Creating an identity on nostr is basically free. So imagine an attacker creates a whole new network of nibs following each other, exactly replicating the structure of the real network of npubs, same structure.
The two graphs are isomorfic, so any graph analysis will yield the same result. Hence, if you don't have a pov (e.g brand new npubs that don't follow anyone) you can't distinguish between the two, hence my focus on PoW for this case.
Actually, this could be a problem for brand new npubs starting with zero known contacts, but it seems a quite rare case. I think the normality is to be onboarded at least by a friend, or discovering a new app/platform, where I interacted with legittimate users. I would not overcomplicate things. Btw, IRL connections win.
This is the most difficult part.
A brand new npub doesn't have a wot network from his pov, but that's not a big deal - onboarding client should ask them about their content preferences/hashtags and even if user doesn't choose to follow someone and get his wot seeded, client could use some popular accounts from the topics user has chosen to serve as temporary wot sources.
The bigger problem is that relays can't distinguish a brand new npub from spam. I.e. if someone big tweets about nostr and a wave of new people comes in short time, it's indistinguishable from a spam attack from a botnet. And pow doesn't help much - you'd need something like 100 seconds of mobile cpu to produce pow equivalent to 1 sat - and I bet reply-scammers earn way more than 1 sat per event they post.
I keep getting back to this issue in my head from time to time, and still can't find a good general solution, only whack-a-mole. Users can be protected from spam by wot, but public relays designed to onboard new users can't. Unless we attach some extra signal to new users (pow? 1 sat? some version of your pow endorsement?) while keeping the friction low.
Any ideas how "pow endorsement" could be practically applied to onboarding users at scale with low friction?
because the values are computed from your position on the graph the fact they have weak links to the rest of the network will still diminish their ranks
Indeed. The problem arises only when a malicious client exclusively uses it's own malicious relays where the fake social network is totally detached.
ofc, but that's why I said "if u don't have a pov", meaning u are a new users that doesn't follow anyone.
that is probably a bad place to start, but also pretty uncommon, almost everyone knows someone who says "i'm on nostr" and they first follow them even if there is no onboarding procedure
