Oddbean

It seems we’re exploring the bounds of a new “pick two” trilemma: 1) free to post 2) free of spam 3) free to connect with anyone The fundamental problem is that new users and spammers will be soon indistinguishable. LLMs will make sure that profiles are properly filled in with icons, the posts are unique, etc. I worry that IP filtering, rate limiting and anti-spam algos will just consume your time as you fight one fire after another and spammers quickly adapt to whatever you just did. With every fix, new users will lose visibility without recourse. I’m just thinking it’s best to solve the problem at the deeper level. eg. WoT plus an onboarding process for new users.

I don’t think of it that way, i see it as building better tools for detecting which connection sources are sending the most junk data, you can use statistical analysis based on the frequency of rate of write attempts. content based filtering seems unlikely at this rate considering how the spam is currently operating. I have a plan based purely on the rate of attempts, since we store that info in the rate limiter. This is fairly simple but will be even more effective once we start banning ips instead of just allowing 6 posts per minute, which still allows for a trickle of spam. Once these tools exist other relays operators can use them. rspamd is the same idea and its extremely useful. Im sure there will be more techniques into the future, but it’s a bare minimum for a public relay.

This makes sense. Spam is junk data. In order to be actually solution-focused which is what tf matters here… we don’t give the same rights to spam bots as we do real users. (Obvious to me, idk) There’s a pretty simple way to filter out the spam on a public relay level with data that is already captured. A fix it and fix it fast solution? Can someone let me know if I’m understanding this correctly? Rate limiting is “posts per minute” data… And IPs would be the IP addresses of identified spammers? Again all happening at the client level which can be toggled between or you can simply run your own relay and sift your own data?

That I don’t know… I don’t really understand everything happened at the client level. What I do understand is that it does, in fact, make the most sense to run your own relay and everyone run their own relay for us to truly have technical decentralization.

It’s a really hard problem for devs because spammers can use AI to create profiles that are practically indistinguishable from regular users. The fake profiles could be filled in complete with avatars, background image, etc. Imagine if every post with hit with 100 replies that you’re pretty sure aren’t real but you don’t know for certain. Spammers will use TOR and VPNs so if relays block those, they’ll harm the privacy of real users. (Eg I’m using TOR right now) Spammers can also target larger accounts or new users for abuse and can also flood your DMs with spam to make that unusable too. It’s a hard problem. No easy solutions. I’m personally in favor of the WoT model with a guided onboarding process for new users to get into the web of trust.

This was a really well thought out response and I appreciate it ☺️ I originally felt that WoT was ideal. Ultimately, I just believe that it should be up to the dev at the client level…. But only because I’m a freedom maxi. Your client app, your creation, your rules. The only reason it impacts decentralization, currently, is because there aren’t enough competing clients. Relays still allow for a decentralized experience… now if all clients coordinated, that is problematic for the network. That’s where it gets tricky for me because I come from places where we have events to reach consensus at a democratic level. But we can always spin up new relays and as nostr scales new clients here. So, it’s very different than most decentralized networks from my understanding.

Seems like this problem was already solved with Adam Back's proof of work. Read is free, but impose a physical cost to write. That cost has to be enough to make spam economically infeasible, but not so drastic as to impact anyone's ability to afford to write. The relay, client, and individual settings dictate the filter level of PoW cost to write. Some experience low or no spam, some experience higher value (more expensive) spam, some experience lots of spam... all based on preference. If the AIs create valuable enough "spam" then users will want to see it and the individuals paying to spam will be able to afford it. For a cost example, one sat per post would mean about $7 per year for 30 posts every day. Just making this up as I go, what are the problems with this strategy?

There’s nothing technically wrong with the strategy. A few things to consider: Spammers can also do PoW so it would slow them down but not stop them completely. Also, they could target specific accounts to focus the abuse. For example, all large accounts or only new users. A lot of people use their phones and PoW could have a deleterious effect on phone batteries. 🪫 It might be better to have the PoW upfront so the “price” is larger but paid once to create the account rather than each time to send a message. Especially if there was a way to quickly blacklist their accounts everywhere. I’m still thinking about a WoT model where new users must be sponsored (followed) by an existing user. The nostr clients offer a few guided options on how to get “into the club”. Some ways of getting sponsored: Attend a meetup / conference / real life and find an existing nostr user. Do a large PoW and send a DM to an existing user. Send a zap to an existing user. Etc.

