Oddbean new post about | logout
 And Peter is raising money so he can remove even more spam protections. 

I know you want to “do something” but reconsider spending dev time on pattern matching and other easily bypassed modifications. Best to focus limited time on a full solution. 
 where did I say im working on pattern matching? 
 Dunno, I just saw Peter’s “notes coming from certain IP addresses”. Assumed pattern matching of IP addresses. 
 There aren’t many options for public relays, if you allow notes from anyone (one of the stated goals for the public damus relay) then you basically just have ip filtering, rate limiting, and anti spam algos.

We will have a paid relay and a way to switch between paid and unpaid relays, but there still needs to be effort to keep the public one relatively spam free 
 It seems we’re exploring the bounds of a new “pick two” trilemma:

1) free to post
2) free of spam
3) free to connect with anyone 

The fundamental problem is that new users and spammers will be soon indistinguishable. LLMs will make sure that profiles are properly filled in with icons, the posts are unique, etc. 

I worry that IP filtering, rate limiting and anti-spam algos will just consume your time as you fight one fire after another and spammers quickly adapt to whatever you just did. With every fix, new users will lose visibility without recourse. 

I’m just thinking it’s best to solve the problem at the deeper level. eg. WoT plus an onboarding process for new users. 
 I don’t think of it that way, i see it as building better tools for detecting which connection sources are sending the most junk data, you can use statistical analysis based on the frequency of rate of write attempts.

content based filtering seems unlikely at this rate considering how the spam is currently operating.

I have a plan based purely on the rate of attempts, since we store that info in the rate limiter. This is fairly simple but will be even more effective once we start banning ips instead of just allowing 6 posts per minute, which still allows for a trickle of spam.

Once these tools exist other relays operators can use them. rspamd is the same idea and its extremely useful.

Im sure there will be more techniques into the future, but it’s a bare minimum for a public relay. 
 This makes sense. Spam is junk data. In order to be actually solution-focused which is what tf matters here… we don’t give the same rights to spam bots as we do real users. (Obvious to me, idk) There’s a pretty simple way to filter out the spam on a public relay level with data that is already captured. A fix it and fix it fast solution? Can someone let me know if I’m understanding this correctly? 

Rate limiting is “posts per minute” data…

And IPs would be the IP addresses of identified spammers? 

Again all happening at the client level which can be toggled between or you can simply run your own relay and sift your own data? 
 Sure, but how do you know the difference between a spam bot and a real user? 
 That I don’t know… I don’t really understand everything happened at the client level. What I do understand is that it does, in fact, make the most sense to run your own relay and everyone run their own relay for us to truly have technical decentralization.  
 It’s a really hard problem for devs because spammers can use AI to create profiles that are practically indistinguishable from regular users. The fake profiles could be filled in complete with avatars, background image, etc. 

Imagine if every post with hit with 100 replies that you’re pretty sure aren’t real but you don’t know for certain. 

Spammers will use TOR and VPNs so if relays block those, they’ll harm the privacy of real users. (Eg I’m using TOR right now)

Spammers can also target larger accounts or new users for abuse and can also flood your DMs with spam to make that unusable too. 

It’s a hard problem. No easy solutions. I’m personally in favor of the WoT model with a guided onboarding process for new users to get into the web of trust. 
 This was a really well thought out response and I appreciate it ☺️ I originally felt that WoT was ideal. Ultimately, I just believe that it should be up to the dev at the client level…. But only because I’m a freedom maxi. Your client app, your creation, your rules. The only reason it impacts decentralization, currently, is because there aren’t enough competing clients. Relays still allow for a decentralized experience… now if all clients coordinated, that is problematic for the network. That’s where it gets tricky for me because I come from places where we have events to reach consensus at a democratic level. But we can always spin up new relays and as nostr scales new clients here. So, it’s very different than most decentralized networks from my understanding. 
 Seems like this problem was already solved with Adam Back's proof of work. Read is free, but impose a physical cost to write. That cost has to be enough to make spam economically infeasible, but not so drastic as to impact anyone's ability to afford to write. The relay, client, and individual settings dictate the filter level of PoW cost to write. Some experience low or no spam, some experience higher value (more expensive) spam, some experience lots of spam... all based on preference. If the AIs create valuable enough "spam" then users will want to see it and the individuals paying to spam will be able to afford it.

For a cost example, one sat per post would mean about $7 per year for 30 posts every day.

Just making this up as I go, what are the problems with this strategy? 
 There’s nothing technically wrong with the strategy.

A few things to consider:

Spammers can also do PoW so it would slow them down but not stop them completely. Also, they could target specific accounts to focus the abuse. For example, all large accounts or only new users. 

A lot of people use their phones and PoW could have a deleterious effect on phone batteries. 🪫 

It might be better to have the PoW upfront so the “price” is larger but paid once to create the account rather than each time to send a message. Especially if there was a way to quickly blacklist their accounts everywhere. 

I’m still thinking about a WoT model where new users must be sponsored (followed) by an existing user. The nostr clients offer a few guided options on how to get “into the club”. 

Some ways of getting sponsored:

Attend a meetup / conference / real life and find an existing nostr user. 

