Oddbean new post about login | logout The #ReplyGuy spammers have evolved and gotten craftier by removing a common string from their replies, defeating muted phrases. What’s our next line of defense? https://image.nostr.build/1689b28cd58102b44a242379806997305cd8567b79cab159e5b9a6c8adc15d49.jpg
Maybe muted words should apply to names as well nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug
He implemented it in the latest version
They do in 0.91.0
You guys implement feature requests quicker than I can think of them 😉
But if I mute “wss://“ as a phrase I’ll never learn about new relays. 😩
Not a spam arms race, those never work
Do you think leaning into PoW and WoT would end the race? I know coracle is handling this all quite well with it's WoT filters
Damus needs this.
A complete system that destroys spam would end the race. WoT is part of that, but it needs to be augmented with a bootstrap mechanism. The narrow gate into the network would be either social onboarding, or some kind of expiring proof of humanity (captchas attestations by a trusted provider for example).
indeed, the onramp is the primary weakness of WoT
proof of work will just end up being taken over by spammers web of trust is a much harder problem for them
How can they take over PoW? You either do the work or you don't. There is certainly a level of work that would make replying to every note instantly untenable, without being overly costly (or even noticeable) to the average user
ASICs lol something that casual users are not going to have at their disposal they can then spew out valid proofs at a far higher rate to make their garbage pass PoW filtering
scrypt solves this. ASICs can grind a lot of compute, but memory doesn't scale the same way
lol! that's what CHARLIE LEE said 13 years ago lol, see how that turned out? one of the last standing PoW coins but only because it's got such a big miner useerbase i still haven't heard a reasonable, cogent argument from any PoW antispammers on nostr explaining to me what happens when the amount of hashpower increases, they haven't even thought about the fact you need a consensus on the network hash rate in order to actually prevent spam! i hope you all enjoy your arse backwards method of antispam as much as this rake-boarder: https://i.imgflip.com/92smgz.jpg
We only note in gifs https://media.tenor.com/SSjroU0Ln_0AAAAC/he-is-growing-and-evolving-growing.gif
I just want to beat the author up. I would.
Embrace it!
Have we tried actually replying to them? https://i.nostr.build/OZPxcJY36DroxFKM.jpg
Blocked him off got annoying it's a good way to steal zaps
How did you block it?
Go to their profile top right 3 little circles click it block n hide button
That’s not enough, they just change npubs. https://image.nostr.build/923c1ee1cea0fcf52fb430df09ef375197d0284b6f6b81387246c9c62951175f.png
stop using public relays or relays that do not block them. You can also use Web of Trust relays, like wss://wot.girino.org (my WoT) wss://wot.nostr.party wss://nostrelites.org wss://wot.utxo.one or have your own WoT relay if you have enough linux/development experience ( https://github.com/bitvora/wot-relay ), made by @utxo the webmaster 🧑💻
Can I join your relay?
Hmm…. wot.nodestrich.com for the group to use?
Someone want to help me launch this?
Need to take a peek at the github a bit more, to understand it. Would want to run it off-node.
Can I just run it on a shared hosting webserver?
Sure could. Not sure how quickly storage would be eaten up, given it’s storing notes though. 🤷♂️
If someone can help me estimate bandwidth and storage costs I could probably figure out what we’d need.
I’ve not been in the relay game, so it might take reaching out to another relay runner for those details.
@Derek Ross @YEGHRO What should we do?
Hey buddy You need a 2 core 2 gig ram VM with like 100gb of space
that much space? I think 20 or 30 would be enough to last for a few years…
I bet after one day you're already at a gig I'm gonna build something to be able to purge old reactions notes tho
143M after almost 24 hours (more like 20 hours). Maybe i have too few friends? :-D
How big is your trust network? Mine is doing 1gb per day
wot-relay | 2024/09/08 12:58:50 🫂 network size: 10057 wot-relay | 2024/09/08 12:58:50 🔗 relays discovered: 150 wot-relay | 2024/09/08 12:58:50 🌐 updating trust network filter with 10057 keys wot-relay | 2024/09/08 12:58:50 📦 archiving trusted notes.
