ZeroNetX/ZeroNet

Anti-SPAM system ideas

Opened this issue · 5 comments

Making decentralized ID system that is reasonably SPAM bot protected is important.

On original ZeroNet is the issue with some ideas:
Antibot/antispam system to help prevent spam and allow community moderated sites

There is already mute list plugin and common blocklist available across network,. Yes, there is no official blocklist due to fact that, this may lead to favorable for certain individuals, but could be possible through contributions to single repo/site from community.

ContentFilter plugin is absolutely insufficient/ineffective to reduce automated SPAM since it is not used by default and is manually updated by human and SPAM can be generated by a machine fast and submitted from virtually unlimited IDs. ZeroID has some rate-limit per IP, but ZeroID can not be relied upon by now. I hope you understand now what i have meant and that ContentFilter is not a solution to the bot generated SPAM.

A system is needed where seeding and downloading is in balance. If someone doesn't seed, don't know to download. Seed the current downloaded data, or pay it if refuse to seeding. Who are high on average they download a lot and almost nothing seed back they are harmful to the operation of the network. And they participate in the operation of the network with malicious intent. One of the most effective methods a pay or seed system. All the biggest closed torrent sites are a working method.

See: HelloZeroNet#2769

In forums need a captcha system (on the closed network) before a user commenting, editing post, sending emails. This prevents to bots in bulk send comments.

Block-lists are a partial solutions to the spam problem, but they suffer from 2 main issues:

  • As @slrslr pointed out, they're opt-out. You have to see the spam to block it. Since creating accounts is costless, this is compounded
  • They're not shared. This means that every person has to see the spam to block it.

What's needed is a decentralized system built on explicit trust, such as a web-of-trust based system. This has the following traits:

  • Registration is done by contacting anyone who's already a member of the network - in practice, there exist automated services where all you have to do is to fill in a CAPTCHA
  • Spam filtering is done by deciding which users you trust - each user can adapt to their own definition of spam
  • There is no need for a central authority.
  • Spam is "automatically" hidden, as the trust you start out with is very low and so it takes very little - in the beginning - to knock you out of it.

Web of Trust is already implemented in FMS and works fine to prevent spam, and there are quite some detailed technological specifications on how it works that I can dig up if anyone's interested.

It might be worthwhile to bootstrap the Web of Trust from the existing set of CA-authorized users. Web of Trust also has the advantage of having portable identities that are not tied to any specific introduction point.

Non-solutions

  • It'd be possible to use proof of work, but it's not great since the punishment for legitimate users and spammers is the same, and nothing prevents spammers from just burning CPU cycles.

  • Blockchains will not help you here, and you should not suggest them.

@mx5kevin Putting network-level restrictions on seeding isn't viable as a spam prevention mechanism, and there's no way to enforce this with the current way the network is structured. (For example, what about people first joining who have nothing to seed?)

A CAPTCHA system works, but for it to be a good mechanism the CAPTCHAs have to hit spammers harder than legitimate users. Web of Trust systems can be combined with CAPTCHAs and/or Proof of Work, as they have been in FMS.

On the email system are easy way to block all spammers allow only sending bulk mails in accepted groups like in Skype without restrictions. Where the 2 users need to accept each other. The sender send a mail to the receiver and accept the sender. And block bulk email sending. Before sending a mail solve a CAPTCHA. And need to wait a time like 30 second the second mail before the user can send another. And the 3. mail 60 sec, 4. mail 120 second/24h. And can ban users to send us mails. It wouldn't work this way the Mail spamming.

To block malicious visitors in files and zites need to check the user download upload ratio. Who want to scan users with test downloads, testing sites with bulk, robots, there are not seeding back the downloaded content. And there is a spectacular difference in the download/seed ratio there. The solution is when the download ratio are too high and seed ratio are too minimal this point the file downloading are paused and continue when the user seeded back the data and the download upload ratio are OK. Content is not free in this network, users are paying with seeding. Not seeding are stealing, wasting the users money and resources. The cryptocurrency system are perfect for this if we change it to can not send it, sell it like money in wallets. All downloads and all seed collected together must calculated this. After all downloads and all seed collected together must calculated this and not per files calculated.

Both cases have a pattern of well-filtered behavior what the system can detect. And the two most damaging groups on the network.