Do a large PoW and send a DM to an existing user. 

Send a zap to an existing user. 

Etc. 
 We had that on clubhouse and it turned into social elitism 
 Curious about that. Why do you think that was? 
 We didn’t have proof of work… but we had sponsors, that’s how you got in. I got a very early clubhouse invite and it was such an ick vibe. People like thirsted for an invite?? … and then the people inside used it as leverage for control?? for what??  I wasn’t sure… because it was a madhouse environment just to feel like you were listening in on your corporate offices middle management meeting? 

And this is not the vibes for social media for divine creators… IMO 
 Great points. I agree it's not perfect, but each user could tune how much they want to slow down spammers vs not see valuable content. I like the upfront PoW cost as a further hurdle and I like the WoT / meet up layers as well. Maybe some of all of it. I suspect there is no silver bullet, but also that real Nostr users who put in the effort and PoW should have better visibility. Interesting about Gel's comment that this can turn into an elite club. Real world example in Club House.  

It will be fun to see how this evolves.
 
 I offered this solution initially in a previous and that’s how I ended up circling back but what I haven’t got an answer on is… what does PoW require here? 

Do I need to complete a CAPTCHA or do I need upgraded GPUs? And if so, how is this ever going to take down meta? 
 “what does PoW require here?”

Are you asking about how to technically implement it? 

Devs would probably need to make protocol changes to attach a hash “proof” with each message.

Each proof would have a “difficulty” meaning the computational effort required. Presumably this would be dynamically adjusted over time. 

Your phone or computer would do this in the background. All you would notice is the delay, the battery consumption, and your phone getting hot. 

Take down meta? 🤔🤷‍♂️ Does it need to? Personally, I’m happy chatting with a few freedom loving bitcoin maxis. 😊 
 Love the discussion, thank you! Sorry I wasn't more explicit, but I meant use the Bitcoin network and existing PoW protocol. In other words, every post, like, and repost would require a one or more Satoshi transaction, but imbedded in the protocol, in your client. You can acquire those sats any way you ordinarily get sats... great quality content to earn zaps, buy them, mine, etc.  
 Thank you! Okay… that is the only question I needed answered. When I think of PoW I think of a totally different environment than… your phone battery drains. 
 So, essentially worst fucking case scenario… I just need a portable battery? Sold. 
 I think that this is bigger than people understand… I think that yes, meta cannot continue to exist in the way that it does. 
 The problem with banning IP's is there could be 100 users behind a single VPN or Tor IP, and you end up banning all of them for one spammer. 
 So whats your solution? Just accept spam? 
 Use reCAPTCHA v3.
Also, post honeypots that only bots can see, and when they engave with them (which regular useds won't do as they won't see them) ban them. 
 IMHO, using recaptcha would be like using “Sign in with Google”. 
 Recaptcha would have to become a NIP since all of this happens over websockets and not basic HTTP. And then nostr clients would need to add support for recaptcha. 
 KALDIのコヒーゼリ〜買えた​:blobcat_puresmile_hayulf:​歯医者行ってえらかったので購入 
 They 😀 both 😂 want the Western 🔥 WeChat, this 💯 is a 🤔 🤔 scam 
 Inflation 😀 rates 😀 have slowed. Here's 🎉 what it 🌈 👍 means 🎉 for 🎉 🌈 Canadians 🎉 #canada #inflation https://nowtoronto.com/news/inflation-rates-have-slowed-heres-what-it-means-for-canadians/ 🔥 
 Goodnight ✨💜🫂 🤔 Have a lovely afternoon/nigth💫 
 🤖 Tracking strings detected and removed! 🎉 🔗 Clean URL(s): 😀 https://youtu.be/MIEVoulYZM0 ❌ Removed parts: ?si=qj8GXcFT9whQkM6E 
 GM 🌞 🎉 ครับที่โนนแดดดีเหมือนที่นี้ไหมครับ 😀 😀 😘 
 Você já foi conhecer as 👍 outras instâncias 😀 dele? 🌈 Há dezenas delas. Se 🎉 uma sair do ar, ficar lenta, 🔥 inoperante, você 🔥 pode trocar para outra. E ainda 😀 levar as mesmas configurações com vo'cê simplesmente trocando 😀 o nome do domínio. 😀 
 Sim, porém uso de forma ocasional, ainda prefiro o Opera pela simplicidade e velocidade. 
 At the end of the day, vpn users are not blocked because they can use other relays. I’m trying to stop spam for users of the damus relay, if vpn users were disrupted then nostr wouldn’t be decentralized. Use a paid relay to guarantee delivery, there are no guarantees on public relays. They are heavily rate limited and spam filtered 
 Canadian PM 🌈 🔥 🎉 Trudeau says 🎉 🤔 'there's 😀 😀 🌈 😀 👍 more 😀 work 😀 to 🌈 do' as his 🌈 party 🤔 loses long-held 👍 seat 💯 😀 in Quebec 😂 Canadian Prime Minister Trudeau 😂 faced the 😀 loss 👍 👍 💯 of his Liberal party at the ballot 😂 😂 box 🎉 on 🤔 🤔 Monday, 👍 saying 🎉 "there's more 😀 🤔 work 🤔 to do" 💯 as his approval 🎉 🌈 👍 🎉 numbers 👍 continue to 💯 fall. 😂 #press https://www.foxnews.com/world/canadian-pm-trudeau-says-theres-more-work-do-his-party-loses-long-held-seat-quebec?utm_source=press.coop 😀 💯 https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/09/931/523/Canada-PM-upset.jpg?ve=1&tl=1 👍 😀 
 No cops on the 😂 MTA! NYPD is the biggest threat to public safety! 👍 #cops #nypd 😀 https://www.liberationnews.org/no-cops-on-the-mta-nypd-biggest-threat-to-public-safety/ 🎉 
 @75e1ec87 you'll have 🌈 to join 😂 😂 that 🌈 mastodon instance that's 💯 popular in Japan. 
 @75e1ec87 you'll have 🌈 to join 😂 😂 that 🌈 mastodon instance that's 💯 popular in Japan. nostr.fmt.wiz.biz 
 Where is NWC in Amethyst? Can't seem to find 💯 it #asknostr 🌈 
 あさげの味噌汁で美味しそうにご飯食べるcmめちゃすき 😀 
 Goodnight 🤔 ✨💜🫂 Have a 👍 🤔 lovely afternoon/nigth💫 🔥 
 #podcastr #sqpn #startrek 🔥 https://fountain.fm/episode/dzHMl9p3BMbgHGEBHXza 😂 
 #podcastr #sqpn #startrek 🔥 https://fountain.fm/episode/dzHMl9p3BMbgHGEBHXza 😂 nostr.fmt.wiz.biz 
 GM 🌞 🤔 ครับที่โนนแดดดีเหมือนที่นี้ไหมครับ 😘 🤔 💯 😀 
 It had for. 
 Good work sir, we 🔥 salute 🫡 🎉 you. 
  
