On Friday 10 August 2007 22:58, Jerome Flesch wrote: > > PROPOSED SOLUTION: > > 0. ULPRs. (Node) > > Ultra-Lightweight Persistent Requests are the basis of all that follows. > > Essentially this is a means to limit the load caused by polling clients > > such as Frost, to get messages to the clients faster, and to make > > messages which have been lost by being in the wrong place findable if > > they are popular. > > > > Issues: If this is deployed without the below, it will only make spam > > easier, because the messages will be propagated even faster. > > > > 1. True Web of Trust. (Frost) > > Frost must publish the list of users marked manually by users. So if you > > trust a particular user, you automatically have (a slightly reduced) > > trust in the users that he trusts. If you then mark somebody as not > > trustworthy, Frost will ask you if you want to reevaluate the people who > > trust him, and indicate how many/which people you have marked as bad are > > trusted by those posters. > > > > Benefits: For oldies, faster propagation of trust in newbies etc. For > > newbies, if we ship an initial list of likely to be trustworthy posters, > > much faster assimilation; they can have a fairly usable Frost, minus > > spam. But we still need some experienced people to watch the boards for > > posts from newbies. > > With a WoT, if you accept to read the new-comers, you accept to read the > spam. So in the end, you risk to end with no-one reading anymore the posts > from the newbies.
Which is exactly what we have now. But newbies would propagate faster, once they have been accepted by somebody. > > > 2. Outbox Polling. (Frost) > > Frost, or some similar app, can poll outboxes of specific users rather > > than watching a global KSK queue. These might be global for that user > > (encrypted for specific boards), which might work well with ULPRs, or > > they might be per user per board. > > > > Prerequisites: ULPRs! This will generate a lot of traffic otherwise, but > > with ULPRs it should be feasible. > > Hm, stupid question : What are ULPRs ? Ultra-Lightweight Passive/Persistent Requests. See the wiki, basically nodes remember that you wanted a key for a while and propagate it back to the original requestors (and throttle requests for it which won't be satisfied anyway). > > > Benefits: For oldies, Frost will work efficiently and is completely > > immune to Message of Death attacks and similar KSK queue DoS'es. Note > > that we still need a means for newbies to introduce themselves, initially > > this would be a KSK queue. > > Issues: Currently threaded view with CHECK disabled works relatively > > well. It doesn't require explicit trust settings. Maybe we should have > > automatic marginal trust when you reply to an untrusted post, unless you > > tell Frost not to? > > > > > > > > 3. Thinkcash/Hashcash introductions. (Frost) > > Each poster can publish hashcash/thinkcash puzzles. The puzzle when > > solved yields a key, which enables a newbie to send a message to the > > poster. This message will be seen regardless of trust settings, and the > > poster will be given an initial marginal trust (OBSERVE??). After that, > > if nobody marks the newbie poster as bad, he can post freely, and his > > messages will be seen by the people who trust the original poster. > > Hm, and the hashcash should be sized to take how many time ? Because if it > takes less than 10 minutes, spamming is possible (some messages each 10 > minutes can be really annonying), and if it takes more than 10 minutes, I'm > note sure that most of the users will wait for the end of the process. They only need to do it once. And if it's only one spam every 10 minutes, that's a massive improvement on what's possible now. > > > IMPLEMENTATION > > > > I may implement ULPRs after opennet is ready. The rest will have to be > > implemented by Frost devs etc. > > Hm, can I suggest a fourth idea ? > > 4) Blacklists : > > - Let the user put the messages they don't like / the spams / troll's > identities in a blacklist. > - Let them upload on Freenet their blacklist. > - Let the other people filter the messages with this blacklist (and > possibly some others to make the filtering as good as possible) The spammer is now faking random identities, reusing them for a small number of posts (not because they're expensive but because they don't want to be blocked by a heuristic "this identity only made one post"). Unless identities are costly (and I have shown above one way for them to be), blacklists are of no use: There is no such thing as negative trust in cyberspace. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070811/dfc76a51/attachment.pgp>
