Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, and your groups private – among much else. Now we’re taking that one step further, by making your...
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry…like a phone number. The idea is to STOP bots from signing up to Signal.
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it’s great for accessibility (normal captchas are terrible for it)
Because it’s not. I can spin any number of emulators or VMs that do any amount of work with a simple script, but that’s all it does. How does it prove I’m anything but a scripted, virtual instance of a person with a device?
There’s a reason why Telegram is flooded with bots, Signal as of now has not been.
Requiring a number is a good way to limit bots.
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
PoW…Prisoner of war?
That will also keep away bots.
You can only sign up if you’ve taken at least one Prisoner of War. Bots can’t take prisoners of war for obvious reasons.
Kinda like how Aztec boys came into age in their society.
Proof of work. Example, bitcoin
How does this prove anything if using an emulator to bulk register bot accounts? Also, Signal Desktop is a thing.
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
And how can a VM or emulator NOT do this?
Anything that can compute can do it. The important part is that it has an associated non-insignificant cost.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry…like a phone number. The idea is to STOP bots from signing up to Signal.
Are you missing the point maybe?
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it’s great for accessibility (normal captchas are terrible for it)
[0] I know, it’s not technically a captcha.
Oh, neat. I was unfamiliar with PoW. Thanks!
Pow does not limit spam in bitcoin. Fees do. Pow is used as a decentralized election mecanism to distribute the block production.
Accessibility is very important to me as a blind user, and this helps tremendously.
Anything you use to autotranscribe images or are image uploads without alt text a nightmare?
Images w/o alt text suck
I know what it is. It is not a barrier to entry though.
He explained why it is, so can you elaborate on why it’s not?
Because it’s not. I can spin any number of emulators or VMs that do any amount of work with a simple script, but that’s all it does. How does it prove I’m anything but a scripted, virtual instance of a person with a device?
There’s a reason why Telegram is flooded with bots, Signal as of now has not been.