"I pay, therefore I am" - Twitter paywalls features to "address bots"

[Kisai]

26 minutes ago, leadeater said:

These can be virtualized, not going to help at all.

https://krypt.co/

I didn't say they couldn't. I said it's the "physical" device which makes it difficult to create disposable bots. It's not exactly hard to get a million burner phones, load whatever virtual thing you want on it to "bot" things. Just space is needed.

 

I'd find that video of a wall of cell phones being used to goldfarm some mobile game, but I literately can't find it under all the videos of people showing off their own botting of rubbish games. All those P2W games, just straight up "farm" by logging in, doing whatever daily actions they're allowed to do, log off, and then login with the next account, repeat until they have enough tradeable resources to some idiot willing to risk their account to pay for it.

 

Traditional bot's basically just cycle through accounts after minutes, or even seconds. The accounts are disposable, cost nothing to create, and don't care if they're suspended or deleted after a few minutes. 

 

What I'm saying is you increase the complexity of the authentication process so that you can't create disposable accounts because it's prohibitively expensive. 

 

Did the cost of creating an account or subscribing to WoW or FFXIV ever prevent the account from being used by bots? No. That is the cost of doing business.

 

That's the point. Twitter Blue, absolutely no different in this regard. What keeps bots from overrunning WoW or FFXIV is that the human component of reporting and the company hiring staff to actually remove bots and players who use bots from the game. Twitter Blue offers no value to anyone.

 

So by adopting this ridiculous "freemium P2W" model, somehow Elon thinks people are going to want to pay now? Ha!

 

It's a cash grab. It's not a solution to bots. It's a bold face lie.

 

In fact, you know what prediction I'll make here? That bots will just do what they were doing before, and use stolen cards or charge back after they've already done the damage. It will cost Twitter more money.

[HenrySalayne]

1 hour ago, Kisai said:

But as I said before. You can't use a disposable thing as your "authenticator", phone numbers and credit card's are disposable. Burner phones are a thing. Replacing a sim card is often a $25 charge. It's not cheap, but it's not an obstacle for someone who wants to personally harass someone on twitter.

 

No, the real solution to "bot" problems has always been to use hardware token generators, and nobody wants to have a dozen of these things just to login to services. It's no better than losing your password at that point.

The whole "bot problem" seems to be highly inflated. This claim has been made many times but there is no real proof or data that it has gotten worse or is a considerable problem.

[Kisai]

Just now, HenrySalayne said:

The whole "bot problem" seems to be highly inflated. This claim has been made many times but there is no real proof or data that it has gotten worse or is a considerable problem.

I doubt there are as many bots on Twitter that Elon is claiming there are. Primarily because it seems to be more of a harassment thing than any actual cost to the service.

[ravenshrike]

4 minutes ago, Kisai said:

 

Did the cost of creating an account or subscribing to WoW or FFXIV ever prevent the account from being used by bots? No. That is the cost of doing business.

The reason it diddn't work in WoW/FF14 is because the monetary reward of selling gold/resources to non-bots was greater than the cost of signing up. Somehow I seriously doubt each individual bot account will manage to generate more than $8 worth of utility to those willing to buy bot accounts.

[leadeater]

11 minutes ago, Kisai said:

I didn't say they couldn't. I said it's the "physical" device which makes it difficult to create disposable bots. It's not exactly hard to get a million burner phones, load whatever virtual thing you want on it to "bot" things. Just space is needed.

Well yea but the point about physical device comes undone when anything like that can be virtualized and hidden and able to be created at will. Buying hardware to get around it is unnecessary now days since almost nothing can't be emulated and faked, you have to go at great lengths with multiple layers with inbuilt key stores and chains of trust which all gets exceedingly costly and pointless overall.

 

Every secure boot enabled VM for example as a virtual TPM.

 

Yubikeys are not fit for purpose for this, they serve a different purpose.

[Quackers101]

14 hours ago, RedRound2 said:

What about a unique government ID? I know that many countries still are yet to implement robust National ID systems, but eventually we will get there. And there can be sort of clearance level for unique IDs and service like Twitter will fall in the lowest category, where they can just authenticate with a government portal whether you exist as a real person or not. Once verified - hash the ID and save it in your database. In case it gets leaked, it's useless, since its hashed anyway.

This itself I feel would stop 99% of the bots.

