Verifiable Credentials, HTTP Next, and the Mitigation of Bots from Adam Sobieski on 2021-09-08 (public-credentials@w3.org from September 2021)

From: Adam Sobieski <adamsobieski@hotmail.com>
Date: Wed, 8 Sep 2021 23:55:20 +0000
To: "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <CH2PR12MB41845C4B4455D19835B2A291C5D49@CH2PR12MB4184.namprd12.prod.outlook.com>

Credentials Community Group,

Hello. Recently, a news article indicated that: “automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals” [1].

I would like to indicate the applicability of verifiable credentials technologies for automated CAPTCHA scenarios (see also: [2]).

Brainstorming, these uses of verifiable credentials could be built into HTTP Next (e.g., HTTP 4.0). Reasons for building these capabilities into HTTP Next include, but are not limited to: (1) human end-users could conveniently, automatically, distinguish themselves from software bots, and (2) human end-users could then be connected with priority servers, receive prioritized traffic routing, and consume more bandwidth over software bots.

Any thoughts on these topics?


Best regards,
Adam Sobieski

[1] https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/
[2] https://www.w3.org/WAI/APA/task-forces/research-questions/wiki/Some_use_cases_for_verifiable_credentials

Received on Wednesday, 8 September 2021 23:55:34 UTC