In Tor I don't know how PoW is used.
Bitcoin is different. PoW is the goal of the game of signing a block. Every miner competes to complete the PoW before the others, and the first who completes wins and appends the next block. You cannot move this schema to relays. There is no "competitive game" to publish the next note or anything similar.
But it works. People wait the 10 minutes and the spam is filtered.
And with Tor it's basically the same as with email except with coders that did it instead of writing a paper saying it wouldn't work π
Interesting. I will search and read about that.
But I don't think you can wait 10 minutes of intensive computing on a smartphone to just send a message - it would make nostr unusable, and onboarding almost impossible.
I feel like the onboarding success rate would be higher than it is for paid relays or relays clogged with spam
So I now understand that Tor nodes can enable PoW as a defense mechanism against DDoS attacks, as described in
https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/327-pow-over-intro.txt
The goal is to mitigate connection-level flooding, such as when a botnet with thousands of compromised machines overwhelms onion services by initiating millions of introduction requests.
This is fundamentally a DDoS prevention mechanism, not an anti-spam strategy.
In contrast, if (or when?) Nostr relays are flooded with millions of spammy notes per second, one might consider applying a similar PoW-based throttleβe.g., requiring a 20-bit PoW, which takes about one second to compute. This would theoretically reduce the spam rate to thousands of notes per second per spammer node.
Would this actually be effective as an anti-spam?
Seems to me like it should be effective
And DDoS is definitely a type of spam
PoW is effective in the context of DDoS attacks, where an attacker generates millions of connections in a short time. In such cases, even a small computational cost per request, when multiplied by millions, becomes significant for the attacker, but remains manageable for legitimate users.
Spam, however, is a different problem. A spammer publishing just 1,000 notes per hour could still inflict substantial damage on Nostr relays, overwhelming storage and flooding the relay global feed. In this case, the computational cost of PoW (especially at < difficulty levels) is negligible for the attacker and not a meaningful deterrent.
The situation is much closer to the email spam problem, where PoW was also explored and ultimately abandoned due to its ineffectiveness. In fact, Nostr's case is arguably simpler from the spammerβs perspective: notes are public, require no targeting, and have virtually no delivery constraints.
So my initial point remains: NIP-13 is unlikely to be effective as a spam prevention mechanism, just as PoW proved ineffective against spam emails.
You're definitely wrong
If it didn't work with a simple threshold for what difficulty level is needed to join the web of trust, it would just need a simple formula accounting for things like whether there are any links, as I said before
Yes, restricting PoW to users outside the WoT is a thing, and makes somewhat sense.
But still I don't understand why not captchas or similar in this scenario. These are more effective than PoW, as they burn human mental resources, not just cheap CPU cycles, and are hard to automate.
I don't believe captchas are necessarily harder for bots than humans but definitely also worth a try since I could be wrong on that π€
