I’ve since forgotten about this thread. The problem is that the actual policy that is being implemented is different from the one described in the first post in this thread.
How it works currently:
- users can go to phabricator.whonix.org and sign up
- phabricator doesn’t allow to restrict e-mail addresses for sign up. White list only but no black list of spammy ones.
- @0brand sends users an e-mail and asks what they want to report.
- In some cases @0brand can do an accelerated account approval without e-mail beforehand. (In case of unpublished known-non-spam indicators.)
- If it’s a real user, account gets confirmed.
- usually spambots pass e-mail verifications empty handed
- spambots also pass captcha (there’s even commercial services for spammers where they get API access to super cheap labor solving captcha)
- only captcha supported by phabricator is javascript depending google captcha
- We don’t have anyone capable to improve phabricator. Just because something is available Open Source on the internet, doesn’t mean it’s feasible to combine it with existing web apps. Non-trivial.