Doesn’t really make sense, because any service can just say “you must paste your human-attestation JWT here to use this service” and plenty of people will.

▲

0x3f 4 hours ago | parent [-]

You can just decay your trust level based on the `iat` value. That way people will need to keep buying me coffee. I can optionally chide them for giving out their token.

If you're engaging with the idea seriously, I suppose we'd need to build a reputation or trust network or something.

Although if you're talking about replay attacks specifically, there are other crypto based solutions for that.

	▲	tshaddox an hour ago \| parent \| next [-]
		My point is that there probably is no way in principle to distinguish between a human user utilizing automation on their own behalf in good faith (e.g. RSS readers) and bad faith automations.
	▲	magicseth 3 hours ago \| parent \| prev [-]
		I am engaging with this seriously! I don't know if there will be any real solution. But I think it's worth exploring.