EU countries, EU ID

more countries accept similar or under this system? not fully sure how it works or how safe or good it is.

https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en

[Kisai]

13 hours ago, leadeater said:

Well yea but the point about physical device comes undone when anything like that can be virtualized and hidden and able to be created at will. Buying hardware to get around it is unnecessary now days since almost nothing can't be emulated and faked, you have to go at great lengths with multiple layers with inbuilt key stores and chains of trust which all gets exceedingly costly and pointless overall.

 

Every secure boot enabled VM for example as a virtual TPM.

 

Yubikeys are not fit for purpose for this, they serve a different purpose.

Not everything I suggest is intended as "the one and only perfect solution" you know. The yubikey was just the first thing that came to mind that fits the intended purpose. 

 

When it comes to stopping bots in a MMO, only the physical authenticators do that, not the virtual ones. Once you can virtualize the authenticator, (eg using Authy or something) then it becomes trivial to just put your million bots into authenticators. It's just a question of time taken to automate, and even a tiny hurdle is enough to send people who don't want to put in the effort packing. A tiny hurdle multiplied across a million accounts is still more expensive to the botter if you put a cooldown on logging in per IP v4 address of like 15 minutes.

 

 

Like of all the proposed solutions, none of them:

- Work for every country (of which it HAS TO work in the US or it's dead in the water)

- Work for every person (eg authenticators and 2FA's are completely useless for blind people) 

- Work for every income level (hardware tokens are expensive, using a bank as an identity authenticator still requires having a bank, which isn't ubiquitous outside North America and Europe)

- Work for every lifestyle (That twitter may be X celebrity or corporation, but I assure you that multiple people are managing those big corporate accounts, and personal accounts of celebrities and politicians are almost certainly being run by their agency staff.)

 

Like it just shows you how thoughtless trying to remove the previous verification process was in the first place. The entire point was to ensure that X famous celeb/politician was not being impersonated, but because Twitter would only do this verification if you used your real name and photo on the twitter, that left out people who want to stay known by their pseudonym only.

 

We know paying for blue is a scam. It offers no value to anyone. We've long known that subscriptions to social media accounts must offer a useful benefit (Which is how subscriptions worked on LiveJournal BTW) and you could GIFT subscriptions to people on LiveJournal, which is why "subscriptions" should have no connection to verifying anything.

 

If Elon wants people to pay for Twitter, then he should have straight up stole a page from Twitch, Youtube and Chaturbate and allow people to buy a premium currency that they can use to "gift" the people they want to support on Twitter. THAT would have made sense. But, no, for some reason Elon thinks twitter is a clout machine that people actually care about. Truth is, nobody gives a care about your follower count. They only care who YOU follow. That is tactical endorsement of those other brands if you interact with them, and a tactical "I agree with this person" when you like their posts.

 

[suicidalfranco]

On 3/29/2023 at 6:28 AM, RedRound2 said:

What about a unique government ID? I know that many countries still are yet to implement robust National ID systems, but eventually we will get there. And there can be sort of clearance level for unique IDs and service like Twitter will fall in the lowest category, where they can just authenticate with a government portal whether you exist as a real person or not. Once verified - hash the ID and save it in your database. In case it gets leaked, it's useless, since its hashed anyway.

This itself I feel would stop 99% of the bots.

Why?

It's the one thing i respect the US for, and hate being forced to have here in Italy

[leadeater]

9 hours ago, Kisai said:

Not everything I suggest is intended as "the one and only perfect solution" you know. The yubikey was just the first thing that came to mind that fits the intended purpose. 

I know, I wasn't trying to be too critical. It's just that something like a yubikey doesn't fit for proof of person or identity. It's simply a safe to put things in, like a physical safe. You can put something in to the safe that is akin to a personal identifier however since these personal identifiers can be generated by a person they become "many to one" without any actual way to know from the service end so if all you are doing is checking for an identifier and one is provided and that is proof of personship/human then it's pretty easy to abuse for bot purposes.

 

Put it this way, at any point anyone can generate a private/public key pair. They can generate as many as they like. They can have all the private keys stored and accessible yet how does anyone external to this person know they are all generated by a single person?

 

That's why I wanted to point out something like a yubikey isn't fit for purpose and wasn't designed for such a usage.

