Hacker News new | comments | show | ask | jobs | submit login

jacquesm is known to give pretty exhaustive answers ;) I knew it wasn't an easy question, but the article seemed to indicate that at least some parties do indiscriminate blocking which struck me as rather dumb. Hence the question.

Some parties (including myself at one point in the past) block with low cost.

Suppose you're a microservice that does caching, fast-track authentication or similar. If you block a user, that user will have to spend several or even many seconds on reauthentication and/or cache refreshing, but that's the whole cost. Is your proper threshold for blocking high or low?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact