[CHALLENGE] Useful challenge [DistBB]

Hi. I have not forgotten about you. I have, however, been drowning in work (and I still am).

I've realized that the design of DistBB allows an attacker with low to moderate resources to track down the exact node that posts something, simply by polling every node at short intervals and seeing where the node appears first. If nodes are hidden services (Tor or I2P or otherwise), the attacker doesn't immediately find out the poster's identity, but can accumulate a large number of posts coming from their node and figure out your identity from that. Unless, of course, the poster slips up at any point. This is a definite privacy leak.

So far every solution for true anonymous posting I've come up with involves either reimplementing a whole web-of-trust scheme (and using that as a remailer system), a proof-of-work system, or a CAPTCHA. The obvious constraint is preventing spammers from posting far faster than moderators can keep up with.

Web-of-trust sounds, and is, fairly complicated. It would definitely stray away from the goal of simplicity of the project.

Proof-of-work may work out to be sufficiently simple. The main problem is then that users with low resources will be penalized. The system may also not be entirely effective against spammers with large amounts of resources.

Finally, offering both textual and visual CAPTCHAs should be a viable solution, at the cost of some simplicity.

My proposal is as follows: Keep the anonymous posting part separate from ``the'' DistBB protocol, and specify a separate anonymous posting protocol with proof-of-work and CAPTCHA methods.

If you have better ideas I want to hear them.

Otherwise, the actual challenge is in designing a simple yet effective textual (and maybe visual) CAPTCHA system.

No user could be differentiated from spammers, so spammers could not be prevented from posting.

That's the point of the karma/voting system, to downvote spam, never mind the user, since we want an anonymous network before all else.

but they can always post more and at an automated pace.

We we have a filter bot, to determine what is junk or not. Plus, the bot will not remove, but flag, so that the user discerns if the posts should be ignored. The point being is that everyone can post, at the convenience of anti-censorship, even if the message is ciphered to someone else. Think of anonymous remailers.

the spammer can create new identities to keep the spam flowing.

Thanks for adopting/considering my idea. In that system where you create usernames and passwords just for session validation and posting, use a captcha to defend the creation of usernames for the sake of spamming. But again, our aim is to let anyone post, regardless of content(even if the post looks like spam). The system should just allowing anyone to post, and have a section for tagging posts, kinda like folksonomy, so that multiple categories can be created for the user to filter through, even if it means creating another thread/database. IoW, the users decides to filter something or not, post are accepted regardless of content, everything under perfect forward secrecy, and satinized every X time (community or admin decides). In GNUnet we are doing it every 12 hours. It's up to the users to repost/keep-alive. If you need a reference:
https://gnunet.org/internetistschuld
https://gnunet.org/sites/default/files/grothoff_slides_berlin.pdf

The distributed-ness would prevent tyranical bans.

Exactly the point; which is why pseudonyms sessions for filtering posts essentially disrupts the ability of anyone to post, destroying anonymity. with randomized delays (both user posting and datastore publishing)

I think a distributed net of client/servers, where each is free to maintain their own white list of other pseudonyms would be effective.

I concur. A tagging or karma system helps distributing a list of categories, even if it is marked "spam".

Spam proof and anonymous might not really be possible from a design.

Everyone here would agree being anonymous at the cost of spam is a better cost than removing spam at the sake of identify-ability. With a tagging or voting list for each post, users can delegate their our rules of filtering content. Folksonomy is a great way allow the community to decide what they like about the post, even if it is "spam" or "2hu".

Using common-lithpth

Good to see you have evolved your toolset. I like reading your threads. You finished your bachelors now, right?