Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

[CHALLENGE] Useful challenge [DistBB]

Name: the distbb guy 2013-11-10 19:29

Hi. I have not forgotten about you. I have, however, been drowning in work (and I still am).

I've realized that the design of DistBB allows an attacker with low to moderate resources to track down the exact node that posts something, simply by polling every node at short intervals and seeing where the node appears first. If nodes are hidden services (Tor or I2P or otherwise), the attacker doesn't immediately find out the poster's identity, but can accumulate a large number of posts coming from their node and figure out your identity from that. Unless, of course, the poster slips up at any point. This is a definite privacy leak.

So far every solution for true anonymous posting I've come up with involves either reimplementing a whole web-of-trust scheme (and using that as a remailer system), a proof-of-work system, or a CAPTCHA. The obvious constraint is preventing spammers from posting far faster than moderators can keep up with.

Web-of-trust sounds, and is, fairly complicated. It would definitely stray away from the goal of simplicity of the project.

Proof-of-work may work out to be sufficiently simple. The main problem is then that users with low resources will be penalized. The system may also not be entirely effective against spammers with large amounts of resources.

Finally, offering both textual and visual CAPTCHAs should be a viable solution, at the cost of some simplicity.

My proposal is as follows: Keep the anonymous posting part separate from ``the'' DistBB protocol, and specify a separate anonymous posting protocol with proof-of-work and CAPTCHA methods.

If you have better ideas I want to hear them.

Otherwise, the actual challenge is in designing a simple yet effective textual (and maybe visual) CAPTCHA system.

Name: Anonymous 2013-11-11 16:49

>>14
all of your posts become tied with that pseudonym
Why exactly? You could use that pseudonym only to authorize access to the network without tying it to every post.

The idea I had for a normal human-moderated centralized BBS was

* The user wants to enter the BBS. He is given a easy problem such as a function that returns
- the sum of the divisors of x
- the xth ``squared'' Fibonacci number (Fn = Fn-12 + Fn-22)
- the gcd of two numbers
The problems are generated randomly.

* The human moderator (or an automatic judge) evaluates the program made by the user

* If the user passes the test, he's given a ``login key''
Welcome to progrider[i]![/i]
Your key: [asdf12345_______] (Login)


* The user logs in and proceeds to shitpost about Javashit in /prog/.

* If the user does something terrible, his key is banned.

This would be the POW system that would double as a non-programmer filter. I'd hope it keeps the spammers out. And you don't have to tie the key to the user's posts, just check if the key is in a file and let the user in.

I know this sounds like a 14yo trying to recruit users for his epic secret forum, but I hope you can at least point out the flaws of my infantile design if nothing in it contributes to the DistBB POW system.

Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List