ZeroNet icon indicating copy to clipboard operation
ZeroNet copied to clipboard
verified publisher icon HelloZeroNet

Antibot/antispam system to help prevent spam and allow community moderated sites

Open slrslr opened this issue 7 years ago • 2 comments

Step 1: Please describe your environment

  • ZeroNet version: 0.6.2

Step 2: Describe the problem:

Zeronet may be missing some system which will prevent bots or malicious users to create many identities and use them to either SPAM or manipulate certain functions like voting system. Voting system can be used to allow users to moderate zites content (example vote to move some content to different category, vote to rank some content better or worse, vote to move some content into recycle bin or hide for moderation by reputable users). I think community driven sites is the future, not to rely on a single point of failure (a zite admin). But there is needed the system that will prevent abuse of the voting system by the bots and it will also prevent bulk spam.

Step 2: Ideas on the antibot/antispam/anti-voting-abuse system:

  1. ID authority like zeroid will require new user to solve antibot challenge (i would not be against temporarily using https://hcaptcha.com it is reasonable privacy), sort some elements)
  2. Generating some identity key based on device hardware or software and allow developers to rate-limit one device regarding number of actions it can do on site (number of votes, number of topics created)
  3. calculating user karma/reputation score based on account age, posting frequency, number of deleted posts by moderator, number of downvotes issued by reputable members
  4. Work with user's IP and /26 or /24 subnet maybe transformed into some hash/key for privacy will be rate-limited on how many posts/votes it can do no matter number of IDs used - btw. another P2P tool is having SPAM problem too, developer says that devoted SPAMmer can build custom version of the app for spamming, but how to prevent this?

slrslr avatar Mar 01 '18 22:03 slrslr

#1258

krixano avatar Mar 01 '18 22:03 krixano

i think antibot is not possible, and it can get very subjective, we can start a whole new thread argue if bot's have a right to post

ID authority like zeroid will require new user to solve antibot challenge (select images that are car, solve a puzzle :), sort some elements)

Can still be botted, there's even bots for google rechapta

Generating some identity key based on device hardware or software and allow developers to rate-limit one device regarding number of actions it can do on site (number of votes, number of topics created)

Calls concerns of privacy, and anyone could fake it with a modded zeronet/zeronet plugin which renders it pointless

calculating user karma/score based on account age, posting frequency, number of deleted posts by moderator

scores can be botted/faked

Work with user's IP and /26 or /24 subnet maybe transformed into some hash/key for privacy will be rate-limited on how many posts/votes it can do no matter number of IDs used

same thing, also to add to the fact that most nodes are relaying the info, and the broadcast node can intentionally mask/edit it

i still think something like POW https://github.com/HelloZeroNet/ZeroNet/issues/1258 is better or even POW to post if things gone in lockdown mode

I even have a WOT based concept system that encourages/immune to bots, if you cant fight them just ignore them(value their votes as 0/weightless) see it on Zeronet - Unlimit Talk it's done by simply assuming everyone to be a bot/troll/malicious actor unless user input tell them otherwise

Thunder33345 avatar Jun 27 '18 08:06 Thunder33345