worked well for Google for a long time. This sounds like an adaptation of that that’s interesting to consider.
7. driverdan ◴[26 Jun 25 02:50 UTC] No.44383816[source]
Absolutely not. You should not want a service to do privacy invasive cross site tracking like that.
replies(1): >>44387305 #
8. dadoum ◴[26 Jun 25 13:39 UTC] No.44387305[source]
There are cryptography primitives allowing you to privately make an intersection of the certificates you have and the providers the site would trust and compute a kind of score while not exposing any of your certificates or which providers trusted you amongst them. (the only thing is that a website could extract the knowledge that one specific provider trusted you if they only trust one, but that could probably be fixed with a better protocol that the one I have in mind).
9. jefftk ◴[26 Jun 25 13:47 UTC] No.44387374[source]
> How about a reputation system where users bring proof that other websites haven't found them abusive.

If you're not careful something like that can subvert the efforts to reduce cross-site tracking, but you can do resolve this with thoughtful cryptography: https://privacysandbox.google.com/protections/private-state-...

10. calmoo ◴[27 Jun 25 12:45 UTC] No.44396384[source]
Good in theory, Orwellian in practice.