Title: Decentralized, Bitcoin-based anti-spam solution Post by: d5000 on September 25, 2018, 11:24:58 AM Currently, many web services which were offering cool and often free ("as in beer") things like anonymous E-mail accounts (e.g. Disroot (https://disroot.org), Teknik (https://teknik.io)) are closing or restricting access, claiming problems with spammers.
I have thought about a very simple anti-spam solution for this kind of services that would not need any centralized third party and was completely Bitcoin-based. It's meant as an alternative to PoW-based concepts like Hashcash (it could be viewed as the "proof-of-stake version of Hashcash" ;), even if the scope is not identical, as it's not meant for single e-mails). The core idea is:
This has the following effects and advantages (if we assume the "deadline" is one month after registration): - The service can stay completely free, as the customer can move the funds to an own address. - The service provider can always check that the customer is following the rules. He doesn't have to control Bitcoin funds, he does not even need a Bitcoin client as he can use block explorers. - If the customer wants to create several accounts, he must move funds to different addresses and "freeze" them for a certain time. This makes it costly to create many accounts and adds volatility risk for the attacker. - Alternatively he could create one address per month, but this is not enough to create massive spam accounts. - For customers of "nerd-oriented" services like Disroot it shouldn't be complicated to move the Bitcoins and sign the message. Alternatively, a software for that purpose could be developed. - Compared to a PoW-based protection, it's more complicated and also probably more costly to automate the process. Thoughts? It's only a pretty raw idea, and it's possible that it already was implemented or even is well-known already. If yes, then I would like a comment with a link to the implementation, as I would like to suggest this to Disroot and other services. Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: Vod on September 25, 2018, 11:28:21 AM
Once a user sends out his spam email, why would he/she care if you close the account? Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: d5000 on September 25, 2018, 11:39:48 AM
Once a user sends out his spam email, why would he/she care if you close the account? He could create e.g. one account per day, moving the funds each day to another address and not caring about the account to be closed, but that would already reduce server load for the service, compared to situations where a spammer can open several accounts each day with throwaway email addresses and Captcha crowdworkers. If there are problems with customers following this kind of "attack approach" to open several spam accounts, such a kind of "transaction chain" could be detected, and the service could prohibit this kind of behavior. Also, the spammer would have to pay transaction fees each time he moves the coins. Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: HeRetiK on September 25, 2018, 01:44:34 PM It's an interesting approach, but I'm also doubtful it would be all that effective.
Most large email providers already apply (centralized) anti-bot measures of their own that likely serve as higher barrier of entries than what you describe (ie. requiring a phone number for verification or a small donation). Smaller email providers that don't bother with such anti-bot measures probably won't bother with the coin-holding approach either. Additionally I'm under the impression that large scale spammers have long since transcended centralized email providers. Most seem to run email servers of their own, playing the anti-anti-spam-filter game at a wholly different level (eg. trying to circumvent their mail servers and domains from being blacklisted). Obviously the points above only consider email accounts. Other services may be a better fit for such a solution. Still, I think the coins would need to be actually at stake for this approach to be effective (eg. by keeping the coins in escrow or timelocked until a certain grace period). Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: d5000 on September 25, 2018, 03:36:25 PM Most large email providers already apply (centralized) anti-bot measures of their own that likely serve as higher barrier of entries than what you describe (ie. requiring a phone number for verification or a small donation). Smaller email providers that don't bother with such anti-bot measures probably won't bother with the coin-holding approach either. The approach is clearly targeted to these "anonymous" service providers like Disroot. These companies/organizations wouldn't like to do phone number verification because of privacy reasons. And it shouldn't be difficult for them to implement a software service connecting to block explorers to verify the customer's compliance with the "don't move the coins for a month" rule. Ideally an open source solution for that purpose would be created.Quote Additionally I'm under the impression that large scale spammers have long since transcended centralized email providers. Most seem to run email servers of their own, playing the anti-anti-spam-filter game at a wholly different level (eg. trying to circumvent their mail servers and domains from being blacklisted). Yep, that may be true. This isn't a general anti-spam solution, but a solution for a subgroup of email and other social services like forums. (The "Copper membership" here at BCT inspired me a bit ;) )Quote Still, I think the coins would need to be actually at stake for this approach to be effective (eg. by keeping the coins in escrow or timelocked until a certain grace period). Requiring a timelock in the transaction (via CLTV/CSV) is interesting, thanks for the suggestion!I have also thought about an escrow approach (e.g. a contract where the customer can only move the coins after a month has passed, while the service provider can "confiscate" the coins if the customer malbehaves). But the drawback is that the service would need to run a Bitcoin node and take care for its security, which may be difficult for small e-mail providers or forums. It could be interesting though once such a service achieves a certain scale. Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: davis196 on September 29, 2018, 06:24:56 AM If you idea was really implemented,99% of your customers would run away from your service and switch to the "free" spam-friendly services. ;D
Nobody wants to send bitcoins to an escrow address just to use an email service.It's just isn't convenient and user-friendly.Phone or ID verification can do a way better job with fighting spammers. Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: HeRetiK on September 29, 2018, 09:50:56 AM If you idea was really implemented,99% of your customers would run away from your service and switch to the "free" spam-friendly services. ;D Nobody wants to send bitcoins to an escrow address just to use an email service.It's just isn't convenient and user-friendly.Phone or ID verification can do a way better job with fighting spammers. OP mentioned above that this approach would target a privacy-centric userbase for which phone or ID verification are not an option. While the majority of users don't care about their privacy and personal data there's definitely a need for less intrusive anti-spam measures. Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: d5000 on October 03, 2018, 03:49:46 AM If you idea was really implemented,99% of your customers would run away from your service and switch to the "free" spam-friendly services. ;D In addition to what HeRetiK already wrote, ID verification is very expensive (you would have high labor costs) and phone verification is possible to get "gamed" by scammers with throw-away numbers. It could be an option for the provider, though, to offer phone verification and the proposed "Bitcoin deposit proof" in parallel - so privacy-aware customers could select the Bitcoin deposit method and all others the phone verification.Nobody wants to send bitcoins to an escrow address just to use an email service.It's just isn't convenient and user-friendly.Phone or ID verification can do a way better job with fighting spammers. And the concept does not require an escrow. The coins are still fully under your control, even in the variant with CLTV. Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: Lotus on October 03, 2018, 05:53:01 AM This seems to be focusing on the "sender" side of the story. Spammers don't have an incentive to use these providers, they will just fine one that is spam-friendly and use it.
Title: Re: Decentralized, Bitcoin-based anti-spam solution Post by: d5000 on October 03, 2018, 11:45:16 AM This seems to be focusing on the "sender" side of the story. Spammers don't have an incentive to use these providers, they will just fine one that is spam-friendly and use it. At the contrary ... it focuses on the provider and its cost on fighting spammers.The reason why the privacy-aware services I mentioned in the OP are discontinuing services is because their costs to fight spammers become too high. With the proposed system, as you say, they wouldn't use these service anymore because of the high costs (both in logistics and for financing the "security deposit") - and the goal would have been achieved. On the long term, if more small email providers used a similar solution (bigger providers already use well-working, but very expensive mechanisms) then the spam problem could even be diminished globally, as spammers would have an increasingly hard time to find a suitable provider. |