Require proof of work to post to curb spam

[EmilJacobs]

Pitch

Let users complete proof of work in order to post to make massively spamming a costly activity.

Motivation

mCaptcha, an open source no-captcha system, requires users to submit proof in order to complete the captcha. From the user point of view this is fully automated, it just costs a little computing time. However, if you post many posts in rapid succession, this computing time adds up to become crippling for the poster (spambot). This could even be done exponentially harder the more posts you do within a set amount of time.

I believe this was in fact the original purpose of 'proof of work' back in the 1990s. It only makes sense for a social network with the open and decentralised characteristics of Mastodon.

[limdingwen]

Sounds like HashCash:

Hashcash is a proof-of-work system used to limit email spam and denial-of-service attacks. Hashcash was proposed in 1997 by Adam Back[1] and described more formally in Back's 2002 paper "Hashcash - A Denial of Service Counter-Measure".[2] In Hashcash the client has to concatenate a random number with a string several times and hash this new string. It then has to do so over and over until a hash beginning with a certain amount of zeros is found.[3]

[exentio]

If I reply to this the way I want to I will get banned

[EmilJacobs]

Thanks @limdingwen, that is what I was thinking about!

As for the vagueposting by @exentio and the thumb downs by several people: this isn't very helpful. Why would this be a bad idea in your view? The proof-of-work done by a user's computer would be neglible if you aren't an actual spammer and it would be completely transparent from a user point of view.

The only potential downside I see thus far is with tools like Publer.io that allow for posting threads, which indeed require several posts in rapid succession. Then again, this is a handful of posts, not hundreds or more.

[limdingwen]

I'm sorry to see that others are turning this discussion unfriendly, Emil. In general, PoW as a word seems to be tainted in the Mastodon space due its associations with cryptocurrency. It is unfortunate, given that such solutions predate the use of cryptocurrency and were created to combat email spammers. In fact, CloudFlare uses PoW as well to combat bots:

For Turnstile, the actual act of checking a box isn’t important, it’s the background data we’re analyzing while the box is checked that matters. We find and stop bots by running a series of in-browser tests, checking browser characteristics, native browser APIs, and asking the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser. The current deployment of Turnstile checks billions of visitors every day, and we are able to identify browser abnormalities that bots exhibit while attempting to pass those tests.

Tutanota uses it as well when you register an account, and IIRC Tor is trying to do it as well to combat DDoS.

I believe it's unlikely this will be popular with the people who use Mastodon. Your best course of action might be to appeal to the core developers, or other Fediverse projects, though unfortunately such a plan would require both projects to implement it.

Because of this I believe it might be more plausible to implement automated spam detection like SpamAssassin, where only the receiver needs to implement it, due to it being unlikely that all Fediverse projects will implement PoW for anti-spamming. It is unfortunate, given how elegant this solution is in slowing down spammers, but I think that is the more practical way to go.