 

Virtual Yubikey are here, the link I gave you is literally that. It has been around for a while, in a different name/form before that site/company, on Github. Pretty much the only way to verify a person as a person is through something they cannot generate themselves, like gov issued ID etc

[Kisai]

23 minutes ago, leadeater said:

Virtual Yubikey are here, the link I gave you is literally that. It has been around for a while, in a different name/form before that site/company, on Github. Pretty much the only way to verify a person as a person is through something they cannot generate themselves, like gov issued ID etc

And yet that is the problem. You have countries like the US who balk at national id's, and culturally it's unacceptable (see X-men as one example.) The closest thing we have are passports, and it would be unfathomable for websites to ask for passports, JUST to have an account.

 

You know what sites ask for passports? Chaturbate, OnlyFans, basically porn sites. You know why? Because most of the models are not American, they're usually Eastern European and Latin America. The sites want to confirm that the person is legal age, and is who they say they are, because they have very strict rules about what can be shown on stream or in a video. Every single person that appears in a video, has to be vetted. If a cat, dog, or child suddenly opens the door to your streaming room, you have to kill the stream immediately.

 

The Passport however is not a good way to ensure someone is who they say they are, because passports can be forged. Do you really think that anyone has the resources to ensure the passport is real? Nope. The porn sites are only looking at the DOB, nothing else. If they hold onto any private information from the passport, they are in violation of various GDPR-like laws.

 

You can't have it both ways. If you ask for a passport or a taxpayer ID number, you better be employing that person full time. Twitter ain't that.

 

Perhaps some kind of pseudo-anonymous internet passport will be created to allow online creators operate as per usual, and it's generated from their actual passport biometric data so that it operates as an authenticity tool, but keeps their privacy intact. But handing your passport over to companies who aren't employing you is an absolutely asinine insane request. What is to stop someone from that company misusing that information?

 

Equifax and Transunion exist. They already serve this purpose. But they aren't infallible. One of these companies somehow has two versions of my identity on file, because my name is hard to spell. Do you know how bloody hard it is to get a government entity to fix a spelling error? A spelling error made... 30 years ago, keeps coming back to haunt me, the latest was with the covid vaccines. Then somehow companies that have access to this data, keep using the wrong data.

 

Just trust me when I say, the government ID being used as an authentication mechanism is supremely stupid, because all it takes is one typo and you don't exist to half the world.

[RedRound2]

3 hours ago, suicidalfranco said:

Why?

It's the one thing i respect the US for, and hate being forced to have here in Italy

What are you exactly referring to from my original quote? 

[leadeater]

2 hours ago, Kisai said:

Just trust me when I say, the government ID being used as an authentication mechanism is supremely stupid, because all it takes is one typo and you don't exist to half the world.

RealMe integration would work but every country would need one, Twitter would have to integrate with them all (not that difficult really) but then every country would need a "RealMe" and we both agree that ain't happening heh.

[suicidalfranco]

36 minutes ago, RedRound2 said:

What are you exactly referring to from my original quote? 

on the argument of "forced government ID"

[RedRound2]

4 hours ago, suicidalfranco said:

on the argument of "forced government ID"

Its eventually going to be a thing, like it or not. Plus having something like that will greatly simplify and drastically improve efficiency overall in pretty much all aspects of the society.

[Quackers101]

would kind of like IDs as numbers and "relaying the info", a bit like with emails? or temp credit cards?

as you got a master for important stuff, but can generate new ones to be used else where. keeping track of all "sub emails"/sub-address that also has an number count for the service. Like 3 sub-addresses for google, 2 sub-addresses for that platform, and platforms could deny you more than 2-3 sub-adresses to their services, if they are valid? Also maybe makes it easier to send delete personal detail requests, police requests, or to inform of death or deactivate account because of? although deactivation might help some criminals, to other things for other abuse, exploits to corruption methods.

Edited March 30, 2023 by Quackers101

[My_Computer_Is_Trash]

On 3/28/2023 at 3:49 AM, PcBeExpensive said:

saw this today. It's bullshit, its so obviously for the money. Even the for you page will be removed unless you have the blue tick, what the hell. I used to like Elon and think he was smart, I was wrong. Next thing you will need to pay to get a twitter account.

