|
nutballs
|
 |
« Reply #20 on: May 27, 2007, 08:14:16 PM » |
|
so I am gonna start monkeying with this idea now.
I have had some thoughts about usages as well. Although im sure you guys can guess my primary usage for this, which would be traffic direction in my BH network, I actually have a legitimate use for this, that i think could be interesting.
Every social bookmarking site out there has a problem, and that problem is spammers. So they add in Captchas, which can be broken, they add in codes into the URL which also can be broken, and a host of other things.
I run two social bookmarking sites, lower end, and they dont make any money because that wasnt the purpose in them. But now, I am wondering if i jumped into the game, with a good design, and simplify my concept down to the most basic level, would i get a userbase.
The biggest things with SBM sites are:
adding the bookmark easily. done
mark as spam. done
mark as good. done
personalizing bookmarks, like titles and such. done.
Ranking Algo. done.
way to prevent spammers from using your site for evil. not done.
So here is the thought. that last part of preventing spammers is the biggest hurdle for any user generated content site. Captchas are annoying, and can be busted if the target is worth the effort. everyone hates them. so what if you could determine "friend or foe" without any captcha. without any interaction with the user?
you could technically do this with usage analysis. but that means the user would have to be around for a while before you trust him. so thats no good for a new user anxious to try out this cool new SBM site.
So... what if you used the browser to your advantage. The idea of how a browser works is what has already been said, but i will reiterate. the browser requests a page, parses it, requests images to be downloaded that the page requires, sets cookies if that site asked for them in the headers, and then run any JS on the page. If that JS is ajax, it then continues with communication if required. This all happens in seconds.
all bots currently work under the principle of download the page, come back later for the extras.
so have the page do the following:
request an image, which is actually a routine on the server.
that image sets a cookie.
the page itself sets a cookie from serverside.
and a cookie is set via JS
JS in the page makes a request via ajax which then tests for the cookies which have some kind of key pair in them.
so if a bot, then none of those things will happen at the same time.
if user with a browser, they should all happen in the same basic timeframe.
The way I understand all of this to work is that all the communication for this can be sniffed with even the most basic of header analyzer. would HTTPS eliminate that problem? or is there a way to hide whats going on? im guessing not, since all traffic across the wire would be able to be sniffed. So the spammer would now know that, we set three cookies, and make 2 requests out, 1 to a fake GIF and one to an ajax request.
basically, i am wondering if there is a way to pull this off, with enough back and forthing between the client and server, to make it very difficult to crack.
like page loads, js requests image, image sets cookie, js reads cookie, js sends code back to server, assuming code matches, server replies with routine to allow redirect, redirect is requested, etc etc etc.
thoughts?
|