Hmmm my network size is 60,000 so that would explain it lol Maybe it's roughly 150mb/day/10,000 peers
So it would probably have to be a VPS. My hosting company has a 60GB and 130GB option. Starting at $15/mo on an annual plan. If anyone has a better recommendation I’ll take a look. I’m not trying to spend a ton of money right now.
I’ve got a VPS with a site on it that I haven’t looked at in a while. I think it’s minimal specs, but I’ll see what it is.
I can always redirect a subdomain to another server so if you or anyone else in the group wants to run it that’s an option.
look at Lowendbox blog or lowendtalk forums. they have some very cheap options there (like 4 dollars a month or 30 dollars a year)
Stats for the price look pretty good there, on a couple providers. The challenge is the storage is pretty low. Not sure how we’d add storage as we filled it up.
check those offers here: https://www.racknerd.com/BlackFriday/ there's one vps with 2 vCPU, 80 GB SSD, 4 GB RAM for 38.88/year.
Bandwidth seems to be very low but I haven’t measured yet (I run it at home, in my raspberry pi, and it Doesnt seem to interfere with my internet speed at all). As for space, it’s using just a few megabytes for now. I estimate it won’t go over 5GB/year For the wot Relay.
Use my WoT relay and utxo's WoT relay and paid relays.
Which WoT relay is yours? Would hosting my own with myself as the only allowed npub also help (in addition to paid relays)?
@The: Daniel⚡️ I’d say that’s what we start with. We can fire something up later, if need be?
Can we just clone one of these relays and run it under the nodestrich.com domain?
I’ve never run a wot relay before and it sounds interesting. I currently have 2 relays running. Nostream and strfry, Ive created filters to block unwanted things and have little issue with excess spam. But spammer get clever and I think I’d like to test out a WOT relay. So I’m considering just hosting one for the nodestrich community to see how it goes. An experiment if you will. Let me know what you think.
I would love it if you would and I’m sure we could get some contributions to cover the expenses.
It might be a stupid question but how do I use wot-relay? Say I created one. Do i add it to my relays? I still have multiple so the benefit is not to miss notes on mw wot. To block spam it would have to be the only inbox relay I am using. But that effect would be zeroed by outbox model. I am mighty confused. @utxo the webmaster 🧑💻 how do you intend to use it? #asknostr
use only wot and paid relays for "read" and use public relays for "write only" relays. (all clients i have allow me to make that distinction)
geez, is Damus the only client that is so much behind :(
They are a very small team with a long feature backlog.
Even if one has no experience doing this sort of thing I assure everyone reading that this relay is so easy to set up and run a mouthbreathing mongoloid with a sub 0 IQ could be coaxed to get it running.
That’s me… /opensmouthtobreath…
Trying to wrap my head around this. I’ve seen several people recommend a WOT solution and now you indicating it’s best to build your own since I would be at the center. Can you elaborate a bit more? Transparently I’m just trying to get the hang of coms on nostr and still need to build out my followers so to speak…so diving into creating my own Linux based WOT is 🤯 at the moment. Is a WOT basically a relay with me at the center and only the people I’m connected to? And their connections? (So like 3 levels deep) What if one of them is connected to moron 1 and moron 2 (aka replyguy/gal) that defeats the WOT right?!
You can use WoT from other people, but you not being the center means you might not get posts from some of the people you follow. This can be minimized by using several WoT relays, from several people, maximizing the chance you have all your friends covered. Bu still, the best solution is to use your own. About one of them connected to a moron, you just need to block the moron on your client. The problem we try to solve is not morons, but spam. If the spammer makes into the Wot, you just block him. If he creates a new key/user, he will no longer be in the WoT.
