Just this guy, you know?
This is a useful and important topic, but there are some details in the writeup that are misleadingly explained and may reduce the trust in the overall explanation.
A lot of passwords are all-or-nothing. You either have full access to a service or no access to it.
It's really necessary to split authentication (authz) from authorization (authn). Passwords are authentication - they show identity of user. There are separate systems for what that identity is allowed to do. It's not the password that's all-or-nothing.
A security sandbox, such as one in a Docker container or a browser tab, can prevent an external service from accessing data inside it.
Almost exactly the opposite. The sandbox prevents things INSIDE from accessing data (except in very controlled ways) outside of it. Sandboxes makes it harder for an attacker to escape and hit other systems, not harder for an attacker who's got access to the host to get into the sandbox. In truth, there's a bit of both, as it makes it easier to secure the host when all "user work" happens in a sandbox.
Hmm. I can't tell whether this is an interesting or new take on the question of what is a "true" experience, or if it's just another case of picking something we can measure and then talking about why it's vaguely related to the real question.
Do you also compare HUMAN predictions of other human emotional responses, to determine if that prediction is always experienced as suffering itself?
One of my favorite banjo solos is in this video: (Gimme Some of That) Ol' Atonal Music - Merle Hazard feat. Alison Brown . It's extremely relevant to the post, as well - making the point that there are multiple levels to art appreciation. The video makes the distiction between emotion and thinking, or heart and brain, but your distinction about timeframes and types of impact (immediate pleasure vs changing/improving future interpretations of experiences) is valid as well.
That said, I'm not sure that it's the art which contains the differences, so much as the audience and what someone is putting into the experience of the art. Ok, both - some art supports more layers than others.
As I've gotten older, I note more and more problems with the literal interpretation of topics like these. This has made me change my default interpretation (and sometimes I mention it in my response) to a more charitable version, like "what are some of your enjoyable or recommended ...". In addition to the problems you mention, there are a few other important factors that make the direct "exactly one winner, legibly better than all others" interpretation problematic:
It's interesting to figure out how to make use of this multi-level model. Especially since personal judgement and punishment/reward (both officially and socially) IS the egregore - holding people accountable for their actions is indistinguishable from changing their incentives, right?
Mostly agreed - this argument fails to bridge (or even acknowledge) the is-ought gap, and it relies on very common (but probably not truly universal) experiences. I also am sad that it is based on avoidance instincts ("truly sucks") rather than seeking anything.
That said, it's a popular folk philosophy, for very good reasons. It's simple enough to understand, and seems to be applicable in a very wide range of situations. It's probably not "true" in the physics sense, but it's pretty true in the "workable for humans" sense.
There's probably a larger gap here than, say newton to einstein for gravity, but it's the same sort of distinction.
I'm not sure that AI boxing is a live debate anymore. People are lining up to give full web access to current limited-but-unknown-capabilities implementations, and there's not much reason to believe there will be any attempt at constraining the use or reach of more advanced versions.
This seems just like regular auth, just using a trusted 3P to re-anonymize. Maybe I'm missing something, though. It seems likely it won't provide much value if it's unbreakably anonymous (because it only takes a few stolen credentials to give an attacker access to fake-humanity), and doesn't provide sufficient anonymity for important uses if it's escrowed (such that the issuer CAN track identity and individual usage, even if they currently choose not to).
Interesting thought. I tend to agree that the endgame of ... protection from scalable attacks in general ... is lack of anonymity. Without identity, there can be no memory of behavior, and no prevention of abuse that's only harmful across multiple events/sources. I suspect it's a long way out, though.
Your proposed solution (paid IP whitelisting) is pretty painful - the vast majority of real users (and authorized scrapers) don't have a persistent enough address, or at least don't know that they do, to participate.
That's a fair bit of additional system complexity (though perhaps similar code-complexity, and fewer actual circuits). More importantly, it really just moves the problem out one level - now you worry about runaway or mutated controllers. You can make a tree of controllers-controlling-controllers, up to a small number of top-level controllers, with "only" logarithmic overhead, but it's still not clear why a supervisor bot is less risk than a distributed set of bots.