We didn’t have proof of work… but we had sponsors, that’s how you got in. I got a very early clubhouse invite and it was such an ick vibe. People like thirsted for an invite?? … and then the people inside used it as leverage for control?? for what?? I wasn’t sure… because it was a madhouse environment just to feel like you were listening in on your corporate offices middle management meeting? And this is not the vibes for social media for divine creators… IMO

Great points. I agree it's not perfect, but each user could tune how much they want to slow down spammers vs not see valuable content. I like the upfront PoW cost as a further hurdle and I like the WoT / meet up layers as well. Maybe some of all of it. I suspect there is no silver bullet, but also that real Nostr users who put in the effort and PoW should have better visibility. Interesting about Gel's comment that this can turn into an elite club. Real world example in Club House. It will be fun to see how this evolves.

I offered this solution initially in a previous and that’s how I ended up circling back but what I haven’t got an answer on is… what does PoW require here? Do I need to complete a CAPTCHA or do I need upgraded GPUs? And if so, how is this ever going to take down meta?

“what does PoW require here?” Are you asking about how to technically implement it? Devs would probably need to make protocol changes to attach a hash “proof” with each message. Each proof would have a “difficulty” meaning the computational effort required. Presumably this would be dynamically adjusted over time. Your phone or computer would do this in the background. All you would notice is the delay, the battery consumption, and your phone getting hot. Take down meta? 🤔🤷‍♂️ Does it need to? Personally, I’m happy chatting with a few freedom loving bitcoin maxis. 😊

Love the discussion, thank you! Sorry I wasn't more explicit, but I meant use the Bitcoin network and existing PoW protocol. In other words, every post, like, and repost would require a one or more Satoshi transaction, but imbedded in the protocol, in your client. You can acquire those sats any way you ordinarily get sats... great quality content to earn zaps, buy them, mine, etc.

Inflation 😀 rates 😀 have slowed. Here's 🎉 what it 🌈 👍 means 🎉 for 🎉 🌈 Canadians 🎉 #canada #inflation https://nowtoronto.com/news/inflation-rates-have-slowed-heres-what-it-means-for-canadians/ 🔥

brainrot 👍 really is 💯 🔥 the best 👍 😀 way to make money https://varishangout.net/media/0d97db35-1f7b-4a34-b068-558c7ffa223b/image.png 🤔 https://varishangout.net/media/14ec23c0-d943-47d2-b0b9-aaae2e101395/image.png

Você já foi conhecer as 👍 outras instâncias 😀 dele? 🌈 Há dezenas delas. Se 🎉 uma sair do ar, ficar lenta, 🔥 inoperante, você 🔥 pode trocar para outra. E ainda 😀 levar as mesmas configurações com vo'cê simplesmente trocando 😀 o nome do domínio. 😀

At the end of the day, vpn users are not blocked because they can use other relays. I’m trying to stop spam for users of the damus relay, if vpn users were disrupted then nostr wouldn’t be decentralized. Use a paid relay to guarantee delivery, there are no guarantees on public relays. They are heavily rate limited and spam filtered

Canadian PM 🌈 🔥 🎉 Trudeau says 🎉 🤔 'there's 😀 😀 🌈 😀 👍 more 😀 work 😀 to 🌈 do' as his 🌈 party 🤔 loses long-held 👍 seat 💯 😀 in Quebec 😂 Canadian Prime Minister Trudeau 😂 faced the 😀 loss 👍 👍 💯 of his Liberal party at the ballot 😂 😂 box 🎉 on 🤔 🤔 Monday, 👍 saying 🎉 "there's more 😀 🤔 work 🤔 to do" 💯 as his approval 🎉 🌈 👍 🎉 numbers 👍 continue to 💯 fall. 😂 #press https://www.foxnews.com/world/canadian-pm-trudeau-says-theres-more-work-do-his-party-loses-long-held-seat-quebec?utm_source=press.coop 😀 💯 https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/09/931/523/Canada-PM-upset.jpg?ve=1&tl=1 👍 😀

https://www.times-series.co.uk/resources/images/18545454/?type=og-image Foreign 🔥 Office 🌈 urges 'calm 😂 heads' after deadly pager explosions in Lebanon https://www.times-series.co.uk/news/national/24592063.foreign-office-urges-calm-heads-deadly-pager-explosions-lebanon/

Idea a) note staging/triaging relays 'noob relays': relays that accept all notes, filter spam from them and offer a concentrated remainder as a service (wot rateable, 3rd party auditable service) Idea b) reverse auditing the timestamps of notes by an npub manually/visually (a visual representation of the time distribution may show obvious algoposting to human). could be displayed alongside a visual representation of a word frequency analysis sourced from the npub's past N notes; perhaps deviation from typical vocabulary is a usable metric Idea c) client sends a random bit of user data with the note. i.e. how long did it take between final character typed and 'submit note' was clicked? what deviation from straight line tangents were the mouse movements in the 3 seconds prior to posting? Was the note's text copy/pasted into the note editing box, or was it typed? Client sends just one of these bits of data to minimize making personal info public, but npubuser does not know which one will be sent, and so it is difficult to game, but helps to identify real users (and manual spammers).