But it really doesn't have to be like this.

For their bug bounty program, the company can just charge 5-10$ per submission to guarantee everything you send gets thoroughly reviewed by a human, and so it completely eliminates bot slop DDoS submissions overnight. If your bug and PR was actually good, then you get 10 + 1000$ back, and if it wasn't good, then you need to do better due diligence next time, and the skilled human feedback you received on why it wasn't good, was a valuable lesson for your engineering career, and it only cost you the price of a Starbucks latte, and it also cut out all the scammers polluting the system. This way everyone wins.

I said it before and I'll say it again, for opportunities open to the entire world on the internet, adding monetary friction is THE ONLY (anonymous) WAY to filter out serious people from bad actors doing spray-and-pray hoping they'll make some money, or get that job, by weaponizing AI bots. You can't rely on honor systems and a high trust society on the anonymous open internet, you need to financially gatekeep to save yourself and your sanity, and make sure the honest serious people you want to engage with don't end up drowning in the noise of the scammers and unscrupulous opportunists.

But we can't shut ourselves down just because we refuse to apply solutions to AI slop DDoS.

▲ goalieca 5 hours ago | parent | next [-]

The bots spam even when there's no bug bounty program. The emails start out with "I received $500 for a similar reported on another site"

	▲	autoexec 44 minutes ago \| parent [-]
		Thankfully the number of beg bounties I've seen has been stable so far. Maybe they're just devoting most of their time on the places that openly promise money.

▲ dotancohen 4 hours ago | parent | prev | next [-]

  > monetary friction is THE ONLY (anonymous) WAY to filter out serious people from bad actors

How are monetary transactions anonymous?

	▲	joe_mamba 2 hours ago \| parent [-]
		It's not fully anonymous but partly.

▲ 4 hours ago | parent | prev | next [-]

[deleted]

▲ nathanielks 5 hours ago | parent | prev | next [-]

This is a great strategy idea, I like it. I'm not good at thinking out the curse of the monkey's paw, so I'm curious if folks can think of any downsides.

▲ CamperBob2 5 hours ago | parent | prev [-]

I said it before and I'll say it again, for opportunities open to the entire world on the internet, adding monetary friction is the only way to filter out serious people from bad actors doing spray-and-pray hoping they make some money or get that job through weaponizing AI bots and sucking all the air in the room.

So many problems can be solved that way, including customer support. Instead of having to post a sob story on Twitter and HN when the AI at BigCo bans my account for no reason, why not charge me $100 for access to human support that is empowered to triage and escalate genuine issues? Then, issue a refund if the problem is on their end.

I don't understand why this isn't a thing.

▲

thfuran 5 hours ago | parent | next [-]

$100 is way too much. Maybe $5 to get people to spend 30 seconds on google to solve the easy problems instead of calling. But I wonder if even that would be enough to significantly incentivize claiming everything is intended behavior / user error just for another revenue stream.

▲

hnlmorg 4 hours ago | parent | prev | next [-]

$100 for someone in SV isn’t much. $100 USD for someone in Africa, India, some parts of Asia could be a week or even months salary.

You could probably adjust the cost per region, but then you open yourself up to spam bots again because it’s trivial to spoof one’s location.

▲

stackskipton 5 hours ago | parent | prev | next [-]

My guess is there is no easy way to deal with chargebacks and they would probably be bad.

It would almost need to be analog. Fill out this form and drop it in the mail with 10 bucks inside.

	▲	thfuran 4 hours ago \| parent \| next [-]
		Placing holds on money on a credit card is totally normal. Hotels do that all the time.
	▲	CamperBob2 4 hours ago \| parent \| prev [-]
		My guess is there is no easy way to deal with chargebacks and they would probably be bad. Sure there is. That would be casus belli for a real ban.

▲

travisgriggs 5 hours ago | parent | prev | next [-]

It’s hard to forecast this. Support calls occur chaotically. So staffing to support them is difficult to do in a way that keeps a steady margin.

▲

thavalai 5 hours ago | parent | prev | next [-]

I wonder if transaction costs get in the way. Someone has to pay the payment provider in both directions.

▲

dotancohen 4 hours ago | parent | prev | next [-]

Then who arbitrates the inevitable dispute over whose end the problem was?

	▲	CamperBob2 3 hours ago \| parent [-]
		For the times when it actually saves the company from going through arbitration, $100 is cheap.

▲

4 hours ago | parent | prev [-]

[deleted]