Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, and your groups private – among much else. Now we’re taking that one step further, by making your...
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry…like a phone number. The idea is to STOP bots from signing up to Signal.
If preventing Jimmy Bumfuck from spinning up a couple sock puppets is your fear, yeah, PoW systems don’t help. But those are rarely the problem.
For a phishing scam or astroturf operation to be worth it, you need tens of thousands of accounts all running the same script. Those get filtered hard by PoW systems.
Phone validation works just as well, and stops Jimmy Bumfuck from making sock accounts. But now every user must be stapled to a phone number. Maybe that’s a worthwhile trade to you, but it sure doesn’t seem to be to everyone replying to you.
It’s ALSO possible to generate virtual phone numbers for a small cost.
Using a cryptographic PoW is a different small cost.
Either way, it only takes a small cost to prevent mass bot registration.
You’re treating processing power and time as if it is 100% free just because it can be done in a VM. But it doesn’t matter if it is a VM. It is still going to require at least some certain threshold of processor time, and that processor time has a real cost. For the kind of place that can just spin up thousands of VMs and use it to do massive bot registration… they could just be mining bitcoins instead.
It’s not just whether you can do this. It’s how much value it has vs what ELSE you could be doing with the time and energy. A Signal account is already worth vanishingly little as a spam tool, they just need to give it enough of a cost to make it not worthwhile.
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it’s great for accessibility (normal captchas are terrible for it)
Because it’s not. I can spin any number of emulators or VMs that do any amount of work with a simple script, but that’s all it does. How does it prove I’m anything but a scripted, virtual instance of a person with a device?
There’s a reason why Telegram is flooded with bots, Signal as of now has not been.
Proof of work. Example, bitcoin
How does this prove anything if using an emulator to bulk register bot accounts? Also, Signal Desktop is a thing.
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
And how can a VM or emulator NOT do this?
Anything that can compute can do it. The important part is that it has an associated non-insignificant cost.
Exactly! ANYTHING THAT CAN COMPUTE CAN DO IT. Few things have a uniquely identifying piece of information with other levels that are barriers to entry…like a phone number. The idea is to STOP bots from signing up to Signal.
Are you missing the point maybe?
It stops bot FARMS from being feasible.
If preventing Jimmy Bumfuck from spinning up a couple sock puppets is your fear, yeah, PoW systems don’t help. But those are rarely the problem.
For a phishing scam or astroturf operation to be worth it, you need tens of thousands of accounts all running the same script. Those get filtered hard by PoW systems.
Phone validation works just as well, and stops Jimmy Bumfuck from making sock accounts. But now every user must be stapled to a phone number. Maybe that’s a worthwhile trade to you, but it sure doesn’t seem to be to everyone replying to you.
It makes bots more expensive to create, therefore fewer will be created.
It doesn’t stop anyone though. Expensive is relative when you convince a Grandma to give you her $1000 check for a $5 phone number.
By that standard, whats to stop people from just getting more phone numbers? Its just an additional cost.
Are you unfamiliar with the market? I can buy 100 numbers right now, but they will be hit or miss from landline known numbers.
Nah bro, you are.
It’s ALSO possible to generate virtual phone numbers for a small cost.
Using a cryptographic PoW is a different small cost.
Either way, it only takes a small cost to prevent mass bot registration.
You’re treating processing power and time as if it is 100% free just because it can be done in a VM. But it doesn’t matter if it is a VM. It is still going to require at least some certain threshold of processor time, and that processor time has a real cost. For the kind of place that can just spin up thousands of VMs and use it to do massive bot registration… they could just be mining bitcoins instead.
It’s not just whether you can do this. It’s how much value it has vs what ELSE you could be doing with the time and energy. A Signal account is already worth vanishingly little as a spam tool, they just need to give it enough of a cost to make it not worthwhile.
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it’s great for accessibility (normal captchas are terrible for it)
[0] I know, it’s not technically a captcha.
I know what it is. It is not a barrier to entry though.
He explained why it is, so can you elaborate on why it’s not?
Because it’s not. I can spin any number of emulators or VMs that do any amount of work with a simple script, but that’s all it does. How does it prove I’m anything but a scripted, virtual instance of a person with a device?
There’s a reason why Telegram is flooded with bots, Signal as of now has not been.
Bots can buy phone numbers, hell, they can solve most captchas better than humans.
Telegram requires a phone number, so it clearly isn’t working.
Sure, if you had unlimited gpus with unlimited electricity then it wouldn’t keep you from spinning up unlimited bots
Bruh. No GPU needed. I build multiplatform apps daily on GitHub Actions. Dafuq you talking about?
how do you produce unique hashes with the correctly sized nonce?
It’s a time and resource gate, not a way to prove that you’re a human.
Also doesn’t Telegram require a phone number too?
You’re in the wrong thread.
I’m really not. Did you want to try making a coherent point again? Or are you all tapped out?
Dafuq are you talking about ? Telegram does need phone numbers for sign up
Check that
Oh, neat. I was unfamiliar with PoW. Thanks!
Accessibility is very important to me as a blind user, and this helps tremendously.
Anything you use to autotranscribe images or are image uploads without alt text a nightmare?
Images w/o alt text suck
Ah bummer… I’ll do better!
Pow does not limit spam in bitcoin. Fees do. Pow is used as a decentralized election mecanism to distribute the block production.