Ask the many people who have made their first forum or mailing list post in the last couple weeks whether they believe the surprising map content was intentional or unintentional. 
I think itâs a good point to reflect on, because some vandals will be more persistent than even the most clueless of well-meaning mappers.
Countervandalism isnât just about keeping the content clean; itâs also about keeping the troublemakers out so they donât keep making trouble for us to clean up after, or I suppose your idea of quarantining them so that they waste their time. We can block vandals today, but how easy is it to evade a block, and how quickly do we catch block evasion? As I recall, we had an incident last year involving rapid account creation. Do we see sockpuppetry as an ongoing risk, or is it safely under control now?
The redaction bot did run at an awesome scale. Itâs still an after-the-fact mechanism though. Some of the people who have come in to complain about this wave of vandalism have been asking how we donât prevent obvious vandalism from entering the database in the first place. Maybe thatâs an unreasonable expectation, but I can see where theyâre coming from. It doesnât take a rocket scientist to realize that Andy Townsend isnât notable enough for his name to dash around the world like Santa Claus in December.
This flexibility to choose what to reject on the spot is very powerful. Folks have been quick to reject the idea of blocking edits based on a ânaughty word listâ, but I think this assumes a static word list, matched literally, that has to be developed out in the open at the same pace as all our other software.
As one of our wikiâs administrators, I appreciate the ability to set and modify rules on the fly. As with your script, the rules can be kept private and donât have to be easy for the vandal to figure out. But unlike your script, the rules can also perform a variety of automated actions in response to tripping a filter, such as quietly logging a violation, notifying the user, blocking the edit from saving, or even the nuclear option of immediately banning the user and anyone with their IP address. Unfortunately, I think the last time I floated something like this for OSM, someone reckoned that evaluating every upload in real time would be atrociously unperformant, so I havenât given it a lot more consideration. Iâd love to be proven wrong though!
(By the way, if you want to talk cybersecurityâ˘, one of the wikiâs abuse filters was inspired by an infamous case of accidental election interference a few years back. Iâll let you guess who.)