1996-12-31 - Re: Hardening lists against spam attacks

Header Data

From: Hal Finney <hal@rain.org>
To: markm@voicenet.com
Message Hash: ae5d5b21b04e1fb941659d27a02191327847fb5af8db010e0e70d9f933ae9219
Message ID: <199612312032.MAA04214@crypt.hfinney.com>
Reply To: N/A
UTC Datetime: 1996-12-31 20:34:27 UTC
Raw Date: Tue, 31 Dec 1996 12:34:27 -0800 (PST)

Raw message

From: Hal Finney <hal@rain.org>
Date: Tue, 31 Dec 1996 12:34:27 -0800 (PST)
To: markm@voicenet.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <199612312032.MAA04214@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain

From: "Mark M." <markm@voicenet.com>
> On Tue, 31 Dec 1996, Igor Chudov @ home wrote:
> > Send a number of unique tokens to each subscriber each day.
> [...]
> > If tokens are used improperly (to post off-topic materials) the 
> > offending subscriber is denied any further tokens.
> > 
> > The problem of this scheme is (besides its cost) that anonymous users
> > will not be truly anonymous.
> I think this problem can be solved by blind signing the tokens.  A user
> generates a random number, multiplies it by the blinding factor, then sending
> it to a token server which would append a timestamp and sign the blinded
> token.  All signature requests should be signed with a PGP key.  The server
> response would be encrypted with the user's public key.  A person's PGP key
> would be sent along with the subscription request and then saved by the list
> software.

This is an interesting idea, however it will be possible for someone with
a respectable public persona to continue getting tokens indefinately for
posting abusive anonymous messages.  There is no way to link the anonymous
tokens with the ones which were issued to good subscribers.

An alternative is to give each subscriber only a small, fixed number of
blinded tokens which he will use for the lifetime of his subscription
to the list.  When someone posts anonymously, they use up one of their
tokens.  Then, if the message was not abusive, a new blinded token is
created, encrypted with the public key of the good-guy anonymous poster,
and broadcast to subscribers.  This way good anonymous posters will get
to keep posting, while abusive ones will shortly run out of anonymous
posting tokens.

The big problem with schemes like this is the difficulty of defining
"good" posts in an acceptable way.  Some list members are hard-line
freedom-of-speechers and don't want to see any limitations on list
postings.  Others would probably classify 80% of the messages on the list
at times as grounds for termination of posting privileges.  Everyone will
have their own thresholds.

There is also the administrative problem of who will judge the posts.
This could take a large commitment of time.  I'm sure many of us
have gotten behind in our list reading from time to time and it can be
intimidating to return from a trip to find hundreds of messages waiting.
Imagine how it would be if you were supposed to be reading them and
looking for bad messages.

We might also want to consider the paradoxical possibility that if we
remove the junk, the list will die!  At least now we are constantly
reminded that the cypherpunks list exists.  Other lists like the
cryptography and coderpunks can sometimes go for quite a while without
any posts at all.  On CP you have the sense of a dynamic community where
you can hope for a response to your posts, more so than on a list which
is silent for days at a time.