It's not for the money as Elon Doesn't need it. The point of this is so that people can't rapidly produce bots and send them out in the thousands. Because then you would have to pay 8 dollars for every bot account you make. Honestly, I don't think this will have a big affect on Twitter at all. This is because you don't post on Twitter unless you are someone who has influence. You just read what other people who have influence post. (politicians, businesses, and news sources) And influencers have the money. I mean, for example, if you like trampolines a lot, and people who also like trampolines don't pop up in your "for you" because they don't have a blue checkmark, do you really care that much? No. You don't. Because chatting with people about trampolines isn't entertaining.

[PcBeExpensive]

37 minutes ago, My_Computer_Is_Trash said:

It's not for the money as Elon Doesn't need it. The point of this is so that people can't rapidly produce bots and send them out in the thousands. Because then you would have to pay 8 dollars for every bot account you make. Honestly, I don't think this will have a big affect on Twitter at all. This is because you don't post on Twitter unless you are someone who has influence. You just read what other people who have influence post. (politicians, businesses, and news sources) And influencers have the money. I mean, for example, if you like trampolines a lot, and people who also like trampolines don't pop up in your "for you" because they don't have a blue checkmark, do you really care that much? No. You don't. Because chatting with people about trampolines isn't entertaining.

ok, understood. 

[My_Computer_Is_Trash]

3 minutes ago, PcBeExpensive said:

ok, understood. 

..........well was unexpectedly well received.

[PcBeExpensive]

1 hour ago, My_Computer_Is_Trash said:

..........well was unexpectedly well received.

no point to argue.

[RedRound2]

9 hours ago, My_Computer_Is_Trash said:

It's not for the money as Elon Doesn't need it. 

He doesn't need money, but his company does.

 

The main issue isn't that he's turning Twitter into a paid platform. Had he come up with this idea from the get-go, it would have been fine actually. The problem was that our self-proclaimed "free speech absolutist" who was supposed to preserve the "internet's town square" is implementing things that pretty does completely throws the concept of equality out of the water, especially when there are obvious solutions that exist that is a hundred times better than what he is proposing to do.

9 hours ago, My_Computer_Is_Trash said:

The point of this is so that people can't rapidly produce bots and send them out in the thousands. Because then you would have to pay 8 dollars for every bot account you make. Honestly, I don't think this will have a big affect on Twitter at all. This is because you don't post on Twitter unless you are someone who has influence. You just read what other people who have influence post. (politicians, businesses, and news sources) And influencers have the money. I mean, for example, if you like trampolines a lot, and people who also like trampolines don't pop up in your "for you" because they don't have a blue checkmark, do you really care that much? No. You don't. Because chatting with people about trampolines isn't entertaining.

Okay, so this bot problem.

 

People deploy bots (the main ones that cause issues) because they have some direct or indirect (99% of the time) monetary benefits they get out of it. So as long as each bots make over 8 USD a month (which given the prevalence of online scams, doesn't really seem to be that big of stretch to imagine) - it's not at all a big deal. 

 

So, this really didn't solve anything. And the original purpose of the blue checkmark was for the broader audience to verify influential people's real accounts - which also has been greatly thwarted. I mean really, which average joe complained about the fact that celebrities got to wield their blue checkmark and we didn't - that was never the type of inequality people were fighting about. But Elon used this excuse to open up Blue to everyone - get the bots on board - so he can help the company make some dough.

 

If he was genuine about solving the bot problem, persevering equal rights and freedom of speech - he could have done something that I proposed earlier with unique IDs. That way - everyone genuine about using the platform can get verified without any additional monetary burden and simultaneously serve as severe obstacle to get any unverified accounts (aka bots) to actually cause any meaningful damage.

 

For restoring the company's balance sheet, he can do things like charge 50-100 USD for all gold check marks (basically company accounts that pretty much uses the platform for PR and marketing purposes), and provide additional more expensive tiers for those who want it just for status purposes that really doesn't serve any real benefit.

[Kisai]

3 hours ago, RedRound2 said:

He doesn't need money, but his company does.

 

The main issue isn't that he's turning Twitter into a paid platform. Had he come up with this idea from the get-go, it would have been fine actually. The problem was that our self-proclaimed "free speech absolutist" who was supposed to preserve the "internet's town square" is implementing things that pretty does completely throws the concept of equality out of the water, especially when there are obvious solutions that exist that is a hundred times better than what he is proposing to do.

