How about a sort of distance metric from user decisions to help filter out things like the idiot FaceBook video spam that's been going around?
I warn you: this is currently on an incredibly vague conceptual level.
Let's take a webapp as an example, with a number of widgets that have onClick handlers; and let's say that some lovely lovely person has worked out how to exploit some XSS hole in order to programatically simulate a series of user actions to - for example - spam all their friends.
This metric is then sent back with every HTTP request.
Thoughts? I know this is hopelessly naive, but it may be a starting point worth examining?
 I know this is ducking the problem slightly, but it's a thought experiment, dammit!
 Obvious examples: anything that causes a reload or relocation of the window; anything that changes the DOM; anything that performs an action on a user's behalf.