Fwd: [Google Wave APIs] Re: spam
2 views
Skip to first unread message
David Fuelling
Jun 5, 2009, 12:37:19 PM6/5/09
to oin...@googlegroups.com
---------- Forwarded message ----------
From: David Fuelling <sapp...@gmail.com>
Date: Fri, Jun 5, 2009 at 4:30 PM
Subject: Re: [Google Wave APIs] Re: spam
To: google-...@googlegroups.com
Very timely post.
I recently posted a very-draft-spec that formalizes something very close to your idea. It's called OInvite (http://oinvite.net), and it provides a protocol for sending and receiving spam-free, cross-domain "friend requests".
Basically, in a social-network-like system (like Wave), message spam is less of an issue because of the friend-list, which provides each user with the ability to "mute" a friend, or stop being friends with someone, thus eliminating the notion of spam (because we all "elect" to receive messages or waves from the people we receive them from, due to the friend list).
All that to say, there is still a serious spam threat at the point of "first-contact", which is where somebody you've never heard of wants to send/receive waves with you. This is where the Hashcash idea, and Proof-of-Work (POW) in general, can be very powerful in preventing "friend request" spam.
That said, Google's own Ben Laurie has co-published a very provocative paper called "Proof of Work Proves not to Work" (http://oinvite.googlecode.com/files/ProofofWorkNoWork.pdf). In it, the authors make a very persuasive case that POW mechanisms are not feasible in a general messaging system (like email) because in order to be effective, they harm legitimate user's ability to send/receive messages.
However, a follow-up paper (by different authors) outlines how Proof-of-Work could actually work if the "postage" was variable -- i.e., the first time a particular sender is encountered, postage is high, and later, as the sender proves his "un-spammy-ness", postage for him goes down (very similar to the idea suggested below, except postage calculation is more automatic based on your "reputation"). See here for that paper: http://oinvite.googlecode.com/files/ProofofWorkCanWorks.pdf.
Oinvite defines a way for invitation requests (i.e., friend requests) to contain a hash-cash compatible (though extended) token indicating a certain amount of postage. I'm also working on a spec (an extension to OInvite code) that defines a way for individual user's to advertise the minimum "postage" required before they will even accept an OInvite from a user not on their friend list.
With these two pieces in place, the next step would be to setup some sort of economics system to make the OInvite Minimum Postage a variable number, based on the amount of spam a user is receiving. If a user sets his "postage" at 20 bits, and is receiving Invitation spam, then a computer could automatically increase that user's advertised postage until the spam stops (measured by how many messages get flagged as spam). In tandem, the computer could be updating that user's friends with increased advertised postage rates to help automatically reduce their spam, too.
All in all, the minimum postage required to get a "friend request" in front of my eyes should be controlled by me (the recipient).
Lastly, POW may not be the most effective mechanism to prevent "first-contact" spam. So, OInvite allows for a pluggable "verification mechanism", so the community can decide what the best mechanism is.
I'd appreciate any input and participation! The whole idea was released on Google Code about 3 days ago (ironic): http://oinvite.net (forwards to google code).
Thanks!
David
From: David Fuelling <sapp...@gmail.com>
Date: Fri, Jun 5, 2009 at 4:30 PM
Subject: Re: [Google Wave APIs] Re: spam
To: google-...@googlegroups.com
Very timely post.
I recently posted a very-draft-spec that formalizes something very close to your idea. It's called OInvite (http://oinvite.net), and it provides a protocol for sending and receiving spam-free, cross-domain "friend requests".
Basically, in a social-network-like system (like Wave), message spam is less of an issue because of the friend-list, which provides each user with the ability to "mute" a friend, or stop being friends with someone, thus eliminating the notion of spam (because we all "elect" to receive messages or waves from the people we receive them from, due to the friend list).
All that to say, there is still a serious spam threat at the point of "first-contact", which is where somebody you've never heard of wants to send/receive waves with you. This is where the Hashcash idea, and Proof-of-Work (POW) in general, can be very powerful in preventing "friend request" spam.
That said, Google's own Ben Laurie has co-published a very provocative paper called "Proof of Work Proves not to Work" (http://oinvite.googlecode.com/files/ProofofWorkNoWork.pdf). In it, the authors make a very persuasive case that POW mechanisms are not feasible in a general messaging system (like email) because in order to be effective, they harm legitimate user's ability to send/receive messages.
However, a follow-up paper (by different authors) outlines how Proof-of-Work could actually work if the "postage" was variable -- i.e., the first time a particular sender is encountered, postage is high, and later, as the sender proves his "un-spammy-ness", postage for him goes down (very similar to the idea suggested below, except postage calculation is more automatic based on your "reputation"). See here for that paper: http://oinvite.googlecode.com/files/ProofofWorkCanWorks.pdf.
Oinvite defines a way for invitation requests (i.e., friend requests) to contain a hash-cash compatible (though extended) token indicating a certain amount of postage. I'm also working on a spec (an extension to OInvite code) that defines a way for individual user's to advertise the minimum "postage" required before they will even accept an OInvite from a user not on their friend list.
With these two pieces in place, the next step would be to setup some sort of economics system to make the OInvite Minimum Postage a variable number, based on the amount of spam a user is receiving. If a user sets his "postage" at 20 bits, and is receiving Invitation spam, then a computer could automatically increase that user's advertised postage until the spam stops (measured by how many messages get flagged as spam). In tandem, the computer could be updating that user's friends with increased advertised postage rates to help automatically reduce their spam, too.
All in all, the minimum postage required to get a "friend request" in front of my eyes should be controlled by me (the recipient).
Lastly, POW may not be the most effective mechanism to prevent "first-contact" spam. So, OInvite allows for a pluggable "verification mechanism", so the community can decide what the best mechanism is.
I'd appreciate any input and participation! The whole idea was released on Google Code about 3 days ago (ironic): http://oinvite.net (forwards to google code).
Thanks!
David
On Fri, Jun 5, 2009 at 9:54 AM, dion <dren.dk@gmail.com> wrote:
You are absolutely correct that it's impossible to prevent every
single spam wave from hitting a victim, but the point of spam is that
it's easy and cheap to hit millions of victims, so even with a very
low conversion rate you can make a profit.
With wave you have to keep the originating server on-line and off
blacklists for the entire lifetime of the wave and it's very hard to
spoof someone, so I'd argue that spamming will be much less of a
problem to begin with, however it's entirely possible that someone
takes over a client machine via a trojan of some sort and starts
abusing that users account, so spamming could still happen.
The hijacking of a legitimate account is a real problem, but by nature
spam needs to be sent to a very large number of victims to have any
chance of turning a profit, so all that's needed to get around this
hole is to make it slightly more expensive for someone to send a wave
to someone if they have never communicated before.
I think the best solution would be to build a hashcash payment system
into the protocol and have the recipient charge the sender a fee of
say 100 ms or so of CPU time if the sender isn't already in the
recipients whitelist, that would mean that the spammer would need to
peg a CPU for an entire day to spam just 1 M people.
The best part is that all of this would be completely transparent and
unobtrusive to the user, except when they first wave someone and they
have to heat their CPU for a 0.1 second while it churns out a hashcash
payment in the background.
It should be up to the recipient how much postage to charge the
sender, that way the postage can be cranked up in sync with faster
CPUs from Intel and new releases of V8.
Please have a peek at http://www.hashcash.org/
Reply all
Reply to author
Forward
0 new messages