The #ReplyGuy spammers have evolved and gotten craftier by removing a common string from their replies, defeating muted phrases.
What’s our next line of defense?
Discussion
Maybe muted words should apply to names as well
nostr:npub1zafcms4xya5ap9zr7xxr0jlrtrattwlesytn2s42030lzu0dwlzqpd26k5 nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s nostr:npub1yaul8k059377u9lsu67de7y637w4jtgeuwcmh5n7788l6xnlnrgs3tvjmf
Then they will just dynamically change their name. Damus just needs the friend filter to apply to threads
He implemented it in the latest version
Not a spam arms race, those never work
Do you think leaning into PoW and WoT would end the race? I know coracle is handling this all quite well with it's WoT filters
Damus needs this.
A complete system that destroys spam would end the race. WoT is part of that, but it needs to be augmented with a bootstrap mechanism. The narrow gate into the network would be either social onboarding, or some kind of expiring proof of humanity (captchas attestations by a trusted provider for example).
proof of work will just end up being taken over by spammers
web of trust is a much harder problem for them
How can they take over PoW? You either do the work or you don't. There is certainly a level of work that would make replying to every note instantly untenable, without being overly costly (or even noticeable) to the average user
ASICs lol
something that casual users are not going to have at their disposal
they can then spew out valid proofs at a far higher rate to make their garbage pass PoW filtering
It adds a cost to an activity that currently has none... PoW is the best onboarding solution to WoT that I've seen.
I don’t know how spammers would benefit from doing PoW. If the goal of these bots is to attempt to steal zap, it must be an extremely small amount of income, which would be wiped out by the cost of creating volumes of valid proofs.
can you mine bitcoin with a PC?
what is the level of difference between them and what is the cost per hash, and time per hash, with current ASIC hardware?
what makes you think that the same arms race won't play out on nostr PoW antispam?
any conservative estimate is going to be wrong because it's probably based on the current size of the userbase and not on a future situation where half the internet has been driven off the mainstream social networks, that's hundreds of millions of users, and that's definitely a target for scammers
I’m just not seeing an economic benefit to scammers doing this here if it costs them even a little bit.
you are bearish on nostr then
and i guarantee that whatever they pay will be less than the average user by orders of magnitude, and if you end up having to pay for PoW then why not just skip wasting energy on it
Any way to look at it imo, spammers drive the cost of using the network up. I suppose WoT is the only one that doesn't here?
yep, it is the lowest cost spam limiter
any spam limiting with a higher cost than calculating social graphs might as well just charge for relay access, you see?
even simpler filtering for paid relays can literally be, only accepting events signed by paid subscribers, or you can make a second level with them and their follows, or you can go further and compute those graphs and update them every time a follow event shows up that was let through the filter, and the administrator can decide on an arbitrary accept threshold to apply, according to their stomach for fluff - but it might also be preferable for the users if they like to get off the beaten path a bit more
these are all pretty cheap computationally, for the most part up to more than 4 billion users a 64 bit fingerprint of npubs is conflict resistant enough so it's really a small amount of memory being burned too
Know the Knuth: “Premature optimization is the root of all evil” 😉
scrypt solves this. ASICs can grind a lot of compute, but memory doesn't scale the same way
lol! that's what CHARLIE LEE said 13 years ago lol, see how that turned out?
one of the last standing PoW coins but only because it's got such a big miner useerbase
i still haven't heard a reasonable, cogent argument from any PoW antispammers on nostr explaining to me what happens when the amount of hashpower increases, they haven't even thought about the fact you need a consensus on the network hash rate in order to actually prevent spam!
i hope you all enjoy your arse backwards method of antispam as much as this rake-boarder:
I like ❤️
We only note in gifs
Must upload a passport, a drivers license and proof of home address to get permission to create an nsec.
Have we tried actually replying to them? 
Pitchforks?
Blocked him off got annoying it's a good way to steal zaps
How did you block it?
Go to their profile top right 3 little circles click it block n hide button
That’s not enough, they just change npubs. 
stop using public relays or relays that do not block them.
You can also use Web of Trust relays, like
wss://wot.girino.org (my WoT)
wss://wot.nostr.party
wss://nostrelites.org
wss://wot.utxo.one
or have your own WoT relay if you have enough linux/development experience ( https://github.com/bitvora/wot-relay ), made by nostr:npub1utx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4s7r50e8
Can I join your relay?
fell free to join, but ideally you should build your own, since the Web of trust is "centered" on you and your friends. (in the case of my relay, me and my friends).
I also have a public relay where i managed to filter the spammer for the time being, if you wish to join it too: wss://nostr.girino.org
Hmm…. wot.nodestrich.com for the group to use?
Someone want to help me launch this?
Need to take a peek at the github a bit more, to understand it. Would want to run it off-node.
Can I just run it on a shared hosting webserver?
Sure could. Not sure how quickly storage would be eaten up, given it’s storing notes though. 🤷♂️
If someone can help me estimate bandwidth and storage costs I could probably figure out what we’d need.
I’ve not been in the relay game, so it might take reaching out to another relay runner for those details.
nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424 nostr:npub1lqs30x7466guvx6r2cek8z9d4hpucycy7j08wx58cwx70m206q3qrscejr What should we do?
