Nostr Web Client

Ultimately I don't think any open network can effectively deal with spam by either proof of work or by demanding micropayments to take part.

For proof of work, spammers with dedicated machines optimised for the particular work problem at hand can often in a few seconds generate more proof than a user on a low-end android device can generate in multiple human lifetimes. (It can get very silly, like the sun would burn out before the android device catches up.) So spammers will always out-work users.

This same failure mode also applies to micropayments. Spam is an industry. Dedicated spammers will always earn from their spam, be it via simple impressions, or as a front door to some scam or another, or by taking payment to bring someone else's system down, and so on. And it's the dedicated spammers you need to keep out, they will always appear at some point, typically once the impression base seems big enough. (Somewhere in Nostr's future.)

However the amount of money that dedicated spammers can earn from spamming the network is almost always more than what a user in a less developed country can pay to take part in the same network. And sometimes a user in a more developed country too.

Web of trust works to an extent, insofar as trust is paid for by time and persuasion. But web of trust is a perpetual chicken and egg problem, you have to have trust to earn trust and then how do you get started? It makes the new user experience painful, and networks like Nostr already have a high bar to entry, adding this trust-building obligation often means no growth at all, with abysmal retention rates. (That said once you're already in it's a pretty strong option.)

There are answers to the open-network spam problem that seem reasonable to me, but most revolve around small communities, not the town-square. So open networks but in contained spaces, which themselves are walking a fine semantic line between open and closed.

Technical Debt 3mo ago 💬 1

That’s a valid point. But…

“However the amount of money that dedicated spammers can earn from spamming the network is almost always more than what a user in a less developed country can pay to take part in the same network. And sometimes a user in a more developed country too.”

That’s a pessimistic assumption.

- PoW needs not to be ever increasing, this is not a blockchain

- the point of PoW/MP(micropayments) is not to eliminate spam altogether, there will always be a point of diminishing returns to increasing prices/difficulty

- maybe it’s worth to define what exactly we mean by spam: is it the flood of undesirable content? As seen on early bitchat geohashes? Is that annoying person begging for money once on random posts? Should we consider synthetic FUD funded by some sort of elite as spam? Etc

- PoW/MP is a viable way to, at the very least, rate-limit spammers in such permissionless/p2p/distributed systems, but it can’t stand alone

- ultimately we (IT) have come to the conclusion that security should be implemented in layers because annoying the attacker until either he gives up or some alarm rings is better than investing in one giant “impenetrable” layer. So there’s no shame in combining WoT with some sort of bootstrap list along PoW and common sense

Now it’s my personal opinion that MP is better than PoW, not only because it removes friction from end user’s devices but also because it can be an effective way to fund infrastructure. In this case, a wave of flood spam could turn into funding to develop better spam protections 🤣

But still, I think you’re right to think about the impact of well funded bad actors, though I don’t think they are usually called spammers.

Reply to this note

Please Login to reply.

Discussion

Garbage nsec 3mo ago

I agree that MP is a good way to fund the network. nostr:npub1h0uj825jgcr9lzxyp37ehasuenq070707pj63je07n8mkcsg3u0qnsrwx8 does it nicely.

But in terms of spam, I'm wary. If email moved to MP-per-email then I think the nigerian price emails would be back in force, the spammers (or scammers with a smap intake, to be precise) would happily match the average email user's spend. And from a user perspective, spam with intent to trick you and spam with intent to bother you is all the same, it's all spam.

Farcaster learned a sign up fee of $7 wasn't near enough, spam still abounded (I was there to see it) so they had to implement a lot of spam filtering on top, which they can do since they have just one main client. Now they call themselves "sufficiently decnetralised" instead of "decentrlised" since they decided they wanted that control. Spam is just too lucrative an industry for them to price it out, especially on a network with native-integrated payment.

Not that decentralised spam control can't work via PoW or MP, I'm sure it can, but if you push up the price or work high enough, or add enough layers to it, then the network just doesn't grow, and that defeats the goal of it being this vast open space.

I think it comes down to revisiting that goal.