[hashcash] Re: zombie calculator, messaging without SMTP using identity brokers (Re: response to "proof of work proves not to work"?)
- From: "Eric S. Johansson" <esj@xxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Tue, 18 Jul 2006 05:33:12 -0400
Simon Bohlin wrote:
Hi all!
While figuring out how Eric's calculator works, I organized it as a
story (see attached file). I'm sharing this "2.1"-version hoping to shed
some more light on how the calculations are done. It seems to me that
the calculations are sound.
thank you very much. You are such a nice person for doing that. you
know, it never donned on me to stick the calculations in a narrative.
It works really well. I think I'm going to take this and use it as the
basis for a rewrite of the zombie calculation page on the camram site.
Thank you so very very much.
Abound my remark (1.) in the calculator: spammers do more or less know
which spams get through, if nothing else they can gather intelligence on
which spams were stopped, or harvest for DNS-records that tell stamping
is privileged. (So the proposed DNS-entry would have best effect if
spammers would get the wrong idea and stamp for more destinations than
ISPs need. In the end some kind of trust-structure seems more practical
than DNS-entries).
either that or we put up honeypot sites and use the presence of a stamp
to detect and create a blacklist by aggregating all the early stamp
sources. :-)
I agree however that some form of advertisement would be a problem in
that spammers would be able to easily target the early population and
thereby discredit the use of stamps. I was thinking out loud about this
DNS tag because it's a good way for a site to advertise its baseline
stamp requirement. also by having an advertisement, it lets you build a
system that doesn't generate stamps until you know somebody needs
stamps. The reason for this philosophy was to try and make proof of
work stamp system more acceptable to ISPs. But now I'm beginning to
think the captive zombie model is the best way of solving the problem.
Users just won't understand why the e-mail wasn't sent because they shut
the machine off too early. I think this also means it is a need for a
"good person" accounting so they could accrue some benefit for
generating stamps for idiots... I mean technically challenged users.[1]
I also think this is where having some form of "this is spam" button and
blacklist aggregation model would be a good idea. the spam
identification button is critical because if the message is passed
through and the user determines that it is clearly spam, then you can't
ask for better signal for identifying a source of spam.
also, this makes me reconsider having stamps act as a filter bypass
mechanism but instead use them as a score modifier. This reduces their
value as a false positive eliminator but it does have a seriously
negative affect on spammer profitability. Not only do you have to spend
work on your messages, but even those that you put the work into have a
harder time getting through. on the plus side, we can get away with
smaller stamps and hopefully increase adoption
Maybe our own version of trust (i.e. repeated exposure without
declaration of spam) could come in to play. As we find sites are black
lists, we forward them on to the people we directly communicate with as
inoculation messages. Our inoculation messages can be passed on to the
next layer of who one knows with a friend of a friend tag. And two
friend of a friend tags may be considered good enough to use that
information.
Yes, this would mean quite a bit of traffic but it would be
decentralized flooding of blacklist information. Just thinking out
loud. If there are easier, more obvious solutions to the aggregation
and trust problem, I'd love to know about it.
On the trust topic, I recommend looking into messaging between
"identities", with trust brokers instead of mail servers (i.e. no SMTP).
Competing proposals are LID http://lid.netmesh.org/ , Yadis and several
others. In the LID ranks, they are not sure if the single-sign API
(which saves you some work when filling in /inventing :-) new identities
to register with a web service) or the tracable messaging is the most
important feature. I just got the pdf on the LID messaging mechanism and
didn't read it yet, but probably they are doing crypto-signed messages
with crypto certificates issued and verified through the brokers. The
novelties are: no untraceable emails, but anonymity is ok if your broker
allows it. You can see just how anonymous it is by exploring my identity
at http: slash slash mylid.net slash sesam -- to prevent future mail
list harvesters to connect my email with my LID url I write out the
slashes as words.
I think Verisigns free personal certificates were used to sign your
email with a real name, presumably to make sure nobody would impersonate
you. The identity broker idea extends this and allows anonymity and many
more things (for more hype, search for Identity 2.0). What more, they
open the floodgates for paid-for credibility, i.e. paying customers
might get a higher trust-value than those subscribing with a free
broker. The _only_ difference to current SMTP is the _traceability_ of
all messages.
the problem here is similar to that of money stamps. Anytime you have
any "currency" that requires a broker, you have a system that can be
overwhelmed or corrupted. Centralized authority means you need to have
an evidentiary process for proving someone is a spammer, the judicial
process to evaluate the evidence and make a decision whether or not they
are spammer, and you need and authority to enforce the devaluing of a
currency or currency source. You also have issues of fundability end
reach of an authority.
Each one of the stages are corruptible. Some very poor countries may be
tempted to sell their ID issuers to an external source for management.
if ID issuers can be private rather than publicly managed authorities,
then nothing will stop spammers from owning their own ID issuer, selling
a bunch to the real public and then slipping in their own spammer IDs.
And also consider what could happen if a government wanted to silence
dissenters inside or outside of the country. Either they could tie up
the IDs in court or just get them revoked without question depending on
the process.
so this is why we like stamps. Nondiscriminatory, decentralized, and
annoyingly flexible.
---eric
[1] do we have anyone in the audience who works for an ISP or a hosting
facility? It would be interesting to build an anti-spam e-mail service
where people become users of stamps and participate in the good zombie
culture. We also need someone to generate the zombie engine and user
interface for authentication of requesters for stamps.
Other related posts: