Replying to Avatar Mike Dilger ☑️

If starting over, proof-of-work might work.

Nostr software has explored a number of spam prevention mechanisms. Some of them are quite good. But one that didn't gain widespread adoption was proof-of-work.

I'm thinking of a PoW on public keys. If public keys must end in 28 zeroes or be rejected as invalid keys, this would require about 100 seconds of delay for someone to create a new identity. If handling a spam message takes only 10 seconds (probably less), then spammers would have to work 10x as hard as spam recipients to keep the spam flowing. That might not be enough to deter spammers entirely, but it would be an unavoidable cost in the equasion that could slow spam down. And of course other spam prevention techniques could also be in play, it doesn't interfere with any of them.

What do you think? If this isn't useful, or makes something important too hard to do, let me know. This would be for mosaic, not nostr, since nobody uses mosaic it can get these kinds of changes.
Avatar
Colby Serpa 4mo ago

PoW without difficulty adjustment is near useless in the grand scheme of things. Satoshi’s genius was the difficulty adjustment. HashCash existed long before — there’s a reason it never caught on for preventing e-mail spam.

Reply to this note

Please Login to reply.

Discussion

Avatar
Mike Dilger ☑️ 4mo ago

Yeah, difficulty adjustment I can do. I would just start at some difficulty, and announce ahead of time (maybe 6 months ahead) of the new difficulty. People would have to roll over their device keys before then if their PoW wasn't already high enough.

But I think nostr:npub12akj8hpakgzk6gygf9rzlm343nulpue3pgkx8jmvyeayh86cfrus4x6fdh 's point is the biggest problem. People's hardware is just too variant. Smartphones can't compete with spammer dedicated hardware, so there is no PoW which is easy enough for a smartphone and still too hard for a spammer with dedicated hardware.

And my point about the key generation not being the gating factor also has convinced me that this line of thinking is a dead end.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago

i'm so glad to hear this because i figured out about 7 years ago that proof of work can only work for one distributed system on the planet: bitcoin

the reasons being exactly what you just said - it's not possible for users to crunch this many hashes to get there, and because coordinating (difficulty adjustment) is difficult even with a strict and clock-driven adjustment consensus, based on the block discovery cycle being measured and averaged to target a specific time interval.

the only solution for spam resistance for the rest of the internet outside of the bitcoin protocol, is payments, and we have zaps, so it's really not that complicated, just that nobody has built it yet.

Avatar
cloud fodder 4mo ago

i agree, it doesnt make any sense, and thats why it didnt catch on for nostr either.

Avatar
Garbage nsec 4mo ago

Sadly yes, and this logic also applies to payments, so those saying micropayments of some kind to take in the network part fixes this are not entirely correct.

Spam is an industry. Dedicated spammers will always earn from their spam, be it via simple impressions, or as a front door to some scam or another, or taking payment to bring someone else's system down, and so on. And it's the dedicated spammers you need to keep out, they will always appear at some point, typically once the impression base seems big enough.

However the amount dedicated spammers can earn from spamming the network is almost always more than what a user in a less developed country can pay to take part in the same network. And sometimes in a more developed country too.

So you end up at the same failure mode.