Hey buddy
You need a 2 core 2 gig ram VM with like 100gb of space
that much space? I think 20 or 30 would be enough to last for a few years…
I bet after one day you're already at a gig
I'm gonna build something to be able to purge old reactions notes tho
143M after almost 24 hours (more like 20 hours). Maybe i have too few friends? :-D
How big is your trust network? Mine is doing 1gb per day
wot-relay | 2024/09/08 12:58:50 🫂 network size: 10057
wot-relay | 2024/09/08 12:58:50 🔗 relays discovered: 150
wot-relay | 2024/09/08 12:58:50 🌐 updating trust network filter with 10057 keys
wot-relay | 2024/09/08 12:58:50 📦 archiving trusted notes.
So it would probably have to be a VPS. My hosting company has a 60GB and 130GB option. Starting at $15/mo on an annual plan. If anyone has a better recommendation I’ll take a look. I’m not trying to spend a ton of money right now.
I’ve got a VPS with a site on it that I haven’t looked at in a while. I think it’s minimal specs, but I’ll see what it is.
I can always redirect a subdomain to another server so if you or anyone else in the group wants to run it that’s an option.
hah. Only 8GB storage left, out of 25. So I’d be looking at something else. I’ll look at what my provider offers. I think the challenge is finding enough disk space and still being economical.
look at Lowendbox blog or lowendtalk forums. they have some very cheap options there (like 4 dollars a month or 30 dollars a year)
Stats for the price look pretty good there, on a couple providers. The challenge is the storage is pretty low. Not sure how we’d add storage as we filled it up.
check those offers here: https://www.racknerd.com/BlackFriday/
there's one vps with 2 vCPU, 80 GB SSD, 4 GB RAM for 38.88/year.
Bandwidth seems to be very low but I haven’t measured yet (I run it at home, in my raspberry pi, and it Doesnt seem to interfere with my internet speed at all). As for space, it’s using just a few megabytes for now. I estimate it won’t go over 5GB/year For the wot Relay.
Use my WoT relay and utxo's WoT relay and paid relays.
nostr:npub1aeh2zw4elewy5682lxc6xnlqzjnxksq303gwu2npfaxd49vmde6qcq4nwx I’d say that’s what we start with. We can fire something up later, if need be?
Can we just clone one of these relays and run it under the nodestrich.com domain?
I’d assume so. I do have that relay running on a teeny VPS, but I don’t know what else needs to be done to make sure all Nostriches can use it.
I’ve never run a wot relay before and it sounds interesting. I currently have 2 relays running. Nostream and strfry, Ive created filters to block unwanted things and have little issue with excess spam. But spammer get clever and I think I’d like to test out a WOT relay.
So I’m considering just hosting one for the nodestrich community to see how it goes.
An experiment if you will. Let me know what you think.
I would love it if you would and I’m sure we could get some contributions to cover the expenses.
I’ll look into different options of WoT relays and choose one to get up and running. Once I feel ready I’ll let you know and we can figure out the the dns and domain name routining so that the site address is wotrelayname.nodestrich.com.
It might be a stupid question but how do I use wot-relay?
Say I created one.
Do i add it to my relays? I still have multiple so the benefit is not to miss notes on mw wot.
To block spam it would have to be the only inbox relay I am using.
But that effect would be zeroed by outbox model.
I am mighty confused.
nostr:npub1utx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4s7r50e8 how do you intend to use it?
#asknostr
Even if one has no experience doing this sort of thing I assure everyone reading that this relay is so easy to set up and run a mouthbreathing mongoloid with a sub 0 IQ could be coaxed to get it running.
That’s me… /opensmouthtobreath…
Trying to wrap my head around this.
I’ve seen several people recommend a WOT solution and now you indicating it’s best to build your own since I would be at the center.
Can you elaborate a bit more?
Transparently I’m just trying to get the hang of coms on nostr and still need to build out my followers so to speak…so diving into creating my own Linux based WOT is 🤯 at the moment.
Is a WOT basically a relay with me at the center and only the people I’m connected to? And their connections? (So like 3 levels deep)
What if one of them is connected to moron 1 and moron 2 (aka replyguy/gal) that defeats the WOT right?!
You can use WoT from other people, but you not being the center means you might not get posts from some of the people you follow.
This can be minimized by using several WoT relays, from several people, maximizing the chance you have all your friends covered. Bu still, the best solution is to use your own.
About one of them connected to a moron, you just need to block the moron on your client. The problem we try to solve is not morons, but spam. If the spammer makes into the Wot, you just block him. If he creates a new key/user, he will no longer be in the WoT.
I appreciate your time replying.
So if I dive into this WOT hosting thing…
I basically want to ensure I have all my current friends npubs (which isn’t many as I’m just starting) documented so I can add them to my wot relay?
Then it also probably makes sense to keep a core relay or two like Damus and Primal as to ensure I can see “new content” from people I’m not yet friends with. Correct?
just add your own pub key (not the npub, the "hex" version, use a site like https://nostrcheck.me/converter/ to convert npub to hex). The WoT-relay will fetch your friends and friends of friends addresses automatically.
Got it. Will test it out later today.
Just to clarify for my brain, how will I then discover new people?
(Ie will the Damus and Primal “feeds” still populate “latest” posts etc if they are not in my WOT)
Damn I haven't had any problems so far but I see what happened 😕 did u find the answer Daniel?
I’m limiting my relay set to paid, whitelisted, and web of trust (WoT).
Include an emoji only you would send and mute it
In every post? Would that mean I’m muting my own posts?