I agree with your sentiment, but I don't even understand what the rationale for singling out bots is. A user of the service is either causing problems for others or not. Whether that user happens to be a bot doesn't seem relevant to me.
HN does quite well without requiring anything other than an IP address. So does Mastodon. And mailing lists generally have no way of knowing even that!
Do please enlighten me. I've never provided more to HN than a user name and password. There's no third party JS (I just double checked). I suppose the first party JS could be performing aggressive fingerprinting but I doubt it.
(Of course they also have my entire post, view, and vote histories. Those are arguably far more sensitive than any PII I could possibly provide, but I seem to have developed a habit of repeatedly forcing that information on them so I guess that's on me.)
You've provided them with a username, under which you post, comment and view content. This is enough to identify you as an entity in the system and what it is you're doing. If what you're doing, based on heuristics and what you publish is having a bad effect on "the network", you can be blocked/stopped/warned.
I'm saying HN do anything of this, but I doubt they only look at your IP when you're interacting with the service.
If you reread the comment chain the original context had to do with collection of PII. HN has only my IP address (no email, phone number, credit card, or ID). I am well aware that data regarding user interactions can be highly sensitive but it's not what was being discussed.
HN does quite well without requiring anything other than an IP address. So does Mastodon. And mailing lists generally have no way of knowing even that!