Nostr Web Client

I like this idea. It protects against attacks and encourages good behaviour without excluding new users.

Since you have asked for suggestions I couldn't resist writing a wall of text (sorry :)).

Like you, I’m not sure about automatically "nuking" accounts. One thing is certain though: automated moderation should be applied in steps, and banning should be a last resort.

For example, here’s an idea: First, mark all notes from an offending account as sensitive and severely rate limit it (e.g., limit Kind 1 notes to one every 30 minutes or so). Repeated dropped messages due to rate limiting should decrease the account score even further (but be careful here, as I've seen algorithms misbehave due to technical issues outside of the account holder's control). If the bad behaviour persists, stop propagating notes from this account for a fixed amount of time, say 48 hours. Also, record the account’s IP address. If multiple accounts using the same IP are misbehaving, then start dropping all messages coming from this IP for a longer period of time, e.g., one or two weeks.

Permanently banning an account or IP from a relay should be a last-resort manual action. I encourage a mechanism for community moderation, similar to Stack Overflow, so that not all of the onus falls on relay administrators. Community moderation would be more complex and would likely require a new NIP with a few new types of notes. One idea would be to allow trusted/high-reputation users to "vote" on the fate of an account after a certain number of reports. For instance, they could be sent a sample of the account’s notes and aggregate statistics, and vote to either "absolve" the account or impose a longer temporary (e.g., one month) or permanent ban. A minimum odd number of votes (e.g., five) would be required to take action, with the majority ruling. IP bans should probably be left only to moderators and highly trusted users. This group can also manually suspend or unsuspend accounts.

I’ve seen this type of system work well before. It’s highly effective at automatically mitigating spam and antisocial behaviour while giving users a fair(er/ishy) chance and encouraging community moderation. It also avoids Mastodon’s current curse, whith server admins burning out and giving up due to the sheer volume of moderation work on their plates.

Hopefully, this is helpful. I understand that such a system would be complex to implement and still vulnerable to abuse (community moderation is far from a solved problem). However, like most people-related issues, it’s a complex challenge that requires thoughtful solutions.

Let me know if I can help in any way.

Enki 1y ago

Ok so I should have explained the rep system a bit more. So far there are 4 trust levels untrusted, neutral, positive and trusted. Each level has different limits. If you maintain untrusted status for a set amount of time (default is a week but its configurable) you get dropped. So you don't get kicked off the relay right away. There is time to recover.

On your first example my only pushback is I don't like logging IP addresses for user privacy reasons and try to avoid it when I can, but IPs are also public so /shrug I might do this but right now I'm not. I kinda like the idea of lowering rep for repeated rate limit failures. This could help with bots that are not necessarily bad but post a lot if random stuff IE I've seen some bots that repost MSM news every minute or so, if no one was interacting they would be dropped eventually.

The community mod thing kinda sounds like what ditto does, but it's all on the relay admins to make the final decision on if they get kicked or not, but it's all based on user reports. (it's not a voting system like the one you describe, though) and that was kind of my attempt with the 1984 reports. They are weighted a bit stronger that normal things like spam check failure, and invalid Nip-05's

I'm debating making an admin interface that has things like banned Npubs or something so it's easy for admins to unblock people if they want. But right now it's not something I'm super worried about.

Reply to this note

Please Login to reply.

Discussion

Anthony Accioly 1y ago

Makes total sense, nostr:nprofile1qqsyfhqu9kuu877hhm5j2lkwk5478nuvgza00d3lgmjkkk9px8r57zcprfmhxue69uhkvun9v4kxz7fwwdhhvcnfwshxsmmnwshszxmhwden5te0w35x2en0wfjhxapwdehhxarjxyhxxmmd9uqsuamnwvaz7tmwdaejumr0dshszy0a9p. Thanks for replying to me and for the clarifications.

I honestly think IP logging is unavoidable. For example, think of the "EmojiGuy" attack, which bypassed spam filters. I know that we can always build increasingly sophisticated spam filters, but It's a game of cat and mouse — bad actors will find ways around even the most advanced systems.

EmojiGuy wasn’t even rotating IPs, only keys, and still managed to create chaos on multiple relays. Now imagine "EmojiGuy 2.0" using IPv6, rotating IPs over a /48 or /64 subnet. Then consider "EmojiGuy 3.0," spamming from a gazillion different IPv4 and IPv6 addresses. We’ll need a quick way to identify such attacks and temporarily block ranges of IPs to respond effectively.

The Ditto model is interesting. It’s close to what most Twitter-like tools running on top of ActivityPub are doing. Still, while community admin/mod tools are required to run a resilient server, they aren’t necessarily sufficient.

The likely result of Ditto's model is that folks running Ditto servers will soon realise that NIP-05 isn't enough to reliably identify users. We’ll likely end up with islands of Ditto servers whitelisting only other "trustworthy" domains (i.e., other Ditto servers and similar tools with user registration forms and centralised moderation). Don't get me wrong, it certainly works. The Fediverse is brilliant, and it has grown to its current size despite many defederated forks, blacklists, death threats to server admins and developers, etc. I'm a huge fan of ActivityPub and believe people are overcoming these challenges there. However, I hope that the Nostr experiment takes a different direction — at least for the sake of diversity and don’t putting all our eggs in the same basket.

I really like your idea of "user trust" with the right incentives to encourage good behaviour. IME this sort of gamification of user reputation works. Over time, hopefully, we'll have trustworthy users who not only self-manage and report bad behaviour but also actively participate in decision-making within community-managed relays (hence my focus on voting, achieving consensus, etc.). Of course, one step at a time — getting the "reputation" system in place alone is already a huge undertaking, and it's awesome that you're already working on it.

I hope my comments were helpful. As I mentioned before, I'm happy to help in any way I can. The more experiments we run to make Nostr resilient to attacks while still welcoming to new users, the better things will get. 💪