Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, and your groups private – among much else. Now we’re taking that one step further, by making your...
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry…like a phone number. The idea is to STOP bots from signing up to Signal.
If preventing Jimmy Bumfuck from spinning up a couple sock puppets is your fear, yeah, PoW systems don’t help. But those are rarely the problem.
For a phishing scam or astroturf operation to be worth it, you need tens of thousands of accounts all running the same script. Those get filtered hard by PoW systems.
Phone validation works just as well, and stops Jimmy Bumfuck from making sock accounts. But now every user must be stapled to a phone number. Maybe that’s a worthwhile trade to you, but it sure doesn’t seem to be to everyone replying to you.
It’s ALSO possible to generate virtual phone numbers for a small cost.
Using a cryptographic PoW is a different small cost.
Either way, it only takes a small cost to prevent mass bot registration.
You’re treating processing power and time as if it is 100% free just because it can be done in a VM. But it doesn’t matter if it is a VM. It is still going to require at least some certain threshold of processor time, and that processor time has a real cost. For the kind of place that can just spin up thousands of VMs and use it to do massive bot registration… they could just be mining bitcoins instead.
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
PoW…Prisoner of war?
That will also keep away bots.
You can only sign up if you’ve taken at least one Prisoner of War. Bots can’t take prisoners of war for obvious reasons.
Kinda like how Aztec boys came into age in their society.
Proof of work. Example, bitcoin
How does this prove anything if using an emulator to bulk register bot accounts?
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
deleted by creator
And how can a VM or emulator NOT do this?
Anything that can compute can do it. The important part is that it has an associated non-insignificant cost.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry…like a phone number. The idea is to STOP bots from signing up to Signal.
Are you missing the point maybe?
It stops bot FARMS from being feasible.
If preventing Jimmy Bumfuck from spinning up a couple sock puppets is your fear, yeah, PoW systems don’t help. But those are rarely the problem.
For a phishing scam or astroturf operation to be worth it, you need tens of thousands of accounts all running the same script. Those get filtered hard by PoW systems.
Phone validation works just as well, and stops Jimmy Bumfuck from making sock accounts. But now every user must be stapled to a phone number. Maybe that’s a worthwhile trade to you, but it sure doesn’t seem to be to everyone replying to you.
It makes bots more expensive to create, therefore fewer will be created.
Nah bro, you are.
It’s ALSO possible to generate virtual phone numbers for a small cost.
Using a cryptographic PoW is a different small cost.
Either way, it only takes a small cost to prevent mass bot registration.
You’re treating processing power and time as if it is 100% free just because it can be done in a VM. But it doesn’t matter if it is a VM. It is still going to require at least some certain threshold of processor time, and that processor time has a real cost. For the kind of place that can just spin up thousands of VMs and use it to do massive bot registration… they could just be mining bitcoins instead.
By that standard, whats to stop people from just getting more phone numbers? Its just an additional cost.