--
You received this message because you are subscribed to the Google Groups "twister-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to twister-dev...@googlegroups.com.
To post to this group, send email to twist...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
What is plain stupid is when a single user is able to register a thousand names a day. There is absolutely no reason we should allow that.
What is plain stupid is when a single user is able to register a thousand names a day. There is absolutely no reason we should allow that.
I'm a little confused - is this a technological problem or a social problem?
If it's social, then the free market should take care of it. For example, twitter could release an API that maps their user accounts to twister IDs: That way, the twister client would display @Microsoft (twitter verified) and behind the scenes deal with the twister-ID @Microsoft12oijaslkdj, which Microsoft linked it to. This would remove the market incentive to squat twister addresses.
If it's a technological problem, how about using the direct message system to slow down registration? For instance, a new user would have to send and receive a message from @twister in order to be verified, making it network-limited rather than hardware limited. I think anything we can do to keep the barrier to entry as low as possible is better.
however with your solution we still need to rely on this central authority which verifies the accounts to map them to real entities. if we were to depend on a central authority for that, i wouldn't have even started the name registration at all: any user is free to post their bitmessage address to their Twitter account profile, right?
btw, why do you trust Twitter to tell you who Microsoft is? Is it acceptable that a central authority like that is able to selectively point you to a different mapping, so that a windows upgrade you receive (signed by Microsoft12oijaslkdj's key) could be actually a tool to spy on you?
what prevents the same user from sending a thousand of simultaneous requests to @twister in order to get all those verified at the same time? we can't tell that all the requests came from the same guy. delaying all registrations in bloc doesn't solve the problem.
Just had a better idea from what I proposed: what if the new user needs to be validated by another user, but the two accounts have to be separated by a certain number of blocks. So a new user with no friends can still validate himself, but he would be forced to register the two accounts at different times.
Good point. I give up. Until next time, anyway :)
The idea is not bad,but point 3. The reason is "No bill of attainder or ex post facto law shall be passed."
http://en.wikipedia.org/wiki/Ex_post_facto_law This is a common rule to make a rule. I would register a @Microsoft_Global rather than buy it
,because the seller still keep private key after selling username.
+1 for memory hard POW.
How much pain is it to switch POW algorithms in the protocol? Will the blockchain need to be reset?
Very new but concerned about the Post registration process. Can the algorithms be configured in a way that they would adjust according to processor base of the applying user? For example both the Dual-Quad Xeon and Atom would finish processing at the same time. Let us say the process is set for a 4 hour run time This would be long enough to be inconvenient for mass registration but not too long for base users to register two or three IDs for personal, business or other use.
why do we need a username registered at all?
--
You received this message because you are subscribed to a topic in the Google Groups "twister-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/twister-dev/dMc82UrD40I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to twister-dev...@googlegroups.com.
This in fact is an important feature of twister. With public keys instead of usernames, there would'nt be a uniquely identified name.
Even if you know your friends by public key, that wouldn't stop someone from impersonating you to people that somehow never got your key. He would just enter exactly the same name as you with another public key.
I don't think social network users want to be known by some key - that is hard to speak, read or remember - and force each follower to check or copy-paste a key before adding them to his feed.
But that's not why people are concerned about name squatting. The major reason is about needlessly increasing twister's block, adding even network payload.
Yes there would, it would be a private key, which is just another string of chars like the username...
Hi people,
Ok, i've promised to some guys in twister to discuss the current idea to stop name squatting, or at least reduce it to an acceptable level.
2) User registration would allow about two weeks of "grace period". This is good so users can start using twister right away. But within two weeks they would need to "confirm" their registration.
4) Confirmation would be a really costly POW, like Scrypt-based with large memory settings, bcrypt or Dagger. My suggestion is about one or two days of computing time in a low-level PC (eg. Core 2 Duo).
- This idea still gives advantage to people with big hardware to register a lot of users. Ok, life is unfair and it's not my fault ;-)
- A standalone multiplatform app for windows/linux will be provided to generate the POW. This way, users of mobile phones would be able to copy-paste some information into the standalone POW generator and then copy-paste back the result to their phones to complete the validation procedure.
Hi people,
Ok, i've promised to some guys in twister to discuss the current idea to stop name squatting, or at least reduce it to an acceptable level.
As i've mentioned before, i don't care if somebody registers "microsoft" before the other (a little more well-known) brand owner do. He might even try to resell that name later, that's not my business either. What is plain stupid is when a single user is able to register a thousand names a day. There is absolutely no reason we should allow that.
So my current plan is to deploy an username confirmation in twister in the next few months.
Here is how it would work:
1) User registers as usual. We already have a small POW of a couple of minutes in a standard PC, but this is nothing to someone with big mining hardware. Also this is standard Bitcoin's hash, so ASIC mining makes it pretty easy to forge thousands of accounts in no time.
2) User registration would allow about two weeks of "grace period". This is good so users can start using twister right away. But within two weeks they would need to "confirm" their registration.
3) Existing users (including all name squatting) will be notified they
will need to do the confirmation as well. They will have two weeks
counting from the time the new rule is put in place.
4) Confirmation would be a really costly POW, like Scrypt-based with large memory settings, bcrypt or Dagger. My suggestion is about one or two days of computing time in a low-level PC (eg. Core 2 Duo). This is probabilistic, so it may take longer. Of course, newer hardware will be able to obtain it in less than a day.
Notes:
- Both existing and new users will have only a two-week period to produce the confirmation. Confirmation can't be pre-calculated.
- Even squatters won't have enough computer power to validate all their thousand usernames within that two week period. They will need to choose what usernames to prioritize.
- If they don't make it, the username becomes available for registration again. This time however, the registration must include the confirmation POW in order to be accepted. The difference here is that anybody will be able to take this username: the new registration+confirmation combo of expired usernames are not required to be signed by the original key owner.
- This idea still gives advantage to people with big hardware to register a lot of users. Ok, life is unfair and it's not my fault ;-) There is, however, an direct cost in leaving your computer running for a full day. There is also the indirect cost of not mining profitable Bitcoin or Litecoin with the same hardware. People will have to choose.
- A standalone multiplatform app for windows/linux will be provided to generate the POW. This way, users of mobile phones would be able to copy-paste some information into the standalone POW generator and then copy-paste back the result to their phones to complete the validation procedure.