Proper form for a public FMS outproxy?

Fri, 19 Jul 2019 18:41:21 -0700 

Hi,
There's a lot of projects aiming to create decentralized forums. One of them is, as you know, FMS. 


FMS has the obvious downside of having to install Freenet, along with 
the various Web of Trust hassle.



Another one was Usenet. And a later project following the same idea, 
NNTPchan.



Now, my idea is this: You set up a public (onion or clearnet) frontend 
where you can make and read posts, with its back-end being FMS.



(It would be possible to further extend this concept too. For instance, 
what's stopping anyone from registering a new FMS identity, a new e-mail 
account, writing some code, and exposing this mailing list over FMS? The 
possibilities are endless, and all such applications would automatically 
peer with one another by virtue of using the same common back-end)



Frontends would be disposable and dime-a-dozen; a front-end with too 
picky trust lists could get replaced by any other, a front-end with too 
lax posting standards would get blacklisted, and a front-end with too 
harsh posting standards wouldn't get used by anybody.



This has some pretty significant upsides. For one, it's not possible to 
take out the whole network of nodes, as happened to NNTPchan. So 
assuming Freenet isn't taken down, you have a server with absolutely no 
interesting content and an indestructible backend. With the backend on a 
hidden service and a clearnet server just passing through HTTPS, 
adversaries wouldn't even have anything to go on. And in Europe, the 
operator of a proxy has absolutely no legal responsibility anyway, as 
long as he doesn't interfere with the content.



This makes FMS -> frontend trivial: copy all messages with high enough 
trust score, carry out no filtering at all, done. No need to filter 
piracy/CP more than the network already does.



But how about the other way around? Since users would be anonymous or at 
least psuedonymous, the FMS model for spam filtering breaks down. If you 
would put a CAPTCHA for posting, the amount of spam would be very low, 
but there still might be some which would cause it to get blacklisted by 
some users.



My idea is that each user posting would get some kind of unique name 
(e.g. truncated salted IP hash, or for Tor users a cookie they need to 
solve say 20 captchas to get - maybe you could do JS PoW or something 
like that). Then the frontend would post with its key but that name. It 
would also assign message trust slightly above zero, but no list trust.



Do you think this would work? It's a bit ugly taking the IPs, but not 
disastrously bad. The server wouldn't need to do any IP banning of 
pathological cases. It could carry out basic spam filtering (e.g. 
Bayes), but it wouldn't have to. Captchas might be possible to replace 
with rate limits.



Specifically, a user that didn't like this would set list trust of the 
master identity to 0. Do you reckon this would happen?





















					Reply via email to