Yes, there is. The fact that the algorithm is secret raises the bar substantially, since you have to run experiments with the highest technical competence available to avoid making a mistake that shuts down your ability to experiment permanently. The algorithm does not need to actually consider every possible marker; the fact that it could is sufficient to require a careful hacker to do the work of compensating for all of them. With an open-source algorithm, every check is enumerated and can be handled in turn.
I don’t necessarily disagree that a transparent algorithm with configurable parameters is sufficient in this case, but it is dangerously wrong to suppose that it is guaranteed to be just as good as an opaque algorithm with comparable effort and skill invested. It won’t be, and the margins are small enough, unlike cryptography, that very modest advantages from obscurity can make the difference between 10 successful reverse engineers, or 1, or 0.1.
The SE mechanism for dealing with sock-puppetry/vote-fraud I am most familiar with gives site mods the ability to notice possible issues, but humans take over from there.
Where I was involved we tended to give marginal cases a little rope. These people often run a low impact test and then try to capitalize on the first thing that seemed to pass undetected.
I’m a bit late to this party, so I apologize if this was already sorted somewhere, but…
What about a module system that could take different kinds of spam detection/prevention? That would allow license-compliant use of closed-source tools on things like the main Codidact community instance, without putting it into the code base in any way (so contributors shouldn’t need to agree to the terms of the module, I don’t think), and would allow other community maintainers to use what they want on their own instances.
I don’t have all the technical implementation details fleshed out at the moment, but even if it’s just for the algorithm, itself, and then the main Codidact system determines what to do with things the spambot flags, I think it would provide the flexibility you’re looking for and ability for each instance to implement its own thing without having to expose what implementation its using if the maintainers don’t want to.