this post was submitted on 20 Feb 2024
642 points (99.2% liked)
Privacy
32177 readers
390 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
PoW...Prisoner of war?
That will also keep away bots.
You can only sign up if you've taken at least one Prisoner of War. Bots can't take prisoners of war for obvious reasons.
Kinda like how Aztec boys came into age in their society.
Proof of work. Example, bitcoin
How does this prove anything if using an emulator to bulk register bot accounts? Also, Signal Desktop is a thing.
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it's great for accessibility (normal captchas are terrible for it)
[0] I know, it's not technically a captcha.
Accessibility is very important to me as a blind user, and this helps tremendously.
Anything you use to autotranscribe images or are image uploads without alt text a nightmare?
Images w/o alt text suck
Ah bummer… I’ll do better!
Oh, neat. I was unfamiliar with PoW. Thanks!
Pow does not limit spam in bitcoin. Fees do. Pow is used as a decentralized election mecanism to distribute the block production.
I know what it is. It is not a barrier to entry though.
He explained why it is, so can you elaborate on why it's not?
Because it's not. I can spin any number of emulators or VMs that do any amount of work with a simple script, but that's all it does. How does it prove I'm anything but a scripted, virtual instance of a person with a device?
There's a reason why Telegram is flooded with bots, Signal as of now has not been.
Sure, if you had unlimited gpus with unlimited electricity then it wouldn't keep you from spinning up unlimited bots
Bruh. No GPU needed. I build multiplatform apps daily on GitHub Actions. Dafuq you talking about?
how do you produce unique hashes with the correctly sized nonce?
It's a time and resource gate, not a way to prove that you're a human.
Also doesn't Telegram require a phone number too?
You're in the wrong thread.
I'm really not. Did you want to try making a coherent point again? Or are you all tapped out?
Yes. Please explain again how compute == human
It doesn't... No one was claiming that...
Are you lost?
Dafuq are you talking about ? Telegram does need phone numbers for sign up
Check that
Of course it does.
Bots can buy phone numbers, hell, they can solve most captchas better than humans.
Telegram requires a phone number, so it clearly isn't working.
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
And how can a VM or emulator NOT do this?
Anything that can compute can do it. The important part is that it has an associated non-insignificant cost.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry...like a phone number. The idea is to STOP bots from signing up to Signal.
Are you missing the point maybe?
It stops bot FARMS from being feasible.
If preventing Jimmy Bumfuck from spinning up a couple sock puppets is your fear, yeah, PoW systems don't help. But those are rarely the problem.
For a phishing scam or astroturf operation to be worth it, you need tens of thousands of accounts all running the same script. Those get filtered hard by PoW systems.
Phone validation works just as well, and stops Jimmy Bumfuck from making sock accounts. But now every user must be stapled to a phone number. Maybe that's a worthwhile trade to you, but it sure doesn't seem to be to everyone replying to you.
It makes bots more expensive to create, therefore fewer will be created.
It doesn't stop anyone though. Expensive is relative when you convince a Grandma to give you her $1000 check for a $5 phone number.
Nah bro, you are.
It's ALSO possible to generate virtual phone numbers for a small cost.
Using a cryptographic PoW is a different small cost.
Either way, it only takes a small cost to prevent mass bot registration.
You're treating processing power and time as if it is 100% free just because it can be done in a VM. But it doesn't matter if it is a VM. It is still going to require at least some certain threshold of processor time, and that processor time has a real cost. For the kind of place that can just spin up thousands of VMs and use it to do massive bot registration... they could just be mining bitcoins instead.
It's not just whether you can do this. It's how much value it has vs what ELSE you could be doing with the time and energy. A Signal account is already worth vanishingly little as a spam tool, they just need to give it enough of a cost to make it not worthwhile.
By that standard, whats to stop people from just getting more phone numbers? Its just an additional cost.
Are you unfamiliar with the market? I can buy 100 numbers right now, but they will be hit or miss from landline known numbers.