Oddbean new post about login | logout Muting reply guys is not effective, they are creating a new pubkey for each reply
My thing is why? Like…..what the fuck are they getting out of it? So annoying.
Maybe they really want us to work on WoT and more advanced spam filtering 😅
Wot cuts out new people with no recourse for them to be discovered. Filtering non-nip5 verified profiles is a better solution.
New people could ping someone they know out of bound, or use ecash. Nip5 can also be used if you have (web of) trusted domains, especially when something like Ditto takes off. Client side muting still allows people to peak into their replies and repost/zap someone into their web of trust. Different clients and relays can try a combination of things. nostr:note1cjq2ucwkh83x43juvu7fs0nn5lwjz6a4vasxwz4478v04ql85f4s5dvhj9
nip05 is not verification, its utterly trivial for spammers to have a nip05
They are going to purchase a new domain for each bot? Nip-5 providers would be incentivised not to let spamers use them less there whole domain gets muted.
This ☝️ Clients should allow Users to filter/mute by NIP05. No NIP05 then I don’t want to see your replies. Put the onus on NIP05 providers to not allow their service to be abused by spammers lest all their community get filtered out, then spammers only have the option of doing it from their own domains which can more easily be blocked and will quickly cost too much to be worthwhile.
nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug https://media.tenor.com/sE9zbaYH_ecAAAAC/hfsp-this.gif nostr:nevent1qqsvrd89fp7dxf9pd7rqdl3j9gy50zy7a22r4rpk3t0mvt89umnh4rgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygru5ek5ze43da22z6rgryd6r33cd2tkvf85vd8n39keke6q5wyv5vpsgqqqqqqs67apsn
Spammers can just create a GitHub project, put the nip05 verification there as a GitHub Page and be valid for free. So, I don't really thing this does much. All they need is a free hosting service. They can even use their own personal computer at home behind a Tor connection to serve as the NIP05 address. They can even use Orbot and get their phones to reply to the nip05 verification.
Then I’d simply add GitHub domains to my NIP05 filter? Not sure how the Tor version works or what that NIP05 would look like?
No, you could do it on a case-by-case basis at the sub domain level. (At least that's what I would do)
You can do one Tor domain with 200,000 pre-generates keys or split them into a few hundred domains. Or just use IP directly.
So we would filter the one Tor domain? Directly using IP is a problem for the spammer moreso than it is the network. Maybe I’m missing something here but you’ve not explained why this wouldn’t work, you’ve just given more things that I’d want to filter out.
My nip-5 on the same btcpay server (except .onion) is not coming back valid so what are we talking about? https://i.nostr.build/JpuQfdioMYnQKs6k.jpg
I cannot access your server from here. That's why it's invalid. But Tor addresses work on Nip 05.
ReplyGuy@2jsnlhfnelig5acq6iacydmzdbdmg7xwunm4xl6qwbvzacw4lwrjmlyd.onion 🤣
Why wouldn’t I just filter out anyone on a .onion in that case?
Hosting (expecially a static site) can be free or extremely cheap, but a domain has a cost associated with it. A free GitHub page will be at the domain: https://<username>.github.io/ They could set up a infinite amount of accounts yes but with captas /verification codes in between they would need to do it manually. I don't think it'll stop spammers all together however I do believe it will make it very difficult if not impossible to automate.
What are the best tools atm to achieve this? Bot filters with captchas?
Using relays with paid gateways to become whitelisted. https://relay.nostr.com.au for example ain’t relaying Reply Guys.
Cool concept! Does that really keep out bots or just make it more expansive to run bot nets at scale?
Yes it keeps out the bots. They have to pay to have their npubs whitelisted and they ain’t doing that. Spam only works when its marginal cost approaches zero.
would zapping the nip-05 provider for identification help?
Yes captas and non-free service would be tools for you. But you still may need to do some moderation as Nostr takes off more.
just a.kid with too much time on their hand probably, they do it exactly because it's easy to do and causes a lot of annoyance, was the same with IRC in the 90's
Phase 1: cause netsplit. Phase 2: join empty channel with ops on split server. Phase 3: wait for netsplit to resolve, deop all other ops and take over channel. Until networks build advanced channel registrations. Feeling all nostalgic now.
This was really bound to happen sooner or later and in all honesty this is the absolute least amount of annoyance they could cause. It could be so much worse. This is easy because better filtering will be introduced and we will be better prepared for the things that will be far worse.
#Amethyst solved this..
I like Amethyst and I have it installed on a Pixel with a GrapheneOS. But that phone stays in my apocalypse drawer until the actual apocalypse. I just can't stand Android UX and the crappy build quality of that device :-) Oh and for testing of course.
No. No they didn't.