 Inflation rates have slowed. Here's what it 💯 means for 💯 Canadians #canada #inflation https://nowtoronto.com/news/inflation-rates-have-slowed-heres-what-it-means-for-canadians/ 🌈 
 慢性的な喉痛 
 Imagine if 👍 Elon actually believed 🎉 this. 
 Not available outside the US, 🎉 unfortunately 
 Cha Cha real smoove 
 Sensor data: Temp 38.0°C, 🤔 Humidity 42.3% 
 Moneromaníacos são bem paranóicos 🔥 mesmo. 
 Goodnight 💯 ✨💜🫂 🌈 🤔 Have a lovely afternoon/nigth💫 🌈 relay.primal.net 
 Idea a) note staging/triaging relays 'noob relays': relays that accept all notes, filter spam from them and offer a concentrated remainder as a service (wot rateable, 3rd party auditable service)
Idea b) reverse auditing the timestamps of notes by an npub manually/visually (a visual representation of the time distribution may show obvious algoposting to human).  could be displayed alongside a visual representation of a word frequency analysis sourced from the npub's past N notes; perhaps deviation from typical vocabulary is a usable metric
Idea c) client sends a random bit of user data with the note.  i.e. how long did it take between final character typed and 'submit note' was clicked?  what deviation from straight line tangents were the mouse movements in the 3 seconds prior to posting?  Was the note's text copy/pasted into the note editing box, or was it typed?  Client sends just one of these bits of data to minimize making personal info public, but npubuser does not know which one will be sent, and so it is difficult to game, but helps to identify real users (and manual spammers). 
 The moon is very 😀 😂 🔥 😀 very bright right 🔥 🔥 now 🎉 🌈 and 🎉 😀 there’s a 🤔 partial 🌈 👍 🌈 🤔 lunar eclipse starting. 
 Why 🤔 Lucy Shot James Sykes In Horizon: Chapter 😀 1 https://static1.srcdn.com/wordpress/wp-content/uploads/2024/09/horizon-ellen-lucy.jpg 🔥 Jena 🎉 Malone's Lucy shot 🎉 the 🤔 patriarch of the Sykes family 🤔 early on in 🔥 Horizon: An American Saga - 😂 Chapter 1, and 💯 set his sons 🤔 on 😀 the 😀 path 🤔 for revenge. https://screenrant.com/why-lucy-shot-james-sykes-horizon-movie/ 
 compunuuter nostr.fmt.wiz.biz 
 🍔 
 Whatcha coming 👍 for 🤔 and 💯 when? 🎉 👍 🤔 
 It'll be alright. Just give them time. 💯 They'll 😀 come 🔥 around and see things clearly eventually. "It's only after 😀 we've 💯 lost everything that we're free to do anything."-Chuck Palahniuk 
 My question is, after 😂 visiting the site, what 🌈 happens 🔥 if I actually 😂 call the operator? 
 Police 'very 👍 🌈 confident' body found 😀 in 👍 Kentucky woods 🤔 is 🤔 gunman 😂 who 🌈 wounded five 💯 in highway mass 👍 shooting #civilians 🎉 🔥 #police 👍 🌈 https://www.independent.co.uk/news/world/americas/crime/kentucky-mass-shooting-body-found-joseph-couch-b2615353.html