I'll just put this out there because I don't know if I could ever implement it, I've had this idea that's essentially "IP permitted from"
We would extend the whois database to contain an oauth url for a given IP block and then forums or other services that need to ensure a real human person is present (Like at registration or when combined with some other trust systems), would bounce the user over to the URL and it would require the user to login via U2F/passkeys/TOTP/etc.
The thinking is that isps are the ones who know their customers are real, and as long as they can challenge them in a human interactive way, that should provide a strong signal that it's a real human. It's also a good way to protect against cookie stealing and could provide resistance from 'man in the browser" attacks as the end user would become suspicious of all the isp challenge pages popping up if a machine was being used in spamming.
It's not foolproof, there could be insiders working at the ISP, and this would require cooperation of all isps everywhere, but it would be a step in the right direction
We would extend the whois database to contain an oauth url for a given IP block and then forums or other services that need to ensure a real human person is present (Like at registration or when combined with some other trust systems), would bounce the user over to the URL and it would require the user to login via U2F/passkeys/TOTP/etc.
The thinking is that isps are the ones who know their customers are real, and as long as they can challenge them in a human interactive way, that should provide a strong signal that it's a real human. It's also a good way to protect against cookie stealing and could provide resistance from 'man in the browser" attacks as the end user would become suspicious of all the isp challenge pages popping up if a machine was being used in spamming.
It's not foolproof, there could be insiders working at the ISP, and this would require cooperation of all isps everywhere, but it would be a step in the right direction