undefined | Better HN

0 pointsMichaelBurge9y ago0 comments

* Require businesses to provide a tax id or registration number appropriate to their country.

* Require security deposits to be paid with a bank transfer, cashier's check, or money order from a country with strong anti-money-laundering laws.

* For countries like the US where business information is public, verify the provided business address against public records.

* Allow larger sites like the NYT to require higher standards of verification(maybe 6 months active history on your account), so even if you went ahead with your malware attacking(say, using a homeless person to shield you from the cops) it at least wouldn't hit the NYT.

Honestly, I think at least taking their security deposit would deter a lot of attackers. You're probably right that it wouldn't help much against targeted attacks at smaller sites.

0 comments

evilDagmar9y ago

All that would mean is that the malware authors will get paid slightly more for ensuring they have more pernicious and persistent malware. Considering the amount of havok the ransomware guys have been causing lately, do you think they'd really be bothered by being asked to pony up even a $50,000 deposit?

The real problem is very simple. The advertising companies need to stop publishing non-vetted media files (which means they can also no longer do a http referral to a site they don't control to save "bandwidth costs"). Many of them are not doing that because they're foolishly assuming a "deposit" or any other such arbitrary monetary penalty is going to be cost-prohibitive to a criminal organization. To the criminal organization, it's no different than any other bribe.

j / k navigate · click thread line to collapse