Oddbean new post about login | logout Say goodbye to walk-in newbies if that happens...
Full write access to everyone is not an option. Unconnected newbies could maybe zap to get noticed.
I was a walk-in, with no idea Zaps were a thing. And I came from SSB, so not exactly untechnical. This DoS is actually very stupid and simple, and Nostr is choking. I get that our relay operators are volunteers and "weekend warriors", but man, its been 24 hrs...
Proof of Work? Then the walk in newbie doesn't need Bitcoin - just a nostr client...
There's a NIP for that already, and using it would stop an attack this primitive in its tracks
Users who are concerned about more sophisticated attacks could also benefit from adding context to their social graph so that the context can be factored in to their WoT calculation
Spammers have better resources for PoW than the average mobile user
Indeed, this is a tricky problem... Perhaps we will need to accept a combination of multiple approaches with their trade-offs.
I'm a walk-in newbie, no sats. I like participating. Proof-of-Posts/Participation(Work) is the way forward. Go beg/borrow/study FUTO's harbor social vouching process and see if there is something to learn or cooperate with their collaborative vouching model... I think it all depends on the network effect, so nostr will ace that, but FUTO has grayjay aced... So many wheels to reinvent. 🤔
That is also terrible for onboarding the (currently almost mythological) non-bitcointwitter newbies, who for the most part join here on zero sats. nostr:naddr1qqm8qun9wd6hqur0wd5kueedv4mx2unedahx2tt2da5kuuedveex7mfdvf5hgcm0d9h8gamfw36x2u3dwp4kymec0ypzp89qh469qapddgsrr8qw84xx08y7q34fm3cw3m64c2g9ufq9ydqtqvzqqqr4gu6ykx2j
How would you limit write access then? Storage and bandwidth are limited, and will be filled with spam unless you limit write access somehow.
24 hours of what? The spam?
A bot spammer is a lot more likely to be willing to zap "for attention" than a newbie. Also, you don't get to decide who has the right to write. Instead of spending so much time and energy trying to figure out ways to censor content and effectively make Nostr more vulnerable and unsafe to use, the tech-inclined minds could focus on developing more sophisticated client-side tools that empower users to curate their own feed themselves, the way they like.
How would you solve the spam problem (without it being "censorship")?
I just told you. Give users client-side more sophisticated solutions that allow them to curate their feed by themselves. Right now I can mute words, works OK at the basic level. Being able to block regular expressions would be even better.
Blocking by regex would be dope
Spammers would just start producing variant messages that won't match a regex
How to solve it on the relay side without blocking newbies?
I don't want any relay-side "solutions". That's what would make Nostr unsafe to use and, in fact, threaten its very existence.
Storage and bandwidth are limited, you can't give unlimited write access to everyone.
I hope we can do p2p between clients in the future, skipping the relay part
Nostr invite codes? Is that a silly idea? You could have receiver pays fees for people who already have sats. Or sender paid fee for people without sats. With a very small fee. (What is even a small fee that is also a spam deterrent?) How silly is this idea? Possibly incredibly silly and impractical #asknostr
Yeah, invite code to paid relay would be one simple solution to newbie-friendly spam prevention. This is not limiting anyone's freedom: users can always choose what clients and relays they use. What works best will be most popular.
Paying the fee is hard unless you're already a keen Bitcoiner, and are also quite sure Nostr is for you without having seen it. The invites is workable, but still, what about the "walk-ins" who read something about Nostr and decided to come check it out? Who are probably the majority of new users...
I suppose in this scenario (I'm not saying it will or should happen btw) the article the person would have read would also mention this invite codes mechanism. Not sure how that would work but um yeah lol. They would still need to go somewhere for an invite code. Or use a pow service like special purpose version of a pow posting service like getwired.app to ask for one? ¯\_(ツ)_/¯
i think pow is easy to implement without significantly affecting UX. if default difficulty is something like 10, no users are gonna notice, but spam reply bots suddenly require a lot more resources
yea that was also my thinking, PoW won't help for one-to-many spam (as the work can be amortized over many targeted users), but for mass DM/reply spam it might, a bit
I'm totally out of my depth in this thread. I merely just wanted to say I think it could scare off zero sats people. And now I have to read dev words I've never seen before in my life 🥲
More ideas, the better!