Unfortunately it is very difficult in practice. And a wise person once said:
“Theory and practice sometimes clash. And when that happens, theory loses. Every single time.”
The problem will become thorny when you consider what can be automated vs. what can't be, and what should be vs. what shouldn't. IOW, what do you consider a "routine decision".. after all it is subjective.
It is completely unreasonable to expect that people will give you their money and then never want to control it in some way. In fact, it's a contradiction really.
So I certainly applaud you for considering the problem and more so if you make an attempt at some implementation. However, it is a bit like asking "will AI become self-aware and make humans obsolete". For the foreseeable future people will not relinquish the ability to somehow "pull the plug".
IDK what the fee schedule looks like but you'd think they'd take a play from governments and make the commissions progressive.
In other words, the more money a developer makes, the more fees they pay. That way there's better incentive for smaller shops and developers to join. They might also look somewhat more benevolent.
"Apple on Wednesday released an updated developer license agreement that gives the company permission to recoup unpaid funds, such as commissions or any other fees, by deducting them from in-app purchases it processes on developers’ behalf, among other methods."
They're really not happy about Epic games lawsuit, huh!?
Yeah, it's a big world and it has a clever way of getting what it wants. On a serious note I'd say you'll just have to balance your design w/ what people are willing to pay for. You probably know this already though :-)
Can you comment on the notion that Turnstile's primary goal isn't to keep bots out 100% but instead to slow them down to "human" speeds.
Asking because as a dev I hate when sites don't allow bots... however can appreciate that automation should be rate-limited. IOW, isn't preventing bot access actually an anti-pattern since rate-limiting is sufficient?
I see a lot of marketing which bashes Turnstile [detection] rates and tries to leverage this misunderstood nuance. And, it seems to be a dishonest point of contention but am willing to hear opposing arguments.
Cloudflare is really good at network bot detection. Rate-limiting is super helpful here, for example during DDoS attacks.
Our customers are a little different. They sometimes struggle with high-volume bot attacks (e.g. SMS toll fraud in ticketing marketplaces), but we specifically focus on online platforms that want to verify a human is on the other side of the screen. For example, survey pollsters and labor marketplaces want to stop a slow agent that can complete traditional CAPTCHA even if it's solving it a human speed
I see. I'll have to read the marketing more closely next time, lol. The cynic in me only notices the detection rate comparisons, which I'm sure the marketing folks don't mind much ;-)
reply