Twitter stopped being a "town hall" the second it accepted ads onto the platform. Anyone with money can shout louder everyone else with less or no money.

 

By making it so that only people who paid admission can even enter the town square, makes it no longer a town square, but an amusement park or circus. And we all know who the clown is here.

 

3 hours ago, RedRound2 said:

Okay, so this bot problem.

 

People deploy bots (the main ones that cause issues) because they have some direct or indirect (99% of the time) monetary benefits they get out of it. So as long as each bots make over 8 USD a month (which given the prevalence of online scams, doesn't really seem to be that big of stretch to imagine) - it's not at all a big deal. 

 

Bots are on all platforms that allow people to create accounts for free. Creating accounts for free is less expensive than than processing payments or verifying identity. It's that simple. Bots wouldn't even be a big deal if they weren't masquerading as legitimate companies or people. 

 

Here, I'll show you something...

 

Looks like only the bots are the ones paying for blue gold checkmarks. Notice they are all "Square" icons?

 

Now, I'll point out the obvious, the reason these accounts are blocked, is because they were pushing scams and clickbait. Maybe not all of them, but like clockwork, around the third week of every month you'd see hundreds of these clickbait accounts.

 

Twitter blue has already failed. If I go through the rest of the block list, it's the usual "psychopaths and shills" that were blocked, and there's not a single blue checkmark among them.

 

If I look at my follow list, let's count how many check marks there:

Gold (3): EVGA, Canada Post, FFXIV

Blue (18): 15 artists/vtubers/journalists, and the curiosity rover.

I'm following less than 200 people, so only 10% have a checkmark, and ALL those blue checkmarks are legacy.

 

 

3 hours ago, RedRound2 said:

So, this really didn't solve anything. And the original purpose of the blue checkmark was for the broader audience to verify influential people's real accounts - which also has been greatly thwarted. I mean really, which average joe complained about the fact that celebrities got to wield their blue checkmark and we didn't - that was never the type of inequality people were fighting about. But Elon used this excuse to open up Blue to everyone - get the bots on board - so he can help the company make some dough.

 

All the gold checkmark did was made it easier to identity what accounts to block. If that account has a checkmark and is appearing in your feed without you interacting with it? Block. Those blocks up above? After Elon took over, I went and wiped out the block list on one of my accounts just to see what would happen, and wouldn't you know it, those accounts that now have gold checkmarks? Back to posting clickbait and scams. Notice the pattern in those images, chances are all those bots are controlled by one person.

 

Allowing "anyone" to have a checkmark by paying for it, just means the checkmark is utterly worthless and means nothing.

 

And since that's what the "For you" is going to be, that means I'm going to end up blocking a lot more "gold checkmarks"

 

3 hours ago, RedRound2 said:

If he was genuine about solving the bot problem, persevering equal rights and freedom of speech - he could have done something that I proposed earlier with unique IDs. That way - everyone genuine about using the platform can get verified without any additional monetary burden and simultaneously serve as severe obstacle to get any unverified accounts (aka bots) to actually cause any meaningful damage.

 

For restoring the company's balance sheet, he can do things like charge 50-100 USD for all gold check marks (basically company accounts that pretty much uses the platform for PR and marketing purposes), and provide additional more expensive tiers for those who want it just for status purposes that really doesn't serve any real benefit.

 

Nah, here's what I would have done had I "owned" twitter.

 

Four levels of verification and one level of "support":

1. Passport verification = Green Checkmark "this is a human", create a salted hash of the passport name and number, and keep that on file. You can only ever have ONE green verification, no matter how many accounts you have. This costs nothing, but you can only have it for your real name. Once verified, the name on the account is locked to the name on the Passport.

 

2. Paid verification (one time) = Gold checkmark, "this is a legal entity" run a soft credit check against the name or business using the credit card presented. If the "credit" score is 740 (very good) or better Gold checkmark. If the credit score is below 740, reject. The point of the gold checkmark is to go "this is a legitimate person or business, who actually has a history of being a real entity, but may present as a fictitious entity." Store a salted hash that says this credit profile has already been done once. You may only have one gold checkmark. If you own more than one company, then you are running credit checks against each company. If your company has a bad credit rating, then it does not get a checkmark. I repeat, if your credit check says you're bad, you do not get verified.

