As I recently mentioned on the forum, we’re currently dealing with a pretty big influx of SEO spammers. That is, we’re dealing with a ton of automated activity from a small number of human actors.
Of course, countless web services have been through this. You might want to build a signup-free app so people can use and try it quickly — but if it can be used to create content on the internet, it will be abused. You might want to offer user accounts without email registration so people can preserve their privacy — but if that account grants more abilities to create content on the web, it’ll be abused eventually.
I find it amusing that we’ve slowly ended up just doing what many other services do, over our six years. But that doesn’t mean I think we should always pre-optimize for abuse, and avoid building software as if we were in an ideal world, devoid of spammers.
Our platform has attracted its own kind of spam, and I’ve gotten to know it well. So over time, we’ve been able to carve out and mitigate it, while still maintaining those user-friendly and privacy-preserving features I always wanted. Sometimes we get a little heavy-handed (such as with IP bans), just because it’s expedient at the time. But no matter what, moderation actions are easy to undo, and we keep a human around to quickly fix any mistakes — overall, I think, a decent balance.