I think your comparison to SSL is actually important, because encryption is a discrete problem with a discrete solution. But this WEI proposal is designed to detect botting, which is a cat and mouse problem without a clear end game.
Exactly, if people want to create bots, at the end of the days we'll end up with VMs running AutoHotkey and Chrome, or physical machines with fake mice and keyboards, or actual computer setups with robot arms moving the mouse around, there's no stopping bots
Well, not if you ultimately tie something like WEI to hardware attestation. Then fraudsters would have to buy additional devices, which is not a complete deterrent [1], but would change the economics significantly.
But many here are (in my view rightly) arguing that this would be too high a price to pay for bot/spam protection, since it would almost inevitably cement the browser, OS, and device monoculture even further.