 

3. Pseudonymous verification = Basically "this is my identity for all intents", Blue verification. To do this, you must link multiple accounts (eg youtube, twitch, Instagram, tiktok, steam, epic, etc) that has combined $1000 in existing assets, or generates combined more than $100 in revenue per year. The verification process will basically go "Okay these accounts are their official accounts they have access to" and those will be linked in their profile. You'll have to annually allow twitter to login and check that the accounts still exist to maintain the pseudonymous verification. No circular verification (eg you can't verify twitter with google, and facebook, and then use facebook to verify twitter) and no reuse of the accounts with other twitter accounts. 

 

4. Government, and registered charity/non-profit entity. This is a stand-alone account with a "globe" checkmark. Entities must verify that they are who they are (eg business registration, election registration), the same as the passport above, but must also show that they have been elected to office, or running for office during an election. 

 

For all intents, users that actually give a care, would just do the passport if they are a journalist or celebrity who uses their real name, or the pseudonymous route if they are someone like a vtuber, instagram influencer, or youtube streamer. 

 

5. "Direct supporter", when you follow someone, if you gift or tip someone on twitter, this fan will get an icon that appears on the "follower" list, and any interactions to say that "this person has directly supported them". This allows celebrities to know that someone is "most likely a fan" and not some random bot. This would be like a gift icon or something. This is tracked only by the person being followed, and is seen only by other followers who have tipped the twitter user in the last 30 days. 

 

How I would modify the algorithm would be so that "government" tweets can't be "blocked" if they are from elected officials, and anyone in that voting area can tweet at that government entity, and can not be blocked. The US President can not block you unless you are not a US-based twitter user. Tweets from politicians will only pop into your feed if you follow them, or during the voting period to remind you there is an election you should be voting in. A government twitter can't be suspended, but it can be disabled if they are not presently elected or running for a current seat. More to the point however, is preventing foreign influence, so you can not tip a government office, only verified NGO's.

 

One-time Paid verification and Passport verification would play by the regular rules, but be immune from "suspended" status since you can only get one of them. They will instead have a "tweeting disabled" status as punishment for ToS violations where the tweets will be unsearchable, and a "are you sure you want to read tweets from this account?" interception.

 

Pseudonymous verification would be treated the same as Passport verification, but can be suspended should a ToS violation be egregious. All connected social media will be blacklisted from being used to verify another account.

 

Which leads to "what-about-everyone-else?" There is no reason to elevate checkmarks above anyone else. That defeats the purpose of verification and turns it into a pay-2-win game.

 

If you pay to be verified, that's a one-time thing. You don't need to be re-verifying an account every month, maybe once per year, or if there is a request to change the name/bio.

 

 

But ultimately? I think the damage was already done. Elon's twitter is garbage twitter, and has become a much worse experience, and "twitter blue" is only going to drive off everyone left from using it.

[RedRound2]

18 hours ago, Kisai said:

snip

You know for all the weird moves and tantrums the guy causes he really sounds genuine in what he believes in. Last night (or I guess morning in US time) he hosted a Twitter spaces discussing open sourcing the algorithm, and he was answering questions from the audience. And you know what, he sounds really genuine - even tho I have absolutely no idea why he isn't able to see the obvious issues with his methods

[mr moose]

On 3/30/2023 at 10:00 PM, suicidalfranco said:

Why?

It's the one thing i respect the US for, and hate being forced to have here in Italy

The US already has something better than government ID, they have facial recognition so they can see where you've been or where your going without you even having o sign up. 

https://www.fbi.gov/news/testimony/facial-recognition-technology-ensuring-transparency-in-government-use

 

[suicidalfranco]

3 hours ago, mr moose said:

The US already has something better than government ID, they have facial recognition so they can see where you've been or where your going without you even having o sign up. 

https://www.fbi.gov/news/testimony/facial-recognition-technology-ensuring-transparency-in-government-use

 

Wonder where does that put China on the ranking who probably does both

[CerealExperimentsLain]

On 3/30/2023 at 4:32 PM, My_Computer_Is_Trash said:

Because then you would have to pay 8 dollars for every bot account you make.

Thank goodness that there's no way to 'steal someone's identity' and then use their methods of payment, particularly a credit card, and use that to pay for things.  And that's not something a bot could exploit enmass.  Gosh, imagine if we lived in a world where credit card information was stolen frequently?  Then there'd be a real problem. ha ha.