Thanks for the write up. 

 Best to ignore counts and focus on the interaction and the person behind each interaction. 

 dis 

 We still have work to do when it comes to hardening our relays. Thanks for your research, Ron!
nostr:nevent1qqs26rt96st5qmakfd0czllh083p8ll5my2zqumd8zajwkm2a0fnrjgpzemhxue69uhhqatjwpkx2un9d3shjtnrdakj7q3qqjtnsj6hks7pq7nh3pcyv2gpha5wp6zc8vew9qt9vd2rcpvhsjjqxpqqqqqqzjdahqa 

 Hello there! 

Did you consider adding a how web of trust fixes this segment 👀 

 I did not for this exercise. Web of trust isn't a great control by itself as others like PGP/GPG have tried it prior and it's manipulatable as well.  

 That would probably have been better to test, honestly. 
What you did so far is essentially already known and accepted.

I’m curious how WOT doesn’t work when everyone’s public keys are available. 

 How would WoT apply to other event types though? I can spam whatever data and event types I want, regardless of follower algorithms. 

 If the sender pubkey is not in the WoT the entire event is discarded, event type is irrelevant 

 For sure, followers, engagement, zaps can all be borked, comments now with LLMS can be pretty unique and seem like real engagement

I really like coracles web of trust metric, I'm sure it can also be spoofed with enough time, but any layer helps slightly 

 Thanks for the info! 

 WoT goes 96% of the way to solving this problem, we'll figure the remaining 4% out in-flight.  

 For followers it may, but how does that prevent me from spamming various event types? I'm looking at the bigger picture relay wise.  

 Content is the real treasure, as you said. I am happy to know that my artwork was created by me since I made it and enjoyed doing it. 

 Relays can use a WoT score to prevent spam of any kind  

 u not gonna open source ur script .... (jk)  

 Interesting experiment. Nostr's decentralized relay can avoid malicious network attacks. And it will not affect the use of the client. 

 Have you heard of Dan? 

 What if we signed a Bitcoin transaction with our Nostr public key with a significant amount of money in the address. Then it would allow us to filter address and interact with only signed address. 100 dollars every signed transaction would be too expensive to make millions of accounts. 
I've known for years that high followers count on most profiles were fake on every platform because you could easily purchase followers. It is just a matter of time when you can purchase followers on Nostr.
We need a way to verify if someone is real or not. Maybe others could sign a transaction verifying your identify.
Eventually someone will think of a system. The dead internet theory still lives on.
Most of the internet is fake with bots pretending to be human. 

 On your takeaways:

> - over half the Nostr listed relays are using some sort of spam mitigation technique(s)

That's great to know! 

> - the attack was still achieveable

Attack of what exactly? You wasted 10gb of space on some relays, and got to top on one app. Other apps were fine.

> - socal media is easily manipulated

Nostr? That specific app?

>  follower counts and engagement are worthless

They work in some context and not in others. For algos, i.e. that order profiles by popularity, fc is bad, which was always known, and no "spam prevention" will change that.

> - content is the real treasure

How can this insight help improve the app that you attacked? How can it help prevent spam?
 

 Breaking news: NOBODY HERE CARES ABOUT FOLLOWERS 

 That's truth!  

 https://thank-god-for-nostr.simplecast.com/episodes/pipellia 

 I dig the experiment… there’s plenty in there that’ll help improve some apps and relays

It’s worth noting that you now have 1+ million followers who look like NPC’s following 1 person 0 followers 0 posts 0 interactions 

You can start faking lots of these, like getting the NPC’s to follow each other and make generic posts 

I used scripts like this in the 00’s (turn of the century😳) to beat Googles Page Rank algorithm… it worked back then… it wouldn’t work now 

Quality over quantity… it’s too easy to spot low quality accounts… this too can be automated 

You’re the first to highlight an old problem… thankfully there’s established solutions 

Quality experiment ser… I applaud your thinking 🫡 

 Good lesson. Well played :) 

 Tldr

He wrote a script. 


nostr:nevent1qqs26rt96st5qmakfd0czllh083p8ll5my2zqumd8zajwkm2a0fnrjgprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqgsqf9ecfdtmg0qs0fmcsuzx9yqm768qapvrkvhzs9jkx4puqktcffqrqsqqqqqp7dq5d6 

 Now do one for how to get a million zaps 😉  

 Easy. Two wallets, two accounts. Zap publicly, funnel back privately. Rinse, repeat. 

 Insight is the real treasure.  

 > The ease with which follower counts and engagement metrics can be manipulated calls into question the authenticity of online personas and the credibility of social media as a whole

Mate, followers count has always been possible to manipulate, no big deal.

I am writing a paper for how to fix these issues, and for the most part it's about changing the perspective.

More soon

nostr:note145xkt4qhgphmvj6ls9llw70zz0llfkg5ypek6w9myadk467nx8ysu5r6jz