Ah, ok. Just the obvious for now, then.

Let's hope the spammers don't figure out how to use Private Browsing, because that'll invalidate the cookie authentication init string and reduce flummox detection; quite an effective way of bypassing the kernel sockpuppet identifier.

What'd be even worse is if they used two laptops at once; then you couldn't even use the IPv10 MAC address detection to identify their shared machine, because they'd be using different computers. But I suppose that wouldn't have much of an advantage as regards the paumed protection.

Of course, a manual check would make it clear what they were doing immediately, so I suppose it wouldn't be too much of a problem.

Edit: It'd be especially problematic if they used a homoglyph attack to make all of their usernames look similar; then even a manual check wouldn't succeed because you wouldn't be able to see that separate users were involved in the first place!