[hashcash] Re: PR Problem?

I'm probably one of the most enthusiastic supporters of proof of work


Just in case my "enthusiasm" comment was misunderstood: I was
wondering about the lack of enthusiasm from the rest of the industry.
I certainly didn't mean to criticise the authors of HashCash and
Camram -- you guys have done good work!  :-)


Proof of work systems are not simple.  Applying them even less so.


I'm not convinced that even a naive sender pays wouldn't be helpful.
Let's say I use a cheap stamp that takes an average of 1 second to
generate on a mid-level PC.  This shouldn't be too onerous on most
hardware, with the possible exception of PDAs.

If the average zombie is putting out more than 1 spam per second, then
adding a stamp makes the spam output go down.  If a spammer has to
invest in a few more quad-core servers to make stamps, then costs go
up.  Maybe the spammers aren't out of business yet, but at least they
are making less profit, and putting out less spam.  All the criticisms
I've read treat the problem as an all-or-nothing affair: if HashCash
can't guarantee that all spammers go out of business, then it's not
worth implementing.

But this is a foolish way to think about it.  Naive proof-of-work is
dead simple to implement.
Compared to other proposals, the cost of implementation is almost
zero.  So there doesn't have to be a lot of benefit before the
cost/benefit analysis makes sense.

Moreover, proof-of-work integrates well with existing spam filters.
Stamped mail shouldn't be allowed to bypass the filter altogether,
because then you really -do- need to put the spammers completely out
of business in order to make things work; I don't want my inbox
flooded with zombie-stamped spam.  Instead, just treat the stamp as
another piece of data that's input into the learning algorithm.  The
filter will learn how much postage spammers are willing to pay, and
filter mail accordingly.

My guess is that at least at least 50% of all e-mail would have to
start using stamps before the spammers even bothered to calculate
their own.  The target market for spam is gullible and
non-technically-minded people, not careful e-mail users with
sophisticated anti-spam technology.  That means that HashCash users
could start seeing significant benefit for several years before the
spammers caught up.

Once proof-of-work systems start to see serious adoption, and spammers
respond with zombies, then we can start the move to more sophisticated
hybrid systems.  It's good to know that bright people are thinking
about such systems, and have possible designs in mind, but I don't
think we need "The Solution(TM)" to start an initial rollout.

I do agree that hybrid proof-of-work systems are the best way to
eliminate spam in the long term, simply because they have the most
potential for tweaking and improvement.
However, a hybrid proof-of-work system is a wonderful example of a
Complex Adaptive System.  Detailed analysis and modeling of such
systems is enormously difficult, especially if humans (spammers +
users) are part of the loop.  It will be much easier to improve the
system if there is actual data from HashCash users on the 'net to
analyze.


If you add on top of that the idea that a DNS record...


But this requires a change to the DNS service, which means much higher
cost of deployment.  It's a great idea, once there is a large enough
user base to make it worthwhile.


If you are skilled in making a Thunderbird plug-in, then by all means,
build a stamp generator and output in a filter that detects outgoing
stamps and not generate any additional stamps.


If I was familiar with the Thunderbird code base, I could probably
write a plug-in in a couple days.  Unfortunately, I'm not -- which
means I could easily spend a couple months deciphering APIs.  I'll
take a brief look and see how hard the problem is.


so I think the real answer to your question is, we're exhausted.  We
don't have enough people doing real work to make demonstrably functional
code in this area.  I've done the best I can and I'm not going to make
any apologies for it.


I certainly wasn't asking for an apology!  I have nothing but respect
for anybody who devotes time and energy to solving a real problem.  I
reserve my contempt for naysayers who spend 5 minutes thinking up an
objection, and then stand in the way of progress because they think
that they know more than the actual researchers.  :-)  It seems to be
a popular occupation... :-(

 -DeLesley

Other related posts: