this is an example of what nostr will fix, and why NIP-42 is so important
if you ask for some kind of distinctive identity at the gate, they have to keep making new ones to come at you again
if you know the identities, then you treat them nice, and you give them more data sooner, than those who didn't identify as someone known
most web apps have no notion of gating access and dropping queries, this is why cloudflare has done so well
nostr will change this because we are building a protocol that is outside of regular HTTP request/response logic and basically just have to do this
the spam and dos attacks haven't even started yet, but by the time there is enough users to be worth mounting attacks hopefully you all will understand that we won't succeed with this unless we understand how to deal with these attacks at the protocol level instead of making dumb apis only
if people have nostr identities and they are past customers you can just reduce the rate limiters on responses and voila... you can then also use social graphs to make good guesses about whether a user deserves to have an easy ride in or not
web of trust is going to be a very big part of how this works, and right now, CF is doing this for you, and forwarding all that user information back to the NSA for analysis