For email, I've had some luck just modifying the page with JS that's either indirect or obfuscated enough that the address can't be pulled directly from it - e.g. "var email" is the address encrypted with a fixed key, the JS decrypts it and then alters the HTML.
It can obviously be bypassed by using a JS runner, but it seems to be enough of a hurdle that few spammers bother. "You don't have to outrun the bear", as it were.
Nice. It's a pretty low-traffic site, so something that doesn't require an external service but is still capable enough to defeat 90% of spammers sounds like a good compromise. I imagine drawing the email address to a canvas instead of a textual HTML element could be more effective, alas not accessible.
I have my email in plain text on every page of my site. I get about 1 spam per day that I see in my inbox on Gmail. I suppose Gmail filters even more silently. It's been working fine for over a decade. Is there some scale of site popularity where it becomes a problem?
FWIW, o3 seems to get to the point more quickly than most of the other LLMs. So much so that, if you're asking about a broad topic, it may abbreviate a lot and make it difficult to parse just what it's saying.
The trivial interpretation is: every word written can be constructed by optimizing a prediction based on current state, what has been written so far, and a sufficiently complex model. This is true of anything computable: just make the method implicitly contain the program by assigning a high probability to any token that is consistent with running the computation one more step. It's also true of anything expressible: just brute force a solution that can be expressed in n words, then assign a high probability to the first word of these n words.
The profound but wrong interpretation is that intelligence is just statistical prediction according to some general-purpose algorithm, and that this algorithm is tractable. Consider something like solving a SAT problem. You're going to have a hard time using any tractable general-purpose algorithm to predict whether x_2 is true for the satisfying solution based on some long CNF statement plus "x_1 is false".
Now, what you _can_ do is augment your model so that if the previous tokens constitute a CNF-SAT instance plus a partial answer, then you cart these off to a SAT solver and output its next token. But the more you do this, the less force the "mere statistical prediction" part holds. The "next-token predictor" is just an interface to an assembly of different approaches; and often, these approaches (like the SAT solver) will output the whole solution all at once for free.
A good elaboration of this point is Greg Dow's "Governing the Firm" and "The Labor-Managed Firm".
In short, worker-owned businesses are rare because individual workers are poor (relative to the capital that's needed) and they can't get external funding because the investors want control in return, which labor management can't provide.
That's why most large-scale worker-owned businesses are part of a federation supported by a bank - e.g. Mondragon's Caja Laboral. Institutional design indeed does matter.
Funding is a huge part, for sure, but also getting incorporated. Talk to a lawyer and your state about founding an LLC or sole proprietorship. Ezpz. Done in an hour.
Talk about founding a workers co-op that's democratically run? With shares issued to each worker? There's just no template for it. It's days of work to get it over the line.
Since the generic fingerprint is associated with Tor, you get a lot more captchas. And JS that shows event times based on your clock (say a schedule) will think your time zone is UTC.
Onelogin was audited, and they had a security breach a year later.
Intuit, also audited.
Twitch? They have had audits done.
So, you can continue to sit here on hacker news and bitch that it "hasn't been audited" and therefor you aren't "free", or some shit. But either way, you sound like jackass that knows nothing about technology or freedom.
Freedom is not synonymous with "free", as in not having a cost.
It can obviously be bypassed by using a JS runner, but it seems to be enough of a hurdle that few spammers bother. "You don't have to outrun the bear", as it were.