I appreciate your time replying. So if I dive into this WOT hosting thing… I basically want to ensure I have all my current friends npubs (which isn’t many as I’m just starting) documented so I can add them to my wot relay? Then it also probably makes sense to keep a core relay or two like Damus and Primal as to ensure I can see “new content” from people I’m not yet friends with. Correct?
just add your own pub key (not the npub, the "hex" version, use a site like https://nostrcheck.me/converter/ to convert npub to hex). The WoT-relay will fetch your friends and friends of friends addresses automatically.
Got it. Will test it out later today. Just to clarify for my brain, how will I then discover new people? (Ie will the Damus and Primal “feeds” still populate “latest” posts etc if they are not in my WOT)
What are the ways for us Mac guys to run a relay, in particular WOT?
Damn I haven't had any problems so far but I see what happened 😕 did u find the answer Daniel?
I’m limiting my relay set to paid, whitelisted, and web of trust (WoT).
Lol damn well I hope we find the solution I haven't seen any of it
It’s going to come down to web of trust.
Include an emoji only you would send and mute it
In every post? Would that mean I’m muting my own posts?
Hopefully muting is only for other users posts not your own 🤣 otherwise muting is pretty dumb. But essentially the bot responds with your post content so if you include something nobody else would you could technically remove it from your view
Kinda funny, might have to try it.
I don’t know how spammers would benefit from doing PoW. If the goal of these bots is to attempt to steal zap, it must be an extremely small amount of income, which would be wiped out by the cost of creating volumes of valid proofs.
can you mine bitcoin with a PC? what is the level of difference between them and what is the cost per hash, and time per hash, with current ASIC hardware? what makes you think that the same arms race won't play out on nostr PoW antispam? any conservative estimate is going to be wrong because it's probably based on the current size of the userbase and not on a future situation where half the internet has been driven off the mainstream social networks, that's hundreds of millions of users, and that's definitely a target for scammers
I’m just not seeing an economic benefit to scammers doing this here if it costs them even a little bit.
can you mine bitcoin with a PC? what is the level of difference between them and what is the cost per hash, and time per hash, with current ASIC hardware? what makes you think that the same arms race won't play out on nostr PoW antispam? any conservative estimate is going to be wrong because it's probably based on the current size of the userbase and not on a future situation where half the internet has been driven off the mainstream social networks, that's hundreds of millions of users, and that's definitely a target for scammers
I’m just not seeing an economic benefit to scammers doing this here if it costs them even a little bit.
Any way to look at it imo, spammers drive the cost of using the network up. I suppose WoT is the only one that doesn't here?
yep, it is the lowest cost spam limiter any spam limiting with a higher cost than calculating social graphs might as well just charge for relay access, you see? even simpler filtering for paid relays can literally be, only accepting events signed by paid subscribers, or you can make a second level with them and their follows, or you can go further and compute those graphs and update them every time a follow event shows up that was let through the filter, and the administrator can decide on an arbitrary accept threshold to apply, according to their stomach for fluff - but it might also be preferable for the users if they like to get off the beaten path a bit more these are all pretty cheap computationally, for the most part up to more than 4 billion users a 64 bit fingerprint of npubs is conflict resistant enough so it's really a small amount of memory being burned too
yep, it is the lowest cost spam limiter any spam limiting with a higher cost than calculating social graphs might as well just charge for relay access, you see? even simpler filtering for paid relays can literally be, only accepting events signed by paid subscribers, or you can make a second level with them and their follows, or you can go further and compute those graphs and update them every time a follow event shows up that was let through the filter, and the administrator can decide on an arbitrary accept threshold to apply, according to their stomach for fluff - but it might also be preferable for the users if they like to get off the beaten path a bit more these are all pretty cheap computationally, for the most part up to more than 4 billion users a 64 bit fingerprint of npubs is conflict resistant enough so it's really a small amount of memory being burned too
