Oddbean new post about | logout
 Expected afaik. But I might be wrong, it might not fit in the realm of OWASP, but it is a glaringly obvious security flaw that any respectable team would get onto fixing asap.

It's a small change for large benefit. This is contrary to spam and fake account detection which requires constant monitoring and manual intervention because it is very easy to catch false positives and for people to work around when the problem is more subjective than objective. 
 I think a lot of fraud, spam, and scam account creation problems could be solved with requiring a small refundable deposit with every account type. Ideally Lightning. 

But sadly, they’ll probably never do that because all the bot accounts fluff their advertising “views”